Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
BOCCHI
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
Mr.Rabbit
November 17, 2024
51
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
BOCCHI
BOCCHIは、チャットボットを活用し、スマホのフリック操作で簡単に操作可能。LINE感覚で命令を入力するだけで、ペネトレーションテストを実行できます。
Mr.Rabbit
November 17, 2024
More Decks by Mr.Rabbit
See All by Mr.Rabbit
Azazel Series
01rabbit
0
95
Azazel System for Emergency Shelters
01rabbit
0
190
KaliPAKU
01rabbit
0
34
Babbly
01rabbit
0
97
P.A.K.U.R.I SECCON2019 Akihabara YOROZU
01rabbit
1
130
P.A.K.U.R.I AVTOKYO HIVE
01rabbit
0
110
The Empire Strikes Back ~MR.RABBIT 帝国の逆襲~
01rabbit
0
260
地雷探しに脆弱性を使うのは間違っているだろうか Hack a Minesweeper
01rabbit
0
220
あの日学んだ攻撃の方法を僕達はまだ知らない。
01rabbit
0
200
Featured
See All Featured
Building Experiences: Design Systems, User Experience, and Full Site Editing
marktimemedia
0
550
Neural Spatial Audio Processing for Sound Field Analysis and Control
skoyamalab
0
370
Become a Pro
speakerdeck
PRO
31
6k
Improving Core Web Vitals using Speculation Rules API
sergeychernyshev
21
1.5k
Tell your own story through comics
letsgokoyo
1
990
The Director’s Chair: Orchestrating AI for Truly Effective Learning
tmiket
1
210
Organizational Design Perspectives: An Ontology of Organizational Design Elements
kimpetersen
PRO
1
760
HDC tutorial
michielstock
2
740
WENDY [Excerpt]
tessaabrams
11
38k
Navigating Algorithm Shifts & AI Overviews - #SMXNext
aleyda
1
1.4k
Test your architecture with Archunit
thirion
1
2.3k
The Art of Programming - Codeland 2020
erikaheidi
57
14k
Transcript
݄ 4&$$0/ 0QFO$POGFSFODF
Agenda What’s BOCCHIʁ Background Overview Feature Extra Summary
What’s BOCCHI?
What’s BOCCHI? Bot Operating Chat Communication Hacking Interface
What’s BOCCHI? ͜ͷπʔϧɺνϟοτπʔϧʢMattermostʣΛ ׆༻ͨ͠νϟοτܕϖωτϨʔγϣϯςετπʔ ϧͰ͋ΔɻϢʔβʔϘοτͱձ͢Δʢ໋ྩ ͢ΔʣࣄͰɺϖωτϨʔγϣϯςετʹ͓͚Δ ఁ׆ಈɺ੬ऑੑஅɺ؆୯ͳೝূࢼߦ߈ܸ Λ͢Δࣄ͕Ͱ͖·͢ɻ
Background
Background ࡢͷOpen conferenceͰɺKaliPAKUͱ͍ ͏ॳ৺ऀ͚ϖωτϨʔγϣϯςετ πʔϧΛൃද͠·ͨ͠ɻ ͦͷπʔϧΛ࣮ࡍʹϖωτϨʔγϣϯς ετΛֶͼ࢝ΊֶͨੜʹΘͤͯΈͯ ϑΟʔυόοΫΛΒ͍·ͨ͠ɻ
Background ϑΟʔυόοΫͷதʹʮ͍͍͢ʯʮͥͻ৬ Ͱීٴ͍ͨ͠ʯͳͲྑ͍ҙݟ͋Γ·͕ͨ͠ɺҎԼ ͷΑ͏ͳҙݟҰఆ͋Γ·ͨ͠ɻ ʮͲͷίϚϯυΛ͑ྑ͍ͷ͔Θ͔Βͳ͍ʯ ʮॳ৺ऀ͔ͩΒɺԿΛͨ͠Βྑ͍͔Θ͔Βͳ͍ʯ ʮӳޠͰॻ͔Ε͍ͯΔͱ͍ʹ͍͘ʯ ʮCUIΑΓGUIͷํ͕͍͍͢ʯ
Background ͷચ͍ग़͠ 1. ίϚϯυ͕ͨ͘͞Μ͑ΔˠબͿͷʹࠔΔ 2. ӳޠ͔Βຊޠ 3. ૢ࡞ੑͷٻˠςϯΩʔΛ͑Δૢ࡞ੑ 4. ಋೖ͕༰қͳΠϯλʔϑΣʔε
Background KaliPAKUͰɺϖωτϨʔγϣϯςε τͰࠔΒͳ͍༷ʹKali tools Top10Ͱڍ ͛ΒΕ͍ͯΔπʔϧΛ͑Δ༷ʹͨ͠ ͕ɺॳ৺ऀͱͯ͠ʮԿΛ͢Δʯʹ ʮͲͷπʔϧΛ͏ʯͱ͍͏ͰΜ Ͱ͠·͏ɻ πʔϧΛߟྀ͢Δࣄͳ͘࠷ݶͷۀ
͕Ͱ͖Δ༷ʹ͢Δɻ
Background ༻ݴޠΛӳޠ͔Βຊޠ
Background ςϯΩʔΛ͑Δૢ࡞ੑΛٻΊɺϑϦοΫೖྗʹΑΔૢ࡞ੑΛٻ
Background ͳͥϑϦοΫೖྗͳͷ͔ʁ 20197݄ʹʮεϚʔτϑΥϯͷจࣈೖྗ ͲΕΛ͍ͬͯ·͔͢ʁʯͱΞϯέʔτ ͕ߦΘΕͨɻ ༗ޮճऀ979ਓͷ͏ͪ653ਓɺ66.7ˋ ͷεϚϗϢʔβʔ͕ϑϦοΫೖྗΛϝΠ ϯʹ͍ͬͯΔͱճͨ͠ ࠓ͞Βฉ͚ͳ͍ʮϑϦοΫೖྗʯͷΓํɾઃఆɹθϩ͔Β࿅श͢ΔίπΛत https://mag.app-liv.jp/archive/123964/#482044
Background 15ࡀ ~ 19ࡀ͕77.9ˋ͑ͱ4ਓʹ3ਓϑ ϦοΫೖྗΛ༻ ࠓͷए͍ੈύιίϯΑΓઌʹɺεϚ ϗʹ৮ΕΔࣄ͕ଟ͍ͨΊͱߟ͑ΒΕΔ ΩʔϘʔυೖྗʢςϯΩʔೖྗʣΑΓϑ ϦοΫೖྗͷํ͕ΩϟϦΞ͕͍ ࠓ͞Βฉ͚ͳ͍ʮϑϦοΫೖྗʯͷΓํɾઃఆɹθϩ͔Β࿅श͢ΔίπΛत
https://mag.app-liv.jp/archive/123964/#482044
Background ॳ৺ऀͰಋೖ͕༰қͳΠϯλʔϑΣʔε εϚϗͷීٴʹΑΓҰൠԽͨ͠ͷ͕ϝο ηʔδΞϓϦ વίϚϯυೖྗΑΓϝοηʔδΛૹΔ ૢ࡞ͷํ͕༰қ νϟοτϘοτͱͷΓऔΓʹ
Background MMDݚڀॴɺ2022ʹຊɺΞϝϦΧɺ தࠃʹॅΉ15ࡀ ~ 69ࡀͷεϚʔτϑΥϯΛ ॴ༗͢ΔஉঁΛରʹɺʮถத3ϲࠃࢢ ෦εϚʔτϑΥϯϢʔβʔൺֱௐࠪʯΛ࣮ࢪ िʹ1ճҎ্ར༻͍ͯ͠ΔΞϓϦͷδϟϯϧ Λฉ͍ͨͱ͜ΖɺຊͰʮϝοηʔδΞ ϓϦʯ͕78.1ˋͱ࠷ଟ͘ɺ͍ͭͰʮEϝʔ
ϧʯ͕63.2ˋɺʮఱؾʯ͕54.9ˋͱͳͬͨɻ ओͳ࿈བྷΞϓϦɺຊʮLINEʯถࠃʮInstagramʯதࠃʮඍ৴(WeChat)ʯʲMMDݚڀॴௐʳ https://webtan.impress.co.jp/n/2022/11/28/43705
Background ୭͕ೃછΈ͋ΔϝοηʔδΞϓϦͷΠ ϯλʔϑΣʔε εϚʔτϑΥϯΛ༻ͨ͠ϑϦοΫೖྗ͕ Մೳ ຊޠͰɺΓ͍ͨࣄΛ͑Ε࣮ߦͯ͠ ͘ΕΔνϟοτϘοτ
Overview
Overview ΩʔϘʔυɺ·ͨϑϦοΫೖྗͰϘοτ໋ྩ͢ΔͱɺΣϒϑοΫ͕PythonʢBOCCHIʣʹ໋ྩΛ͑ɺ Python͕֤छπʔϧΛ࣮ߦ͢Δ
Feature
Feature ϝχϡʔදࣔ ϙʔτεΩϟϯ ੬ऑੑஅ ೝূࢼߦ etc…
Feature νϟοτ্ͰτϦΨʔϫʔυʢˏbocchiʣͷޙ ʹ໋ྩจΛ͚ͯൃݴ͢Δ͜ͱͰɺίϚϯυ͕ ࣮ߦ͞ΕϦϓϥΠϝοηʔδͱͯ݁͠Ռ͕දࣔ ͞ΕΔɻ
Feature BOCCHIͰɺʮͯʹΛʯ͕ଟগग़དྷͯ ͍ͳͯ͘ɺ໋ྩͱͳΔΩʔϫʔυΛ֬ ೝ͢ΔࣄͰɺίϚϯυΛ࣮ߦɻ ܗଶૉղੳΤϯδϯΛऔΓೖΕͯޱޠௐ Ͱͷ໋ྩΛड͚͚ɺܗଶૉ͝ͱʹׂ ͪ͠ॻ͖ʢ୯ޠʹׂʣ໋ͯ͠ྩΛड ͚͚͍ͯΔɻ
Feature ܗଶૉղੳΤϯδϯJanomeʢऄͷʣ JanomePure PythonͰॻ͔Εͨࣙॻแͷܗଶૉ ղੳث ґଘϥΠϒϥϦແ͠ͰΠϯετʔϧͰ͖ɺΞϓϦ έʔγϣϯʹΈࠐΈ͍͢γϯϓϧͳAPIΛඋ͑ ΔܗଶૉղੳϥΠϒϥϦ https://github.com/mocobeta/janome
Feature ܗଶૉղੳ ɹରͱͳΔݴޠͷจ๏୯ޠͷࢺ ใΛͱʹɺจষΛܗଶૉʹղ͢ ΔղੳɻࣗવݴޠॲཧͰࣄલॲཧ ͱͯ͠༻͍ΒΕΔख๏ ܗଶૉ ɹҙຯΛ࣋ͭදݱཁૉͷ࠷খ୯Ґ ୯ޠ ࢺ
ࢺࡉྨ ࢲ ໊ࢺ ໊ࢺ ॿࢺ ॿࢺ ϓϩάϥϛϯά ໊ࢺ αมଓ Λ ॿࢺ ֨ॿࢺ ษڧ ໊ࢺ αมଓ ͠ ಈࢺ ཱࣗ ͯ ॿࢺ ଓॿࢺ ͍ ಈࢺ ඇཱࣗ ·͢ ॿಈࢺ ʔ ɻ ه߸ ۟ ʮࢲϓϩάϥϛϯάΛษڧ͍ͯ͠·͢ɻʯ
Feature ͳͥLLMΛ༻͠ͳ͍ͷ͔ʁ ΦϑϥΠϯڥͰϓϩάϥϜΛར༻͢Δओͳར 1. Πϯλʔωοτґଘੑͷճආ: Πϯλʔωοτ ଓ͕ෆ҆ఆ·ͨར༻Ͱ͖ͳ͍ঢ়گͰɺ ϓϩάϥϜ͕ػೳ͢ΔͨΊɺ৴པੑ্͕ 2. ηΩϡϦςΟ্:
Πϯλʔωοτʹଓͤͣ ʹϓϩάϥϜΛ࣮ߦ͢Δ͜ͱͰɺηΩϡϦ ςΟ্ͷϦεΫΛ࠷খݶʹ͑Δ͜ͱ͕Ͱ ͖ɺ֎෦ͱͷ௨৴Λආ͚Δ͜ͱͰใ࿙Ӯͷ Մೳੑ͕ݮ
Feature BOCCHIͰߦΘΕ͍ͯΔॲཧͷྲྀΕ ɹɹɹʮIPΞυϨεΛεΩϟϯͯ͠ʯ໋ྩΛड͚औΔ ɹɹɹJanomeͰ ɹɹɹʮIPΞυϨεʯʮΛʯʮεΩϟϯʯʮ͢Δʯʮͯʯ ɹɹɹʹͪॻ͖͞ΕΔ ɹɹɹΩʔϫʔυΛݕࡧ͠ɺࠓճͳΒnmap͕બ͞ΕΔ ɹɹɹnmapίϚϯυͷߏங ɹɹɹίϚϯυͷ࣮ߦ
Feature ᶃʮʢIPΞυϨεʣΛεΩϟϯͯ͠ʯ ͱ໋ͣΔ ᶄ໋ྩΛͪॻ͖ʹ͢ ᶅΩʔϫʔυΛΑΓnmapίϚϯυΛ࡞ nmap -vv --reason -Pn -T4
-sV -sC --version-all -A —osscan-guess --script=vuln -oA IPAddress ᶆnmapͷ࣮ߦ
Feature εΩϟϯ݁ՌɺࣗಈతʹFaradayΠϯϙʔτ ݁ՌͷՄࢹԽ
Feature ʮαʔϏεΛදࣔͯ͠ʯʮ੬ऑੑΛ දࣔͯ͠ʯͱ໋ྩ͢Δͱνϟοτ্ ͰɺεΩϟϯ݁ՌͷҰ෦ʢݕग़ͨ͠ αʔϏεͷҰཡɺ੬ऑੑͷҰཡʣΛ ֬ೝ͢Δࣄ͕Մೳ
Feature ʮೝূࢼߦΛͯ͠ʯͱ໋ྩ͢Δͱ BrutesprayΛ༻ͨ͠؆қతͳೝ ূࢼߦ߈ܸΛ࣮ߦ͠ɺऴྃޙʹ݁ ՌΛදࣔ
Feature ʮ੬ऑੑஅΛͯ͠ʯͱ໋ྩ͢ΔͱGVM ʢGreenbone Vulnerability Manager چ OpenVASʣΛ༻ͨ͠੬ऑੑஅΛ࣮ߦ ͜ͷࡍɺࡉ͔͍ઃఆΛٻΊΒΕΔࣄͳ͘ࣄ લʹఆΊͨஅํ๏Ͱஅ͕ߦΘΕΔɻ
Feature ʮεΩϟϯʹ͍ͭͯڭ͑ͯʯʮ੬ऑੑஅ ʹ͍ͭͯڭ͑ͯʯͱ࣭͢ΔࣄͰɺ༻͢Δ πʔϧίϚϯυʹ͍ͭͯղઆ ʮରIPΞυϨεͷௐࠪঢ়گΛڭ͑ͯʯͱ࣭ ͢Εɺ࣮ߦϩάΛੳͯ͠ରIPΞυϨ εʹରͯ͠ͷௐࠪঢ়گΛ֬ೝՄೳɻ ෳγεςϜΛௐࠪ͢ΔࡍͷೋखؒΛࢭ
Feature ؆୯ͳૢ࡞Ͱߦ͑Δ໘ɺ҆શ໘Λߟྀ͢ Δඞཁ͕͋Δɻʢྫ͑είʔϓൣғ֎ ͷΞΫηεɺޡૢ࡞ʣ BOCCHIͰɺࣄલʹௐࠪରͱͳΔIPΞ υϨεΛొ͠ɺௐ࣮ࠪߦલʹొ͞Εͨ IPΞυϨε͔ͷ֬ೝΛ࣮ࢪ ޡૢ࡞Λ͙ҝʹ࣮ߦલͷঝೝػೳΛ࣮
Extra
Extra ࢲͷ৬ɺສਓࡐෆͷҝɺOJTͱশͯ͠ ݱʹ৽ਓΛಉߦͤ͞Δࣄ͕ଟʑ͋Δɻ ͔͠͠ɺݱͰ৽ਓͷ૬खΛ͢Δ༨༟ແ͍ɻ ΩϟϦΞͷઙ͍൴ΒʹޮՌతͳOJTΊͣɺ ؍͢Δ͚ͩͷ߹͕ଟ͍ɻʢԿΛͯ͠ྑ͍͔ Θ͔Βͳ͍ҝʣ ? ?
Extra ϖϯςελʔʢॳ৺ऀڵຯͷ͋Δऀʣ ԿΛ͢Εྑ͍͔Θ͔Βͳ͍࣌νϟοτ্Ͱ BOCCHIʹ࣭ͨ͠ΓɺίϚϯυ͕Θ͔Βͳ͘ ͯBOCCHIʹ໋ྩ͢Εղܾ ݱͷงғؾΛମײͰ͖ͯɺۀʹ҆৺ͯ͠ ࢀՃͰ͖ΔͷͰOJTͷޮՌظͰ͖Δ ͻͱΓͰ·ͳ͍͍ͯ͘
Extra ϒϧʔνʔϜSOC ઐతͳ͕ࣝͳͯ͘ɺBOCCHI ʹ໋ྩ͢Δ͚ͩͰٖࣅతͳαΠόʔ ߈ܸʢೝূࢼߦ੬ऑੑஅʣ͕ग़ དྷΔͷͰɺϒϧʔνʔϜSOCͷτ Ϩʔχϯάʹ׆༻Ͱ͖Δ εΩϟϯೝূࢼߦͷ ࠟ
Extra ਓࡐҭͱͯؒ͠ҧ͍ͬͯΔ͕ɺBOCCHIΛ ׆༻͢Δ͜ͱͰແବʹͳ͍ͬͯͨϦιʔεʢ৽ ਓͷPCʣΛ༗ޮ׆༻͢Δࣄ͕Ͱ͖Δɻ৽ਓͷ BotԽʢΤϰΝϯήϦΦϯͷμϛʔγεςϜత ͳͷʣͰ͋Δɻ ࢍ൱྆͋Δͱࢥ͏͕ɺԿͤͣʹͨͩը໘Λ ද͍ࣔͤͯ͞ΔPC͕༨͍ͬͯΔͳΒɺओ ऀͷखͱͳΓͱͳΓۀΛগ͠Ͱ͜ͳͨ͠ ํ͕ޮྑ͘ͳΔͱߟ͑Δɻ
Summary AIνϟοτ·Ͱߦ͔ͳ͍͚ΕͲ؆୯ͳձΦϑϥΠϯͰཱ͢Δ ݱʹΓͳ͍ϗεϐλϦςΟπʔϧͰิ ݶΒΕͨϦιʔε༗ޮ׆༻͖͢ ڥ͕͑εϚʔτϑΥϯͰϖωτϨʔγϣϯςετͰ͖Δ BOCCHI͕͋ΕಠΓ͡Όͳ͍ ຖɺຖ৽͍͠πʔϧΛ࡞ͬͯൃද͢ΔͷԿؾʹΩπ͍
Thank you for listening! Any Question? Github: https://github.com/01rabbit/BOCCHI XʢچTwitterʣ: https://twitter.com/01ra66it