Azazel Series

Transcript

1. .BLPUP
   46(*5"
   BLB
   .S3BCCJU Azazel Series Cyber Scapegoat Gateways for Untrusted Networks

2. Makoto Sugita (aka Mr. Rabbit) I am … @01ra66it Mr.Rabbit

   Linkedin Presentations 2019 AVTOKYO HIVE🇯🇵 / SECCON YOROZU🇯🇵
 2020 Black Hat Asia Arsenal🇸🇬 / AVTOKYO HIVE🇯🇵 
 2022 SECCON Open Conference🇯🇵 — 🏅 Best Award
 2023 CODE BLUE CyberTAMAGO🇯🇵 / AVTOKYO HIVE🇯🇵
 SECCON Open Conference🇯🇵
 2024 CODE BLUE CyberTAMAGO🇯🇵 / AVTOKYO HIVE🇯🇵
 2025 BSides Tokyo🇯🇵 / BSides Las Vegas🇺🇸 
 Black Hat USA Arsenal🇺🇸 / SecTor a black hat event🇨🇦 
 CODE BLUE Bluebox🇯🇵
 CODE BLUE CyberTAMAGO🇯🇵 ← Now Independent Security Researcher (hobbyist)
 Executive Member, InfoSec Workshop @ Echigo-Yuzawa
 CISSP/SSCP/CompTIA CSAP/OSWP

3. Agenda • Section I - What is the Azazel System?

   • Section II - Introducing the Azazel Series • Section III - Future of Azazel Azazel System

4. Agenda • Section I - What is the Azazel System?

   • Section II - Introducing the Azazel Series • Section III - Future of Azazel Azazel System

5. "[B[FMγεςϜͱ͸Կ͔ ஗଺ɾ߆ଋɾޙͷઌʹجͮ͘z਎୅ΘΓ๷นz

6. "[B[FMγϦʔζڞ௨ΞʔΩςΫνϟ Detection / Deception / Delay / Visibility %FUFDUJPO
   w

   4VSJDBUBʢ֤Ϟσϧڞ௨ͷݕ஌Τϯδϯʣ %FDFQUJPO
   w 0QFO$BOBSZʢٖࣅ44))551%#౳ʣ %FMBZ
   
   $POUSPM
   w UD
   
   OGUBCMFTʢ஗ԆɾγΣʔϐϯάɾϒϩοΫʣ
   w Ϟʔυ੍ޚʢ1PSUBM
   
   4IJFME
   
   -PDLEPXO
   ͳͲʣ 7JTJCJMJUZ
   
   0QFSBUJPOT
   w ϩάύΠϓϥΠϯʢ7FDUPSͳͲʣ
   w .BUUFSNPTU
   
   ίϯιʔϧ
   
   &Ŗ1BQFS
   
   w B[DUM
   
   εΫϦϓτ܈ Azazel Series Core Architecture Clients Uplink & Services Untrusted → Controlled

7. Agenda • Section I - What is the Azazel System?

   • Section II - Introducing the Azazel Series • Section III - Future of Azazel Azazel System

8. AZ-01X Azazel-Pi Portable SOC/NOC on Raspberry Pi 5 3PMF
   খن໛ωοτϫʔΫ޲͚
   $ZCFS
   4DBQFHPBU
   (BUFXBZ
   

   )BSEXBSF
   #BTF
   
   3BTQCFSSZ
   1J
   
   (#
   
   /7.F
   
   64#
   44%
   ୯ମͰ4VSJDBUBɾ0QFO$BOBSZɾ੍ޚϞδϡʔϧΛՔಇ
   $PSF
   'VODUJPO
   %FUFDUJPO
   
   4VSJDBUB
   %FDFQUJPO
   
   0QFO$BOBSZ
   %FMBZ
   
   UD
   
   OGUBCMFT
   ʢϞʔυ੍ޚʣ
   7JCJMJUZ
   
   ϩά
   .BUUFSNPTU௨஌
   6TF
   $BTFT
   ආ೉ॴɾԾઃΫϦχοΫɾখن໛ڌ఺ͷҰ࣌
   40$
   
   /0$

9. AZ-02 Azazel-Zero Personal Cyber Scapegoat Gateway on Raspberry Pi Zero

   2 W 3PMF
   ݸਓ૷උ޲͚ͷܰྔ
   $ZCFS
   4DBQFHPBU
   (BUFXBZ
   )BSEXBSF
   #BTF
   
   3BTQCFSSZ
   1J
   ;FSP
   
   8
   
   
   
   
   
   
   
   
   
   
   64#
   05(ʢ64#
   &UIFSOFU
   (BEHFUʣʴ
   &1BQFS
   )"5
   $PSF
   'VODUJPOT
   %FUFDUJPOɿܰྔઃఆͷ
   4VSJDBUB
   %FDFQUJPOɿඞཁ࠷খݶͷ
   0QFO$BOBSZ
   αʔϏε
   %FMBZɿUD
   
   OGUBCMFT
   ʹΑΔ؆қ஗ԆɾߜΓࠐΈ
   7JTJCJMJUZɿ&1BQFS
   
   ίϯιʔϧͰͷεςʔλεදࣔ
   6TF
   $BTFT
   ग़ுઌɾϗςϧ
   8J'JɾҰ࣌తͳݱ৔ௐࠪ
   ݸਓϖϯςετ૷උ
   
   ϑΟʔϧυϦαʔν༻ͷl࣋ͪา͚Δ
   "[B[FMz

10. AZ-03 Azazel-USB Any Laptop as an Azazel GatewayʢUSB Boot Editionʣ

    3PMF
    Ͳͷϥοϓτοϓ΋
    "[B[FM
    ήʔτ΢ΣΠʹม͑Δ
    64#
    ϒʔτ൛
    )BSEXBSF
    #BTF
    
    64#઀ଓ
    44%
    
    64#ϝϞϦ
          طଘϥοϓτοϓΛ
    64#
    ϒʔτͰىಈ
          ಺ଂσΟεΫඇґଘɾΠϯετʔϧෆཁ
    $PSF
    'VODUJPOT
    %FUFDUJPOɿ4VSJDBUBʢϗετ$16Λ׆͔ͨ͠ݕ஌ʣ
    %FDFQUJPOɿ0QFO$BOBSZʢෳ਺αʔϏεɾγφϦΦʹରԠʣ
    %FMBZɿUD
    
    OGUBCMFT
    ʹΑΔৄࡉͳ஗ԆɾγΣʔϐϯάɾःஅ
    7JTJCJMJUZɿίϯιʔϧ
    
    8FC
    6*
    
    ϩά࿈ܞʹΑΔՄࢹԽ
    6TF
    $BTFT
    ඃࡂ஍΍܇࿅؀ڥͰͷlҰ࣌
    40$/0$
    Խz
    ϖϯςετݱ৔ɾΦϯαΠτௐࠪͰͷݱ஍Ϛγϯ׆༻
    ࣋ͪࠐΈػࡐ੍͕ݶ͞ΕΔ؀ڥͰͷ
    64#
    Ұຊల։

11. ̏Ϟσϧͷൺֱ ؀ڥͱ໨తʹԠͨ͡
    "[B[FM
    ͷબͼํ ߲໨ AZ-01X Azazel-Pi AZ-02 Azazel-Zero AZ-03 Azazel-USB ໾ׂ

    খن໛40$/0$༻ήʔτ΢ΣΠ ݸਓ޲͚ɾܰྔ$ZCFS
    4DBQFHPBU
    (BUFXBZ طଘϥοϓτοϓΛҰ࣌తʹ"[B[FMԽ ༻్Πϝʔδ ආ೉ॴ
    
    Ծઃڌ఺ͷೖΓޱ๷ޚ ݸਓ૷උ
    
    ϑΟʔϧυϫʔΫ ඃࡂ஍ɾ܇࿅ɾϖϯςετݱ৔ͷz64#Ұຊ ల։z ϕʔεϋʔυ 3BTQCFSSZ
    1J
    
    (#
    
    44% 3BTQCFSSZ
    1J
    ;FSP
    8
    
    &1BQFS
    )"5 64#઀ଓ
    44%64#ϝϞϦ ೚ҙͷϥοϓτ οϓ Մൖੑ খܕ͕ͩʮਾ͑ஔ͖دΓʯ ϙέοταΠζͰߴ͍Մൖੑ 64#ϝσΟΞͷΈܰྔ ੑೳ༨༟ ݕ஌ʴܰྔ"*·Ͱ҆ఆӡ༻Մೳ ݕ஌ɾ؆қ஗଺͕த৺
    ʢ"*͸جຊର৅֎ʣ ϗετੑೳ࣍ୈͰॏ͍"*෼ੳ΋౥ࡌՄೳ ίΞػೳ %FUFDUJPO
    
    %FDFQUJPO
    
    %FMBZ
    
    7JTJCJMJUZ
    ʢϑϧߏ੒ʣ ಉ͕ͩ͡ɺܰྔߏ੒ɾػೳΛ࡟ͬͯলిྗԽ ಉ͡ߏ੒͕ͩϦιʔεʹ༨༟͕͋Ε͹֦ு͠ ΍͍͢ "*είΞϦϯάػೳ ࣮ӡ༻ϨϕϧͷείΞϦϯά͕Մೳ ݪଇͳ͠ɺ΋͘͠͸͘͝؆қͳϧʔϧϕʔε ࠷΋ߴ͍ʢϗετ$16(16Λ׆༻Մೳʣ ిݯɾӡ༻ੑ ৗઃӡ༻޲͖ʢ"$څిલఏʣ ϥοϓτοϓ͔Β௚઀څి ϥοϓτοϓͱಉ͡ӡ༻ʢిݯࣄ৘ʹґଘʣ Ձ֨ײʢ໨҆ʣ தʢ1J
    
    
    44%ʣ ௿ʢ;FSP
    
    8ϕʔεͰ࠷҆ʣ ϝσΟΞࣗମ͸௿͕ͩɺ1$ࠐΈͩͱதʙߴ ޲͍͍ͯΔ৔໘ ආ೉ॴɾΫϦχοΫɾখن໛ڌ఺ ग़ுઌɾϗςϧ8J'Jɾݸਓϖϯςετ ػࡐ੍ݶԼͰͷݱ৔ల։ݱ஍1$ͷҰ࣌ 40$/0$Խ

12. Agenda • Section I - What is the Azazel System?

    • Section II - Introducing the Azazel Series • Section III - Future of Azazel Azazel System

13. είΞϦϯάͷਐԽ ૬ؔʴܰྔ"*ʹΑΔڴҖͷจ຺Խ 4VSJDBUB
    
    
    0QFO$BOBSZΞϥʔτ .PDL--.
    ʢϧʔϧʴώϡʔϦεςΟοΫʣ ϩʔΧϧ--.
    ʢܰྔϞσϧʣ 5ISFBU
    4DPSF
    
    ˠ
    ϞʔυมߋΞϥʔτ

    ૬ؔΤϯδϯ
    ʢෳ਺Ξϥʔτͷ࣌ؒతɾۭؒతͳ݁ͼ͖ͭʣ ίϯςΩετ৘ใ
    ʢ୺຤ͷ໾ׂɺωοτϫʔΫηάϝϯτɺ࣌ؒଳͳͲʣ ӡ༻ΞΫγϣϯ
    ʢ4BGF
    1PSUBM
    
    2P4τϦΞʔδ΁ͷఏҊʣ Today: On-device threat scoring Next: Correlation & context-aware triage

14. ٗᛋ૚ͷڧԽ ಈతσίΠͱ߈ܸऀϓϩϑΝΠϧ "UUBDLFS "[B[FM
    (BUFXBZ %FDPZ
    4FSWJDFT
    w 44))551%#ͳͲͷ
    ෳ਺αʔϏε
    w ٖࣅΞΧ΢ϯτɺٖࣅσʔλ

    3FBM
    4FSWJDFT 5PEBZ
    w ݻఆઃఆͷ0QFO$BOBSZαʔϏε
    w ࣄલʹܾΊଧͪͨ͠όφʔɾϙʔτɾαʔϏεछผ /FYU
    w ߈ܸύλʔϯʹԠͨ͡σίΠ੾Γସ͑
    w ߈ܸऀϓϩϑΝΠϧʢ*1ৼΔ෣͍ཤྺʣ
    w γφϦΦผͷِ૷؀ڥʢྫɿ%#෩ɺ؅ཧϙʔλϧ෩ʣ ໨తɿ߈ܸऀͷ࣌ؒͱϦιʔεΛୣ͍ɺຊ෺ͷࢿ࢈͔ΒҙࣝΛҳΒ͢

15. Ԡ༻ྖҬͷల։ ඃࡂ஍ωοτϫʔΫ͔Β࣏ࣗମ40$΁ w ආ೉ॴ8J'J
    w Ұ࣌40$/0$
    w 4BGF
    1PSUBM w খن໛ிࣷ
    

    w ΫϦχοΫ
    w ϩʔΧϧ؂ࢹ w ࣏ࣗମ40$
    w ஍ҬͷةػωοτϫʔΫ
    w ඪ४Խͱల։ ڞ௨ίϯηϓτɿ҆ՁɾϩʔΧϧ׬݁ɾݱ৔ʹґଘ͠ͳ͍ӡ༻

16. Thank you! Azazel System https://github.com/01rabbit/Azazel @01ra66it Mr.Rabbit Azazel System