We gave a presentation titled "MUSHIKAGO-femto: Automated Pentest & First Aid Tool for IT/OT Environments" at the Black Hat USA 2022 Arsenal to be held in Las Vegas, USA from 8/6 to 8/11/2022. This was my second presentation at Black Hat, following one in 2021. The level of presentations was very high again this year, with interesting talks and tools lined up, and we are very honored that our tool was selected among them.
MUSHIKAGO-femto is an automated penetration testing tool that is freely available to the public as OSS. femto features a first aid function, which automatically defends against the same pseudo-attacks that succeed in penetration tests using the eBPF function. The same attack can be automatically defended against using the eBPF functionality. Although still in the research phase, we would like to offer a new MUSHIKAGO series in the future that incorporates the first aid function.
In our presentation at Black Hat, we demonstrated how femto can automatically perform penetration tests on Hack The Box machines and VulnHub machines. In the future, we plan to add functionality so that even machines with more complex configurations can be exploited automatically.
We hope to continue to participate in various conferences other than Black Hat so that we can output more interesting research.