What if we teach a computer to discover and classify every possible exposed device on the Internet and determine what are the most valuable targets, instead of relying on Shodan and a bunch of random keywords ? Obviously, we would have a pretty nice picture of what type of devices are connected to the Internet without prior knowledge.
In this presentation, we will introduce some major concepts in Machine Learning such as datasets, supervised and unsupervised learning, and teach the audience how to create a scanner/classifier based on opensource tools and frameworks. We will go through the whole process covering data collection, data pre-processing, datasets building, automated classification process and post-processing.
We will demonstrate the effectiveness of this scanner with multiple examples of what we found, some statistics about the major connected devices vendors seen by our bot, and of course how to weaponize it and turn it into a p0wning machine !
Damien Cauquil (digital.security)
Damien is a senior security researcher who joined Digital Security in 2015 as the head of research and development. He discovered how wireless protocols can be fun to hack and quickly developed BtleJuice, one of the first Bluetooth Low Energy MitM framework, and BtleJack, a BLE swiss-army knife released in 2018.
Damien presented at various security conferences including DEF CON, Hack In Paris, Chaos Communication Camp, Chaos Communication Congress, BruCon, Hack.lu, and a dozen times at Nuit du Hack, one of the oldest French hacking conference.