This tool leverages chat platforms like Mattermost. Users can converse with (or give instructions to) a bot to conduct reconnaissance activities for penetration testing, vulnerability assessments, and authentication attempts. For instance, if one wishes to scan a target, they can instruct by saying, 'Scan [IP address].' Upon receiving this command, BOCCHI will execute an nmap scan and then import the results into Faraday.
Actual operations are conducted through interactions with the bot (BOCCHI) on the chat platform, making it user-friendly for those who may not be comfortable with keyboard commands or command-line inputs. Moreover, with the current generation predominantly using flick input on smartphones, installing Mattermost on a smartphone allows for operations via flick input.
Using Mattermost facilitates effective communication with BOCCHI amidst conversations with other team members. This bridges the gap between those proficient in command operations and those who aren't, enhancing team collaboration.
BOCCHI stands out as a novel form of penetration testing tool.

PromptMap is a Prompt Injection attacks testing tool.
This tool performs fully automated Prompt Injection attack tests against them to assess the robustness of generative AI and generative AI-integrated apps. This tool is intended to be used by developers for security testing.

PromptMap supports the following attack tests.

* Direct Prompt Injection/Jailbreak
PromptMap injects malicious prompts into a generative AI and evaluates whether the generative AI generates malicious contents or leaks generative AI's training data.

* Prompt Leaking
PromptMap injects malicious prompts into generative AI-integrated applications and evaluates whether the generative AI-integrated applications leak the prompt templates implemented by the apps.

* P2SQL Injection
PromptMap injects malicious prompts into generative AI-integrated applications and evaluates to steal, modify, or delete information from the database connected to the generative AI-integrated applications.

Prompt Injection attacks have different principles from those used in existing attack methods, and it is difficult to evaluate their robustness using existing security testing methods.

Therefore, PromptMap supports a wide variety of Prompt Injection attacks and enables fully automated execution, contributing to security testing for developers of generative AI and generative AI-integrated applications.

This tool automatically analyzes the external public assets of companies that have been listed on ransomware leak sites to determine what assets are present and whether there are assets that are particularly vulnerable to attack.

When conducting penetration testing, the OS called Kali Linux is often used. This OS contains a plethora of useful tools, and penetration testers utilize these tools extensively during their tests. However, for beginners in penetration testing, those who are not adept at computer operations, or those who are interested but find it challenging to handle the tools, this can pose a significant barrier.
To address these challenges and make penetration testing more accessible, allowing users to understand the flow and facilitate smoother onboarding and training, we created KaliPAKU. This tool is equipped with a mechanism called the 'Tenkey Numbering System,' which allows users to operate commonly used tools in Kali Linux, such as 'Kali-tools-top10,' using just numeric combinations. As a result, users can perform basic operations through numeric input from the tenkey without having to become proficient in handling the tools. Furthermore, since it operates via tenkey input, even those who find keyboard operations challenging due to injuries or disabilities, as well as older individuals unfamiliar with computers or even children, can conduct penetration tests and learn the process.

By introducing this tool, it's possible to train individuals to conduct basic penetration tests in an extremely short period.

With the recent advancements in communication technology, the encryption of communication content has become commonplace. As a result, it's becoming more challenging for ISPs and research institutions to detect malicious traffic.
This tool proposes a new approach, applying the information obtained from the advertising industry's ad networks and analysis techniques to network security.
Based on the advertising data, which analyzes user behavior and interests in detail, we predict the usual network usage patterns of users and detect abnormal access and malicious traffic in real-time.

A C2 framework with the following features:
The client operates based on Python, allowing it to evade detection by antivirus and EDR solutions.
While Windows does not come with Python installed by default, the client has a feature for silent installation of Python.
The C2 server is set up on Google Colab, ensuring a high reputation for the communication endpoint, making it less likely to be detected by network security products. Additionally, the communication endpoint URL changes frequently, providing strong resistance to blacklisting.

This tool utilizes Dynamic Binary Instrumentation (DBI) to capture events that occur during the execution of a binary, and presents them as a timeline.

A benchmarker for hardening competition.

Discussion of what is needed and feasible to prevent people playing online games from being involved in cyber-attacks.

Even with the implementation of EDR (Endpoint Detection and Response) solutions like CrowdStrike, there are methods of attack that remain undetected, leading to a grand misconception among corporate security personnel. They assume that by deploying asset management software (such as LanScopeCAT or Skysea), endpoint security is sufficiently covered. This often results in a complacent attitude towards security measures, with the mistaken belief that 'it's being handled, it's done.'

When it comes to cyber-attack incidents, it's important to understand why asset management software fails to capture comprehensive logs and why it doesn't detect certain activities. In contrast, we need to evaluate how effectively EDR solutions can log activities and trigger alerts. Even the most reliable EDRs that can detect significant security risks might not alert on certain tactics. In such cases, it becomes necessary to analyze logs from on-premises Active Directory or to use IDR (Intrusion Detection and Response) products.

Moreover, even with EDR and IDR solutions in place, there is a reality that files transmitted externally cannot be specifically identified, and when it comes to explaining to external stakeholders what the leaked information was, these systems do not provide conclusive evidence.

This situation, which can be observed across various tactics, tools, and environments, will be exemplified using detections by M365 Defender. The first step is to explain in detail how asset management software fails to capture sufficient logs for security incident assessment. This will help structure an understanding that current endpoint security measures are not as robust as presumed. The limitations of detection with EDR will also be addressed.