Joost Grunwald en Patrick Kuin - Harnessing AI and Open-Source Tools for Enhanced IT Security Vulnerability Assessment

Abstract

In the ever-evolving landscape of IT security, the need to effectively identify and manage vulnerabilities is paramount. This study delves into how the amalgamation of different vulnerability scanners, coupled with open-source projects, can yield comprehensive and trustworthy data. It also elucidates how Artificial Intelligence (AI) plays a pivotal role in enriching reports and prioritizing vulnerabilities based on a multi-faceted equation of Threat, Risk, and assurance of an appropriate Tool.

Taking the leap to partially automated penetration testing, the research explores the application of AI in automatically verifying vulnerabilities as Proof of Concept (POC) exploits. By actively exploiting vulnerabilities using exploitation tools in combination with a Linux shell and a Metasploit console, the AI can attempt to exploit multiple version-based vulnerabilities to prove their exploitability. This approach demonstrates the robustness and efficacy of combining traditional vulnerability scanners with AI and open-source projects in enhancing IT security.

To cater to organizations with varying security requirements, the proposed solution offers modularity in tool selection. Organizations can choose from a range of scanning options, from internet-based scans (InternetDB, Shodan) that have minimal impact, to full vulnerability management and even penetration testing-like scans that attempt to exploit discovered vulnerabilities for validation.

By mapping vulnerabilities to risk scores based on factors like EPSS, CVSS, and tool confidence, professionals can prioritize their remediation efforts accordingly. The AI-powered system also generates comprehensive HTML reports containing recommendations and reproduction steps for each vulnerability, making it easier for IT teams to address the issues.

In conclusion, this research highlights the benefits of harnessing AI and open-source tools for enhanced IT security vulnerability assessment. By combining traditional vulnerability scanners with AI-powered prioritization and reporting, organizations can optimize their security protocols and strategies, leading to more robust and effective IT security management.

Biography

Joost Grunwald

As a security enthousiast, I have always been fascinated by finding vulnerabilities, manually, but also automatically, because of scale and because I am only able to spent my time once.

I have two cybersecurity related companies in which I do a lot of pentesting and love building systems related to vulnerability management or SIEM/IDS/etc.

I do project Darkstar, as we call it, at SURF as part of my master in cyber security on the radboud university.

Patrick Kuin

Enthusiastic student specializing in cybersecurity.

Sprekers