ChainReactor - Automated Privilege Escalation Chain Discovery via AI Planning

NOTE: this is an in-person only event.

Event Agenda
05.30pm -- Event kickoff, with dinner and networking.
06.00pm -- Announcements, by W. Martín Villalba (OWASP SB).
06.15pm -- Presentation: ChainReactor - Automated Privilege Escalation Chain Discovery via AI Planning, by Gabriel Pizarro and Ilya Grishchenko (UCSB Security Lab).
07.00pm -- BYOT / networking.
08.30pm -- Event end.

ChainReactor - Automated Privilege Escalation Chain Discovery via AI Planning
Current academic vulnerability research predominantly focuses on identifying individual bugs and exploits in programs and systems. However, this goes against the growing trend of modern, advanced attacks that rely on a sequence of steps (i.e., a chain of exploits) to achieve their goals, often incorporating individually benign actions.

This talk introduces a novel approach to the automated discovery of such exploitation chains using AI planning. In particular, we aim to discover privilege escalation chains, some of the most critical and pervasive security threats, which involve exploiting vulnerabilities to gain unauthorized access and control over systems. We implement our approach as a tool, ChainReactor, that models the problem as a sequence of actions to achieve privilege escalation from the initial access to a target system. ChainReactor extracts information about available executables, system configurations, and known vulnerabilities on the target and encodes this data into a Planning Domain Definition Language (PDDL) problem. Using a modern planner, ChainReactor can generate chains incorporating vulnerabilities and benign actions.

We evaluated ChainReactor on 3 synthetic vulnerable VMs, 504 real-world Amazon EC2 and 177 Digital Ocean instances, demonstrating its capacity to rediscover known privilege escalation exploits and identify new chains previously unreported. Specifically, the evaluation showed that ChainReactor successfully rediscovered the exploit chains in the Capture the Flag (CTF) machines and identified zero-day chains on 16 Amazon EC2 and 4 Digital Ocean VMs.

Speakers Bio
Gabriel Pizarro and Ilya Grishchenko are members of the UCSB Security Lab. More info: https://seclab.cs.ucsb.edu/.

BYOT: Bring Your Own Topic
This meeting is a great chance to ask for technical help, career advice, share new ideas, look for feedback, and discuss anything related to CyberSecurity / InfoSec.

### LOCATION CHANGED ###
Workzones, 351 Paseo Nuevo, Santa Barbara, CA.
Street Parking: Plenty of space on Chapala street and/or any side streets.
Parking Garage: Use the Paseo Nuevo Mall Parking Garage address, 730 Chapala Street, SB, CA 93101, in GPS. From the parking garage, go to the ground level towards center court. 75 min free parking. $3/hour thereafter.

The front door will be kept open for the duration of the event. If you have any trouble getting in, please do not leave, just knock on the front door and/or message us through this platform.

Thank you to Workzones for their partnership to host our event at their SB location! To learn more about this space, please visit https://workzones.com/.

Looking forward to seeing you all!

Martín
OWASP SB Leader