As you probably know, at Malizen we like recommendation systems. So today we focus on a tool developed by UK research teams that could be used in a red team context.
This paper presents a method for identifying potential paths that can be exploited by attackers to gain unauthorized access to a maritime supply chain infrastructure. The method involves building attack graphs using data from the infrastructure and utilizing a recommendation system to predict future attack steps within the network. The goal is to classify future cyber-attacks in terms of risk management and the proposed method has been experimentally evaluated and shown to be practical and effective.
The paper explains that in the researchers' experiments, the tool performs well and is able to find entire chains of vulnerabilities. This could be the basis for an automated tool to better understand your attack surface during red team exercises. It's very engaging and promising, very cool!
