Post
958
I made Multi-agent Software Team Gradio space using transformers agents based on the multiagent_web_assistant cookbook by
@m-ric
Csplk/SoftwareTeam
Csplk/SoftwareTeam
Ci Splunk PRO
Csplk
AI & ML interests
None yet
Recent Activity
liked
a Space
43 minutes ago
nvidia/audio-flamingo-3
liked
a Space
about 1 hour ago
Jhawley/moonshotai-Kimi-K2-Instruct
liked
a Space
1 day ago
omnipart/OmniPart
Organizations
Posts 3
Post
2735
# Offensive Security Reconnaissance Continued with Public Facing Industrial Control System HMIs using Moondream
Building on my previous experiments with Moondream for physical security reconnaissance planning automation (https://huggingface.co/posts/Csplk/926337297827024), I've now turned my attention to exploring the potential of this powerful image-text-text model for offensive security reconnaissance in the realm of Industrial Control Systems (ICS).
ICS HMIs (Human-Machine Interfaces) are increasingly exposed to the public internet, often without adequate security measures in place. This presents a tantalizing opportunity for malicious actors to exploit vulnerabilities and gain unauthorized access to critical infrastructure.
Using Moondream with batch processing ( Csplk/moondream2-batch-processing), I've been experimenting with analyzing public facing ICS ( Csplk/ICS_UIs) HMI ( Csplk/HMI) screenshots from shodan to identify types of exposed ICS system HMIs, how they are operated and how malicious actors with access to these systems could cause damage to physical infrastructure. Feeding images of HMIs and pre-defined text prompts to Moondream batch processing successfully (unconfirmed accuracy levels) extracted information about the underlying systems, including
1. **System type**
2. **Possible Operation Details**
3. **Malicious Actor Outcomes**
Next steps:
* I have a longer and more in depth blog write up in the works that will cover the previous and this post's approaches for experiments for sharing via HF community blog posts soon.
* I plan to continue refining my Moondream-based tool to improve its accuracy and effectiveness in processing public facing ICS HMIs.
* As mentioned before, offensive security with moondream focused HF Space once its fleshed out.
Thanks again to @vikhyatk for the incredible Moondream model. vikhyatk/moondream2
Building on my previous experiments with Moondream for physical security reconnaissance planning automation (https://huggingface.co/posts/Csplk/926337297827024), I've now turned my attention to exploring the potential of this powerful image-text-text model for offensive security reconnaissance in the realm of Industrial Control Systems (ICS).
ICS HMIs (Human-Machine Interfaces) are increasingly exposed to the public internet, often without adequate security measures in place. This presents a tantalizing opportunity for malicious actors to exploit vulnerabilities and gain unauthorized access to critical infrastructure.
Using Moondream with batch processing ( Csplk/moondream2-batch-processing), I've been experimenting with analyzing public facing ICS ( Csplk/ICS_UIs) HMI ( Csplk/HMI) screenshots from shodan to identify types of exposed ICS system HMIs, how they are operated and how malicious actors with access to these systems could cause damage to physical infrastructure. Feeding images of HMIs and pre-defined text prompts to Moondream batch processing successfully (unconfirmed accuracy levels) extracted information about the underlying systems, including
1. **System type**
2. **Possible Operation Details**
3. **Malicious Actor Outcomes**
Next steps:
* I have a longer and more in depth blog write up in the works that will cover the previous and this post's approaches for experiments for sharing via HF community blog posts soon.
* I plan to continue refining my Moondream-based tool to improve its accuracy and effectiveness in processing public facing ICS HMIs.
* As mentioned before, offensive security with moondream focused HF Space once its fleshed out.
Thanks again to @vikhyatk for the incredible Moondream model. vikhyatk/moondream2
datasets
13
Csplk/mooncrime
Updated
β’
171
Csplk/screenshotlabel-ics
Updated
β’
7
Csplk/Saskashodan
Updated
β’
25
Csplk/trippin
Viewer
β’
Updated
β’
231
β’
12
Csplk/VisualHallucinations
Viewer
β’
Updated
β’
231
β’
19
β’
1
Csplk/DarkWebSight
Viewer
β’
Updated
β’
1
β’
65
β’
4
Csplk/ICS_UIs
Viewer
β’
Updated
β’
1.04k
β’
17
β’
3
Csplk/HMI
Viewer
β’
Updated
β’
299
β’
196
β’
2
Csplk/ascii_tags
Updated
β’
20
Csplk/Testascii
Updated
β’
11