Post
589
I made Multi-agent Software Team Gradio space using transformers agents based on the multiagent_web_assistant cookbook by
@m-ric
Csplk/SoftwareTeam
Csplk/SoftwareTeam
Ci Splunk PRO
Csplk
AI & ML interests
None yet
Organizations
Posts
3
Post
2239
# Offensive Security Reconnaissance Continued with Public Facing Industrial Control System HMIs using Moondream
Building on my previous experiments with Moondream for physical security reconnaissance planning automation (https://huggingface.co/posts/Csplk/926337297827024), I've now turned my attention to exploring the potential of this powerful image-text-text model for offensive security reconnaissance in the realm of Industrial Control Systems (ICS).
ICS HMIs (Human-Machine Interfaces) are increasingly exposed to the public internet, often without adequate security measures in place. This presents a tantalizing opportunity for malicious actors to exploit vulnerabilities and gain unauthorized access to critical infrastructure.
Using Moondream with batch processing ( Csplk/moondream2-batch-processing), I've been experimenting with analyzing public facing ICS ( Csplk/ICS_UIs) HMI ( Csplk/HMI) screenshots from shodan to identify types of exposed ICS system HMIs, how they are operated and how malicious actors with access to these systems could cause damage to physical infrastructure. Feeding images of HMIs and pre-defined text prompts to Moondream batch processing successfully (unconfirmed accuracy levels) extracted information about the underlying systems, including
1. **System type**
2. **Possible Operation Details**
3. **Malicious Actor Outcomes**
Next steps:
* I have a longer and more in depth blog write up in the works that will cover the previous and this post's approaches for experiments for sharing via HF community blog posts soon.
* I plan to continue refining my Moondream-based tool to improve its accuracy and effectiveness in processing public facing ICS HMIs.
* As mentioned before, offensive security with moondream focused HF Space once its fleshed out.
Thanks again to @vikhyatk for the incredible Moondream model. vikhyatk/moondream2
Building on my previous experiments with Moondream for physical security reconnaissance planning automation (https://huggingface.co/posts/Csplk/926337297827024), I've now turned my attention to exploring the potential of this powerful image-text-text model for offensive security reconnaissance in the realm of Industrial Control Systems (ICS).
ICS HMIs (Human-Machine Interfaces) are increasingly exposed to the public internet, often without adequate security measures in place. This presents a tantalizing opportunity for malicious actors to exploit vulnerabilities and gain unauthorized access to critical infrastructure.
Using Moondream with batch processing ( Csplk/moondream2-batch-processing), I've been experimenting with analyzing public facing ICS ( Csplk/ICS_UIs) HMI ( Csplk/HMI) screenshots from shodan to identify types of exposed ICS system HMIs, how they are operated and how malicious actors with access to these systems could cause damage to physical infrastructure. Feeding images of HMIs and pre-defined text prompts to Moondream batch processing successfully (unconfirmed accuracy levels) extracted information about the underlying systems, including
1. **System type**
2. **Possible Operation Details**
3. **Malicious Actor Outcomes**
Next steps:
* I have a longer and more in depth blog write up in the works that will cover the previous and this post's approaches for experiments for sharing via HF community blog posts soon.
* I plan to continue refining my Moondream-based tool to improve its accuracy and effectiveness in processing public facing ICS HMIs.
* As mentioned before, offensive security with moondream focused HF Space once its fleshed out.
Thanks again to @vikhyatk for the incredible Moondream model. vikhyatk/moondream2
spaces
4
datasets
12
Csplk/screenshotlabel-ics
Updated
โข
5
Csplk/Saskashodan
Updated
โข
30
Csplk/trippin
Viewer
โข
Updated
โข
231
โข
37
Csplk/VisualHallucinations
Viewer
โข
Updated
โข
231
โข
36
โข
1
Csplk/DarkWebSight
Viewer
โข
Updated
โข
1
โข
80
โข
2
Csplk/ICS_UIs
Viewer
โข
Updated
โข
1.04k
โข
42
โข
2
Csplk/HMI
Viewer
โข
Updated
โข
299
โข
206
โข
2
Csplk/ascii_tags
Updated
โข
41
Csplk/Testascii
Updated
โข
37
Csplk/THE.ASCII.ART.EMPORIUM
Viewer
โข
Updated
โข
3.1M
โข
127
โข
9