This paper introduces H-Verify, a platform to design and implement intrusions against real-world ICT infrastructures. Unique in its approach, H-Verify leverages adversary simulations previously ran on a digital twin of the target infrastructure to fully or partially automate the planning and execution of intrusions but it can also act as a flexible decision support system for the manual planning of intrusions. Furthermore, the tool also supports the simulation results, detecting false positives in the infrastructure vulnerabilities, testing applied countermeasures, and supporting users with distinct levels of experience in red teaming engagements.
H-Verify: Automating Intrusions through Digital Twins
Panti E.Methodology
;Isoni L.Validation
;Baiardi F.
Supervision
2024-01-01
Abstract
This paper introduces H-Verify, a platform to design and implement intrusions against real-world ICT infrastructures. Unique in its approach, H-Verify leverages adversary simulations previously ran on a digital twin of the target infrastructure to fully or partially automate the planning and execution of intrusions but it can also act as a flexible decision support system for the manual planning of intrusions. Furthermore, the tool also supports the simulation results, detecting false positives in the infrastructure vulnerabilities, testing applied countermeasures, and supporting users with distinct levels of experience in red teaming engagements.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
