Recently in the cybersecurity landscape, various figures have spread with different peculiarities. For instance there are the Black Hat hackers, aimed to perpetrate damage on the system or to silently exfiltrate sensitive information but there also the Ethical or White Hat hackers, aimed to investigate the vulnerabilities of a system under analysis only with the owner consent. In this context the Red Hat hackers, defined as vigilantes of the hacker world, are emerging. Their main aim is to independently found and solve vulnerabilities, by preventing cyberattacks. In this paper we propose a method aimed to automatise the vulnerability discover and mitigation process typically performed by Red Hat hackers. We exploit a tool-chain of several well-known tools and we evaluate the proposed method by exploiting the Metaesploitable Linux distro, showing that the proposed method is able to automatically mitigate vulnerabilities afflicting six widespread services..

A method for automatic penetration testing and mitigation: A Red Hat approach

Mercaldo F.;Santone A.
2021-01-01

Abstract

Recently in the cybersecurity landscape, various figures have spread with different peculiarities. For instance there are the Black Hat hackers, aimed to perpetrate damage on the system or to silently exfiltrate sensitive information but there also the Ethical or White Hat hackers, aimed to investigate the vulnerabilities of a system under analysis only with the owner consent. In this context the Red Hat hackers, defined as vigilantes of the hacker world, are emerging. Their main aim is to independently found and solve vulnerabilities, by preventing cyberattacks. In this paper we propose a method aimed to automatise the vulnerability discover and mitigation process typically performed by Red Hat hackers. We exploit a tool-chain of several well-known tools and we evaluate the proposed method by exploiting the Metaesploitable Linux distro, showing that the proposed method is able to automatically mitigate vulnerabilities afflicting six widespread services..
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11695/107220
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 11
  • ???jsp.display-item.citation.isi??? 5
social impact