Shadow Blade: A tool to interact with attack vectors
Ariel R. Ril, Daniel Dalalana Bertoglio, Avelino F. Zorzo
TL;DR
Shadow Blade addresses the need to organize diverse offensive tooling into a coherent attack graph for Capture the Flag and penetration testing contexts. It employs a modular Domain-Driven Design architecture with Go-based components for computation, TypeScript for graph handling, Neo4j storage, and a React UI to visualize results, beginning with reconnaissance via $nmap$ and $ffuf$. The work formalizes attack graphs as $G=(S,\\tau,S_0,S_s)$ and defines attack vectors as sequences of techniques, and it evaluates Shadow Blade on an HTB Armageddon machine to demonstrate construction and exploration of attack paths. This approach enables cyber security professionals to rapidly discover, select, and explore attack vectors, with extensibility for additional tools and future planning or learning-based enhancements.
Abstract
The increased demand of cyber security professionals has also increased the development of new platforms and tools that help those professionals to improve their offensive skills. One of these platforms is HackTheBox, an online cyber security training platform that delivers a controlled and safe environment for those professionals to explore virtual machines in a Capture the Flag (CTF) competition style. Most of the tools used in a CTF, or even on real-world Penetration Testing (Pentest), were developed for specific reasons so each tool usually has different input and output formats. These different formats make it hard for cyber security professionals and CTF competitors to develop an attack graph. In order to help cyber security professionals and CTF competitors to discover, select and exploit an attack vector, this paper presents Shadow Blade, a tool to aid users to interact with their attack vectors.