Detecting Vulnerability Scanning Traffic From Underground Tools Using Machine Learning

NetmanageIT OpenCTI - opencti.netmanageit.com

Detecting Vulnerability Scanning Traffic From Underground Tools Using Machine Learning



SUMMARY :

Researchers discovered an automated scanning tool called Swiss Army Suite (S.A.S) used for vulnerability scans on web services. The tool generates unusual SQL injection patterns that could potentially bypass web application firewalls. It offers features like Dork-based checker, generator, and SQL vulnerability scanner. The research team analyzed the tool's traffic patterns and conducted tests against a vulnerable web application. The main users of this tool were found to be from the U.S., Romania, U.K., and U.A.E. The article emphasizes the importance of machine learning models in detecting unknown attacks and differentiating between automated scans and actual attacks.

OPENCTI LABELS :

sql injection,vulnerability scanning,swiss army suite,underground tools,machine learning,dork-based checker,web application security


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Detecting Vulnerability Scanning Traffic From Underground Tools Using Machine Learning