Attacks are normally designed to compromise users and steal sensitive data, they are increasing in magnitude and velocity as cybercriminals leverage automated tools. When it comes to threats, automation does much more than simply churn out malicious widgets. The cost of any action that can be automated quickly drops to near zero, and without the overhead of incremental costs, attackers are free to run their attacks as broadly as possible. Given enough time, an attacker can sit back and let his scripts slowly find, test, and attack every available target on the Internet.
In this work, we will show and discuss some techniques to improve WEB attacks and explore it to create better methods to optimize protection using a framework developed by us to automate such attacks and therefore improve protection methods.
We show our tool called 0din, a framework created using threads, parallel computing techniques and some machine learning techniques such as Naive Bayes, for example. It can be used to automate web attacks and protections in order to help people create better tests and improve security. In this talk we will show comparison tests with other tools of the same type. The attack and protection tests using this framework and results that we have obtained such as interesting performance and accuracy in our research provide a rich knowledge to improve protection and better automation using our framework against attacks.
The 0din framework and tools used to gather the results used to make our proof-of-concept along with all information about 0din development will be avaliable to the audience on Github.