The update on TALOS

It’s been a little bit since I’ve written about my favorite project, TALOS (formerly MAD). Since I last mentioned anything about it on my website or here a number of updates have been pushed to the framework. Though we are by no means done. I’m still calling the current development stage an alpha. Though that shouldn’t dissuade you from cloning the repo to test the tool out. As it stands there are some bugs, there are some inefficiencies, and there are plenty of absent features planned for future updates.

TALOS is a really ambitious project. It’s been a dream of mine for a long time now. And there is still plenty more to do to realize my vision. But we have already come a long way.

I recently had a friend over just prior to my publicly releasing of the latest updates. He has no background in cybersecurity, or computers for that matter. I was able to explain the basics of network warfare to him, and have him up and running (deploying cyber weapons) with TALOS in a test environment within about ten minutes.

Let’s talk about the revolutionary capabilities that TALOS can offer.

Active defense

This means less complexity with equal or greater impact. I’ve explained what active defense is before, let me do that again here briefly. Normally the attackers look for a vulnerability to exploit. The defenders have to attempt to plug all of the leaks. All it takes for an attacker to succeed is one small mistake on the part of the defenders.

With active defense we flip that script. We don’t necessarily “hack back” though. Instead we use an attacker’s mind set in the shoes of the defender. Looking for ways to exploit vulnerabilities in the attacker’s techniques to trip him up, slow him down, find out who he is and stop him from getting in.

I often liken it to a swordfight. If all you ever do is try to parry your opponent’s strikes it doesn’t matter how good you are, eventually something is going to get through. But by putting pressure on the attacker, by taking attribution, by slowing him down, by embarrassing him and learning about him, we can win.

Now here’s the incredibly cool thing that active defense allows us to do…

Democratization of defense

With active defense I don’t need to teach hackers with the skills of a demi-god. I don’t need people who dream in code and tap out binary with their fingers. Before in the old system to stay safe, that was necessary. It was necessary because we were using the “block the attacks” method. You had to train absolute ninjas to get it right all the time.

But with active defense everything changes. I don’t have to train my teams as much to keep them operating effectively. They don’t have to know every single thing there is to know about everything. They just have to know their opponent and how to stop him.

TALOS is a continuation of that dream. By packaging all tools into one framework we cut down on the time it takes to train new network operators. No longer do people have to learn a wild collection of tools whose controls all compete with one another. The protocol for operating each tool is standardized and obviously presented (instead of reading the manual just type “show options”).

This is all enabled to an even greater degree by the final main element of TALOS…

Automation

TALOS as of this latest update now comes compete with a fully functional scripting language (working title Bluescript). In this script you can design network sensors/automated scans that perform automated actions to respond to intrusions. With the inclusion of the new Tripcode feature you can even set scripts to be triggered automatically when an attack takes place…

The language is easy to code in, and enables the veteran members of your team to give capabilities to the junior members that they wouldn’t have had before. For example a veteran operator could write a script that deploys cryptolocked to a network segment. That script could be deployed to a corner of the network to protect endangered machines by a network defender upon the detection of a cryptolocker variant on one machine.

In conclusion

The time is coming when network warfare will look like it always has in video games and movies. When defensive worms will purge the enemy from a network. When touchscreens will display a colorful representation of your network with infected nodes flashing red as you tap them to open a menu of response options.

TALOS is the first step on the path.

I encourage you to check it out, and if you’re so inclined submit your own code to be added to the project.

https://github.com/PrometheanInfoSec/TALOS

Some specifics on the latest update and how to use it can be found in the documentation for the Active Defense Harbinger Distribution.

http://adhdproject.github.io/#!Tools/TALOS.md