VAPTBOX is an intelligent automated “vulnerability assessor and penetration tester” (VAPT). VAPTBOX then automatically assesses the embedded system, and the user can view a “traffic light” (or advanced) report. It can also be used as an automated network penetration tester. VAPTBOX is currently at the pre-release stage and is available to select trial users.

VAPTBOX can be fielded as a suitcase-sized portable device that testers (even non-expert users) can carry on a site. It comes with handheld devices used to connect to already-fielded embedded systems via common external and internal connectors (console ports, USB, UART/JTAG etc.). VAPTBOX can be fielded as an on-premises server that can optionally operate offline if needed (for security) – or you can use our easyVAPT freemium SaaS.

Today, in many organizations, embedded (microelectronics) systems are not assessed at scale for software vulnerabilities because currently no portable, automated, easy-to-use, non-destructive, and offline tools are available for non-experts to test the firmware of already-deployed systems. Most organizations today critically depend on equipment to work. Many embedded systems have long lifecycles, are not mainstream, have initially often not been designed for be interconnected, and are already deployed. These already-deployed embedded systems often need to be analyzed in situ for vulnerabilities.

VAPTBOX is a portable device a non-expert user can carry on site and connect to an already-deployed embedded system via common external and internal connectors. VAPTBOX then automatically assesses the embedded system, and the user can view a “traffic light” (or advanced) report. VAPTBOX is unique in that it is usable by non-experts, is automated, battery-powered, non-destructive, and does not require internet. Also, VAPTBOX is designed to assess embedded systems firmware without prior knowledge about the assessed embedded system, and is designed to also detect previously unknown “zero day” vulnerabilities.

VAPTBOX FEATURES IN A NUTSHELL

Connect to external connectors (D-Sub, USB, serial, SDcard), and internal UART/JTAG (Universal Async. Receiver/Transmitter, Joint Test Action Group) on the circuit board.

Next, VAPTBOX gains access to the system (using basic automated pen-testing), ideally via a command shell. It then automatically extracts the firmware from the device

Analyzes the extracted firmware for known and zero-day vulnerabilities, including binary vulnerabilities assessments, decompiling or disassembling and analyzing the decompiled source. Results are  aggregated, filtered, mapped to a standard, and prioritized by potential impact

VAPTBOX’s report is a simple user output on the device for non-experts (e.g. traffic light), and details are stored for further aggregation and analysis (and uploaded to a backend when RedBox has internet connection).

VAPTBOX uses artificial intelligence (AI) to learn and adapt from every device analysis

VAPTBOX is mainly an automated vulnerability assessor – but can also includes features for automated network penetration testing:

Automated Vulnerability Assessor

This portable version of VAPTBOX automates the tasks of a software vulnerability assessor for embedded systems. It guides non-expert users and automatically connects to embedded devices under test (via console, JTAG, UART etc.), extracts binaries (firmware), runs vulnerability assessments on the extracted software, analyzes the results, and generates a report of identified vulnerabilities.

Automated Penetration Tester

This flavor of VAPTBOX called “WhizRT” automates the tasks of an ethical hacker (penetration tester). It automatically executes sequences of reconnaissance and exploit actions via the network, finding systems on the network, discovering vulnerabilities on them, and exploiting them. At the core is a deep learning AI engine, which is initially trained using a simulation and continues learning while in operation.

Handheld device for binary extraction

VAPTBOX includes a handheld device that can be connected to external and internal ports of devices – especially useful for already-fielded embedded systems that have to be analyzed in-situ. It simplifies the usually time-consuming task of connecting to the device’s shell, mounting removable storage, and copying the firmware across. The VAPTBOX extraction handheld feeds directly into the VAPTBOX for automated binary vulnerability analysis.

Portable device

VAPTBOX portable device is used as an automated VAPT assessor for embedded devices. It supports connection to non-IP interfaces (e.g. JTAG, UART), and can be used by non-exports to assess already-fielded embedded systems.

Appliance

VAPTBOX (virtual) appliance that can be used as an automated VAPT assessor for IP-based networks, and  as an automated red team agent for cybersecurity training in your cyber training range.

VAPTBOX is currently available to select trial users as a portable device for use on fielded embedded systems, and as a virtual appliance for use on enterprise networks or cyber ranges.