At Black Hat MEA 2023, Mohamed Samy (Senior Information Security Consultant at IOActive) introduced Project C-Shell – a unique infrastructure that integrates AI and blockchain technologies, enabling it to circumvent antivirus and Endpoint Detection and Response (EDR) systems.
With a remote control mechanism facilitated by Blockchain SmartContract tech and more, the system has numerous potential use cases – from managing servers and client operating systems remotely, to working as a stager payload for ethical hackers to use in red-teaming operations.
We asked Samy about the new dimensions that Web3 adds to cybersecurity – and what he gained at #BHMEA23.
What does the development of Web3 add to cybersecurity work?
“Web3 introduces a decentralised architecture to the digital world, significantly impacting cybersecurity by shifting how we approach data privacy, ownership, and security. It emphasises user sovereignty and blockchain technology, which, while presenting new security challenges, also offers innovative solutions for authentication, transparency, and resistance against common cyber threats.
“The development of Web3 compels cybersecurity professionals to adapt to a landscape where trust is distributed, and security is integral to the infrastructure – not just an afterthought.”
What was the inspiration behind Project C-Shell – and what are the key possibilities that it demonstrates for the future of cybersecurity?
“Project C-Shell was inspired by the need to create a more resilient and adaptive cybersecurity framework that can keep pace with rapidly evolving digital threats.
“The Project aims to demonstrate the potential real-life security impact of integrating a C# dynamic execution environment with generative AI coding capabilities and being anonymously controlled through the Blockchain’s SmartContracts provided by the Web3 ecosystems.”
How important are open-source projects to contribute to improving cybersecurity tools and practices?
“Open-source projects are vital to advancing cybersecurity tools and practices. They foster a culture of collaboration and knowledge sharing that accelerates innovation and the development of robust, tested solutions.
“Open-source projects enable security professionals to scrutinise and improve code quality, ensuring vulnerabilities are identified and addressed swiftly. Moreover, they democratise access to advanced tools, allowing organisations of all sizes to benefit from cutting-edge security technologies.
“In essence, the open-source model is a catalyst for continuous improvement and community-driven advancements in cybersecurity.”
What’s one thing you wish everyone knew about cybersecurity?
“I wish everyone understood that cybersecurity is not just a technical issue but a fundamental aspect of our digital lives that requires active participation from everyone.
“Every individual has a role to play in maintaining cybersecurity hygiene, from using strong, unique passwords to being aware of phishing tactics. It’s crucial to understand that the security of digital systems is interconnected; a vulnerability in one area can compromise the entire network.
“Awareness, education, and proactive behaviour are key to creating a safer digital environment for all.”
What did you gain from Black Hat MEA 2023?
“Attending Black Hat MEA 2023 was an enriching experience that provided me with invaluable insights into the latest cybersecurity threats and innovations.
“It was an opportunity to connect with fellow professionals, share knowledge, and learn from real-world case studies.
“The sessions and workshops offered deep dives into cutting-edge research and emerging technologies, enhancing my understanding of the landscape and sparking ideas for future projects.
“And the event underscored the importance of community and collaboration in tackling cybersecurity challenges, reinforcing my belief in open-source projects and collective efforts to advance the field.”
P.S. - Mark your calendars for the return of Black Hat MEA in November 2024. Want to be a part of the action? Register now!