'Hack in a box' tool emerges at Def Con

Argentinian security firm Core-SDI created a storm of controversy when it unveiled an 'intelligent' hacking tool which automates system penetration.

The as yet unnamed tool, showcased at the Def Con and Black Hat conference in Las Vegas, is capable of scanning the target, mapping networks, finding vulnerabilities and scripting and compiling customised code to exploit those flaws before systematically trying to gain higher levels of access.

Core-SDI boasted that before the arrival of its 'hack in a box' tool, security professionals and penetration testers had to make do with a patchwork toolbox built up of scripts pulled off the web or developed by the pen testers themselves along with commercial port scanners and a multitude of other tools.

The offering would include this entire toolbox in one package, but uses agents to break further into target networks. These agents attempt to break into a certain area or machine and, once successful, would deploy another agent to run the next stage of the hack.

Core-SDI claimed that the tool would be smarter than some script kiddies, pulling hacking techniques from a huge database before generating a full security report highlighting any weaknesses.

The company argued - somewhat unconvincingly - that to deter script kiddies from using the tool, it was attaching a hefty price tag so that it would only fall into the hands of security professionals. It should be available by the end of the year.