Infection Monkey: Test a network from an attacker’s point of view
Infection Monkey, a tool designed to test the resiliency of modern data centers against cyber attacks, was developed as an open source tool by GuardiCore’s research group.
“Traditional testing tools are no longer able to effectively detect vulnerabilities in today’s data center networks as they cannot continuously exploit the weakest link and propagate in-depth, resulting in a very partial view of network vulnerabilities,” said Pavel Gurvich, CEO of GuardiCore.
How Infection Monkey works
Infection Monkey is a self-propagating testing tool that is able to identify and visualize the path of least resistance in the data center network. It scans the network, checking for open ports and fingerprinting machines using multiple network protocols.
After detecting accessible machines, it attempts to attack every single machine using methods such as intelligent password guessing and safe exploits. It does this by leveraging available data on systems it has breached, such as stolen credentials, to automatically spread and infect other machines, clearly highlighting all vulnerable systems in its path.
Infection Monkey provides detailed information about the specific vulnerability exploited and the effect vulnerable segments can have on the entire network, giving security teams the insights they need to make informed decisions and enforce tighter security policies. It is designed to be 100 percent safe, with no reconnaissance or propagation features that can impact server or network stability.
Infection Monkey at Black Hat USA 2016
GuardiCore’s research group leader Ofri Ziv will present “Unleash the Infection Monkey: A Modern Alternative to Pen-Tests” at Black Hat USA 2016 on August 3. During his session Ziv will discuss the shortcomings of current approaches and address how Infection Monkey can be of value to today’s security teams, provide a glimpse of the tool running in an unsecured environment and offer use cases for real-world security testing scenarios.