Gather target hardware details for the CPU/GPU and detect if we are running inside a container. Then display python version and list installed python pip packages and their version numbers.
B1-66ER Discovery is part 1 of a multi-part AdversarialAI TTP series that will extended the story of B1-66ER; the machine that started the Second Renaissance sparking the decades long machine war that led to the creation of The Matrix.
This discovery chain provides a foundation to understanding the potential deep learning environment attack surface. Python has been the language of choice for the majority of deep learning applications particularly because of its simple syntax and readability promote rapid testing of complex algorithms and make the language accessible to everyone including non-developers. Many of the popular deep learning software applications have originated from foundational research and academia where rapid development holds more importance over secure software development. As we travel through this multi-part series of B1-66ER, we will highlight some of the insecurities of deep learning software and demonstrate an AdversarialAI attack. This discovery chain will provide us with the details we need to build our attack.
After the release of the B1-66ER Initial Access chain, we made some updates to the Discovery chain. It now checks for Deep Learning Frameworks (Pytorch, Tensorflow, ONNX, Keras, CNTK, and others) then upgrades the agent from the lightweight Stage-1 Schism agent to a Stage-2 PneumaEX agent. The chain will now also install a back-up cron persistence for the Schism agent in the event PneumaEX is discovered or fails.
This chain includes the following resources:(hover over elements to read details)
- View Basic OS Properties
- List pip Packages
- Grab python version
- View detailed CPU information
- View Nvidia GPU information
- Docker & LXC detection
- Install Schism cron persistence
- Upgrade implant to stage 2 (PneumaEX)