Vigilant Cyber Systems, Inc. recently presented at the world’s largest cybersecurity conference Black Hat. They presented an open-source tool they have developed called GoGoGadget in the Black Hat Arsenal. Arsenal is a space for developers to showcase the latest open-source tools and products with Black Hat attendees.
Demonstrations were held in an open, conversational environment, enabling presenters to interact with attendees and provide a hands-on experience. Participants are able to connect with others in the community and learn about new, cutting-edge research and tools to strengthen their security toolkits. Different tools were showcased across multiple days, including brand new tools, released for the first time.
Vigilant has been using `GoGoGadget` on cyber security engagements against many embedded computing devices, industrial control systems, aircraft, and other non-traditional computing devices. The ability to statically compile a single binary with multiple utilities has been extremely valuable. The modular design of the tool will enable the community to rapidly expand the capabilities to support a huge number of useful attack tools. They have conducted hundreds of cyber risk assessments on over 40 different OT platforms. The devices on these platforms often use non-x86 based processors such as ARM, SPARC, or PowerPC and have a variety of operating systems such as Windows CE, various flavors of BSD, Linux, and VxWorks. Many traditional penetration testing tools are not compiled to run on these architectures or operating systems and it can be challenging to take advantage of vulnerabilities when common utilities are unavailable.
The tool is publically available and can be found here: http://gogogadget.rocks/
* The Go Gopher and variations of same is used with permission from the Creative Commons Attribution 3.0 license with special attribution to its creator Renee French.
