
Okay, we'll get started. Uh, first I want to say thank you for besides charm for selecting me and Dixon's speech about modernizing [clears throat] your context clues for cyber ops data through visualization and vectorization. [clears throat] AI models know what they know and the probability and likelihood of a AI ask uh answering your questions is all based on what that AI model was trained on. Being able to have that leverage of vectorzing your data can enhance and give you a better knowledge base on what you're doing with vector databases and how you're putting your data inside and vectorizing it. But before we go any further, I'll hand it off to Dixon so he can introduce himself.
>> Hi everybody. Uh my name is Dixon Kang. I've been in a cyber security for over 15 years. My experience spans from working for the United States government, financial institutions, and tech startups. So my quote I picked actually you see over there on the panel is something from Mark Harie who's the prime minister of Canada. Uh essentially it's hope is not a plan and nostalgia is not a strategy. And I think that fits what's currently going on in the AI environment entering cyber security. And what do I mean by that is that right now we hope that our current infrastructures and our resources can fend off what's coming or is already happening in the eyes in cyber. We assume that our
current defenses are enough. But the truth is the reality is very challenging and daunting. >> Hi everybody, my name is Kevin Figeroa. I've been a cyber security practitioner for the last three decades. My first Defcon was Defcon 7. My first time I spoke was at Defcon 16. Uh have an assortment of cyber security skill sets ranging from reverse engineering at Booze Anala Hamilton to threat modeling and pentesting at the IRS and of course much much more. But there's so much that we have to go throughout the speech that I would rather not speak about myself and speak about what's going on. But one of the things, my favorite quote and one of the things that always stood lasting
was a former president said, "I don't give anybody hell. I just tell them the truth and they think it's hell." And I think that's it's really synonymous when it comes to pentesting because God knows how many times you have to go and tell executives and they're like, "Oh, you know." But uh, yep, that's my favorite quote. [clears throat] With the AI craze going on and companies moving rapidly for adoptability in all sectors, whether you're you're in marketing, financing, uh, cyber security, the [clears throat] pace for really being able to adopt and move quickly is starting to rise exponentially. And due to the fact that AI is now being able to discover these vulnerabilities, that rapid pace is hugely hugely of urgency.
One security researcher by the name of Nicholas Carlini with the help of Opus 4.6, he discovered a vulnerability inside the Linux kernel that was 23 years old. And the fact that that predates GitHub blew my mind. So really that pace of being able to rapidly react or uh better help your organization is moving fast and again vector databases is a solution that's going to help you. Three major takeaways that we want you to absorb from this is number one, vector database technology rivals traditional databases. Second thing is the proof of value, the speed, the built-in similarity searches can enhance cyber security operations. And lastly, vector databases can elevate the organization at a completely different level just based on the sheer
speed. And if you're able to use it from a local LLM perspective, the pattern matching, the visualization, the graphics, it's so [snorts] so uh much better than traditional two-dimensional [clears throat] databases. >> And as Kevin mentioned uh you know about vector databases in themselves, the biggest benefit is that it benefits both a red team and a blue team. You know, you rarely come into a situation at times where data from an offensive team and a defensive team is useful, but actually in combination, it produces a incredible view. And we will be showing you guys that later on during the demonstration. So with all the data as we all are aware of, there's so much data as you guys can
see up there, whether it's from, you know, your firewalls, your network devices, your EDRs, you know, so on and so on and so on, your WS, all that stuff. Everyone's dealing with it. We all put it into a sim, you know, we think it lives in a happy world and then we need to search upon it, right? And especially when you're dealing with terabytes of logs, it becomes a bottleneck. It becomes a problem, right? If you don't have a sound solution, which a lot of organizations truthfully, they don't have that solution. What here is that seeing that all the different types what we're going to show you is that vectorizing your data not only natively
integrates with AI. So that's already one thing that solves a problem there. But most importantly is that the speed in which Kevin will talk about in a second. >> Throughout this whole speech, I am going to harp on speed so much that you're going to get tired of talk hearing me talk about speed. But cyber security threats is a battle that must be front uh fought on all fronts. So if you're a red teamer, if you're a blue teamer, if you do bug bounties, by you gathering that information and being able to react faster, it's going to help you and your organization in so many different ways. But again, having if you're on for me
that I'm I'm always going to speak about red teaming because I'm a pentester. So having multi- contributors to a pentesting engagement, being able to funnel all that information to give the appropriate information to the organization to better protect themselves is vital and doing that at a rapid pace is key. The novelty behind this research about vector databases and modernizing your cyber ops data all stemmed from this one thing that me and my brother did. My brother's also in cyber and we had the liberty to go ahead and pentest all of Puerto Rico. Uh we're Puerto Ricans and my brother had connections and they wanted us to do it. What we found was when we started retrieving all this
data, we could not put this in a two-dimensional database and be able to rapidly query this stuff. It was there but it's taking a minute, it's taking two minutes, you know, it's a lot of data. Once we started looking at it from a vectorzation perspective and these things were coming back in milliseconds, it was baffling to me like how quick we're able to retrieve how able uh how much we're able to use the similarity search engines with builtin quadrant uh which helped pattern matching, pattern recognition. That's something that if you did it manually, it's going to take time to find those different patterns with Quadrant instant and it does it for you. And by the way, without any local LLMs or
third-party AI systems. And one of the most important things about it all was when we were doing that pentest, being able to find that information so quickly, our reaction time to intelligence based on what we're going to target started narrowing down. Where before when we were doing it manually in the beginning, it would take maybe like a week or so, maybe two weeks. With this, we were doing it within hours. And that is another thing where it blew my mind that wow this is really really useful. I started this project about four years ago and what drew me to this was why is no one speaking about vector databases inside cyber security and that's where this
whole research came about. Of course for me I am always going to pick quadrant. I believe in Quadrant. I'm a huge huge advocate of Quadrant. Uh so as I embarked on it, number one, it's open source. So the fact that you don't even have to pay for this stuff and you could use this free, that's how I started using this for my bug bounties. Uh the built-in similarity searches, the hybrid searches, the filtering so much faster. And later on in the slides, you'll see the differences of using regular syntax than regular natural language. And that's another key thing that enhances your um vector searches and queries. >> So when Kevin approached me, uh I wanted
to expand beyond just quadrant because I know he's a huge fan of it. And so as you we all know and some of you probably are using other vector databases, right? So we picked a subset, right? We picked out five particularly we started with quadrant but we also tested with chromodb we tested with pine cone we tested with milvvis and we tested with wev8 you know and these are used in very large organizations as you guys may or may not be using the first two that we're going to uh talk about today due to time constraints is just pine cone and chromob so if no one in no one has ever played with vector databases what
would you try is chromb it's a very lightweight very easy to use you put up a docker image package and you can start running literally in minutes. And that's that that's essentially what I would ask everyone if you're trying out any tools, try it on Chroma. >> No, try it on Chrome. [laughter] >> Um there's always catches, right? Obviously, there's always pros, there's always cons natively actually have doesn't have any HA capabilities for high availability. It can't cluster natively without some additional help. Um and also it has some constraints on vector size limits. The opposition we chose as well was pine cone. Uh pine cone is used in a very big commercial space. Uh there's very large
organizations that use it and it's in the cloud. So as it being in the cloud of course there's naturally HA abilities and clustering and the support for the size of the vector databases is much much larger.
So standard traditional databases are optimized for exact query searches. Sort of like where age equals 30 or where username equals Bob and that's good but it's not where it needs to be especially with the AIdriven systems nowadays. So calculating similarities between vectors requires high mathemat mathematical computation. which traditional databases may not be able to do. So designed specifically for proximity nearest uh neighbor searches and being able to put highdimensional embeddings behind that will allow you and give you the power to use a local or a third party AI system. And with that said, excuse [clears throat] me, uh, with that said, with vector databases, whether again it's red team or blue team data, the power in vector databases over
traditional is quite honestly the ability to do semantic searches. You can also tag the data inside vector database with metadata as well. So imagine a situation that you know the source, you know the information, the service, and you can tag that data. Now your search replies, your search queries, everything will be affirmative that you'll know and trust if you've tagged it correctly. That is something again huge benefit of vector. And to couple up with what Dixon just said, due to the fact that the attack surface is now being more broad and adversaries are now starting to use these AI and agentic and all these other pieces to start breaking into systems, finding bugs, your reaction time to this
has to be equally as fast. So, one thing that I really saw, um, I forgot the gentleman's name, but he was like, you know how packets have that time to live, TTO? Well, now the new thing is going to be time to exploit TTE. And having being able to identify that real quick before an adversary winds up compromising your system is key. >> And as Kevin's mentioned is his mantra about vector databases and speed. You know, speed is power. Particularly when you think about whether you're red team or blue teaming. If you're on the red team and you're testing a target site, the faster you're into the network, the deeper you can go in. Now you got
horizontal. Now you got go vertical, right? You could spread out, set up your set up your uh positioning all across the network. Now it's harder to get out. It's hard to get rid of you, right? Because you're in because of speed. Now on the blue side, where's the benefit in this? The fact is again with speed comes the ability to be able to detect the alerts. Your systems will alert you if you set up correctly and you can act upon it. Obviously, combination of AI, you can probably most likely contain the attacker very quickly and be able to act fast. >> And again, going back to the speed, I'm going to harp on this. You're gonna get
tired of me talking about speed, but being able to have that speed at your fingertips not only gives for me again red teaming that power back in their hands, but it gives power back to the organization. So where your red team winds up thriving and [clears throat] also blue teaming is being able to search really, really fast. And later on in the demo, you'll be able to see how quick this information is retrieved. And where traditional databases you start querying, you're going to have to use union statements and all these other things. Nowadays with respect to database a an executive could just say hey give me all hosts that have DNS running or give me all the hosts that
have port 80 open and or or anything that they poses an interest to those executives or red teamers or blue teamers
and again that data analysis being able to quickly correlate this information, being able to identify, query this stuff. But one of the biggest things too is once you start harboring that, who's in charge of threat modeling? And that's key for a threat model. Not only is it key for threat modeling to be able to do that, but visually seeing that. And that's one thing, another thing that we're going to harp on here and we're going to show in the demonstration, how you can visually see all these endpoints connect to one another. And that's uh really really key with this and that's what stuck [snorts] out like a sore thumb for me with quadrant because if
you're using these traditional databases or other vector databases you're going to have to need plugins add-ons. I want this graph. I want this with quadrant that's already built in. So worrying about supply chain attacks you're not going to have it. Also again as a redte teamer me finding that information speed again being able to react to that but not only that having that actionable intelligence where I don't have to fumble around to look at this or look at that and oh what does this endmap scan say or what does this vulnerability scan say. No, putting vectorizing all that data and writing really quick queries and the query language for quadrant. It's a JSON file. So there's no such thing as oh I got to
memorize what this union statement is or some no you l and again we'll demonstrate that inside the demo but having that ability to have queries based on JSON is huge huge advantage. So as Kevin's been talking about with visibility right we we need to look at it as traditionally as we look at data right we you know looking at a pentest report you're looking at you know vulnerability report right it's traditional just list right I don't care how you import it how you put it depend doesn't matter how it is the ability here is truthfully the ability to about perspective what do I mean by that is the visibility that you're going to see seeing nodes connect to each other
because of the algorithm you've chosen right can read and interpret your network can read to interpret your vulnerabilities and actually understand how to work KN&N which is your nearest neighbor and then provide you a picture that you can actually visually see and that you can act upon. That is something that truthfully is what the game changer is of vector database. >> Now again remember I was telling you about where age equals 30. Here's one of the perfect examples. How many executives, you know, really know traditional syntax language? It's going to be hard. And I'm not saying there aren't there [clears throat] there aren't executives out there is not that's not what I'm trying to say, but a
vast majority don't. But I know there's one thing that they do know, how to speak English. And being able to query that data in regular plain old natural language is going to be super super efficient for them. Again, that's where the power goes back into those execs and the organization. >> All right. Uh, [laughter] >> so I got to tell you guys a little story. Just a two seconds here is about the pentesting tools we've already created for vectorization. So uh Kevin originally again on on his uh pursuit I would say of of trying to incorporate as many tools on KI Linux, right? We've already incorporated 25 of them. Right now they're on GitHub. Literally, you
can take the results, ingest it into whichever the five vector databases you choose right now. It's already out there. The code's there. So from there, literally, you can ingest it, play with it, start working with it, and seeing how it works in your current existing network. And I had to stop him and get him to focus on presentation or there'd be probably 60 of them, but we'd have a broken presentation. >> All right, fine. Fine. He wants to say that. Now it's my turn. So when I started off with these tools and I was like listen Dixon we're going to focus on quadrant he was like no let's do them all let's do them all. So I was like all
right he's sort of like me with the tools him with vector all right cool and that's how we wind up putting all these different tools we what we're trying to do is take the whole Kali Linux every single tool and be give you that ability to parse that data make it with embeddings or without embeddings and show you later on how to ingest it and our scripts is up there on GitHub and currently right now we have about 25 23 three tools. Hopefully by the end of the month we should have like 30. And as time goes on, literally we're focused on making sure that we take all the tools, red team and blue team.
Now, for any pentesters out there, how many times you run an end map scan, you see this? You're doing this against 100 nodes. I guarantee you're going to get eye fatigue. And whoever says they don't get eye fatigue, please let me know what your secret is because I don't want to get eye fatigue either. But here comes Quadrant. And now Quadrant took this and made it look like this. That's where the power comes in. Being able to have a key value pair for each single piece of information that came back from the results. That's where you start building your knowledge base. That's where similarity engines come in. That's where being able to query this stuff. And then again, all
this stuff that we're going to show you, we haven't even touched on the AI part and using it locally. This is all built in features inside Quadrant and of course the other vector databases. Now, here's another one. All right. Uh up here, right here, there's one that's scratched out. So I took sublister. This information is from a bug bounty. This is where I think another power comes where down here was a similarity search. The similarity search that I used was UMAP and it came up with this. But if I wanted to parse this information on subdomains or certain directories that I didn't want to use, I could literally point and click and scratch that out. Now, it
doesn't remove it from the database, but it removes it from my initial search. And I thought that was super super powerful. And not only that, I wanted to colorize it and make it like all the mail servers be blue and so on and so forth, but I just wanted to show you that being able to have all these different colors is really really easier on the eyes in comparison to what I showed you with uh end map. So for one of my examples for Chroma and DB is simply put is um I went ahead and actually talking about the search natural the power of natural language right um you know a lot of times you
know we get these reports again that have a lot of data right truthfully 10,000 nodes 20,000 nodes 100,000 notes right depending on how large your organization is or your firm or you know which service you're in so as a result a simplistic view again with natural languages I can just go ahead and type in the word Apache right it obviously Apache has any products beyond of course his web server but nevertheless it's nice and simple you don't have to overthink it gone are the days that you have to worry about port mappings and running a script to correlate things and all that stuff and again most of the engines do do this to a degree but
imagine again this has no attachment and and and building in Chroma where you're using Quadrant like Kevin would or any of the other vector databases you now have a system that doesn't require a SIM you don't require to pay somebody x amount of dollars you can literally query your data intelligently And you can target it intelligently which will give you actionable abilities. And so for here again as existed there. Uh so as you guys see uh you know you can go by ports and uh you know sh Windows links you know obviously it's whatever your heart desires but again you're asking for it for data. So on a flip side uh nuclei. So for those you don't know what nuclei is, I
would probably consider it a lightweight vulnerability scanner. Um and essentially what here I used with pine cone actually. So with pine cone I went ahead and worked with it and essentially similar thing where you can type in headers right in this case I used uh just damn vulnerable web but obviously it'd be whichever site you choose and target but again using headers. I know many of you that obviously are in the cyber security world we've all done it. You know, you're importing, you have to ingest and read this giant PDF, this giant Excel file for your audits, for your compliance, your GRC. Again, imagine you can ingest this into a vector database of your choosing. It
runs airgapped. And now you can query data without relying on any third party. You're not paying licensing fees. You're not paying any of that. And you can get results that you need that you can action upon. >> And by the way, it's free. Same thing. He did [clears throat] it with pine cone. I did it with quadrant. And here, I know it's kind of hard to see but [clears throat] right here, here's where embeddings come into play. So, where he's talked about that air gap system. Once you start having this type of information and it's all has a specific embedding that you choose, now you don't need that third party AI system. Here it is. you have a
local system. Of course, we've been experimenting a lot with different embeddings and different models. And boy, is that a challenge because God knows how much like for I give you one example. We took one embedding and it's um all mini LM L6 V2 embedding and I wound up using Quinn code for that and then I tried Mistro and then I I wasn't getting the results that I needed right away. So, we're still playing around with it, but one thing that we did get immensely was exactly what Dixon showed with the ports and Apaches and different words. Of course, words is one thing, but being able to do it in a sentence is another. And so, sometimes
it works, sometimes it doesn't. And that's where that repetitive model training. Currently me and Dixon are working on a cyber security model out there that we're trying to put together because we went to hugging face. There's eight of them. Uh they don't work as efficient as we thought they would. But one of the other big huge things is down here. So this all of these are the same for um using nuclei. And what I did was I asked Quadrant, not only do I want you to put this end um in a tree graph, but make sure that the tree graph has the similarities to one another. And that's something where if you did that manually, that's going to take time.
Again, that was done in milliseconds. Now my reaction time to start looking at this stuff is starting to pick up the pace, you know. So that helps and gives the power again back to the organization to help them defend themselves, pass it off to the blue team, make sure uh alerts are put, things like that. This is another example, and this one blew my mind. I'm literally working on quadrant to figure out how it did this. And I know it's because it's using uh PCA algorithm in there, but I want to know why it did this. And I I'll give you the example. So I did a bug bounty on a specific domain. And right here, that little spot was the
root domain. When I clicked on that domain, it literally created this. again, no LLM, no AI. And what struck me was all these different nodes on the outside. These were all their cloud providers. And as I start going in to start checking, there was a mail server, 365, so on and so forth. It understood that by itself. I that is a lot of power because now I don't got to worry about all these clouds. I could look at this specific uh host or server or things like that, but it doing it by itself blew my mind. And that's where that power comes back to the user and the organization. Here's another instance. This one's another one that's really, really good.
Keep your eye on that little point. Now, I use Fervoxbuster. I ingested 46,000 endpoints. 46,000. Me querying 46,000 came back in 5 milliseconds. Where traditional databases may take a minute, let alone that I got to worry about, oh, I got to find what's the joint statement with all these different databases. It did it for me and it made that graph. So, I was like, wow, why is this little one out here right away? that pattern recognition, I don't got to worry about it. It's doing it for me. So, what I did was I clicked on that, made another query, and said, out of the 46,000, give me the top 2,000 that are similar to that little one right here, which was
this graph. And then I said, out of that 2,000, give me 500. And then extract another the top 100 out of there, which was this. Now, all of this was done in about 15 seconds. That brings power and speed right back to the people that need it the most, whether it's red team or blue team. Again, if you I I don't want to go deep because I really really want to get to the demos. The demo is where it's at. But here are the three algorithms that are built in in with Quadrant. And if you have small data sets that are 5K or lower, you would wind up using TSN. I'm constantly using UMAP because sometimes,
like I said, I use Fairvox Buster and I get 46,000 coming back. I may use DNS recon and I only get maybe a thousand. So I always found that UMAP is a nice medium between low and high. Again, having that acceleration, being able to find things within milliseconds and being able to reiterate through that brings that power back to you. And I can't stress enough on the speed. But one of the biggest things about it all as me being a red teamer and being able to analyze this information quick, I can now forget about all these other pieces and really hone in on the target that I want to compromise. Now, take this from a threat modeling
perspective. If you're a blue teamer and you're worrying about malware or you're looking at alerts, you're looking at different attack vectors coming in, being able to cluster all this information and connect the dots. Again, [clears throat] I'm not saying that traditional you can't do this with traditional databases. I'm just saying it's faster and quicker when you do it with a vectorzed database.
So I took that same example and what I did was I took the top 50 for me in my opinion top 50 web and API vulnerabilities. I created this whole little pattern. When I did my next bug bounty I didn't even worry about the bug bounty. I just told the database, if you find anything that looks similar to what's this, please point that out to me. And again, I'm not using AI at all. This is just the database. Being able to graph that out like that. And now every time I go to a different engagement using that set and just say, "Hey, find this." I could wind up saying, "Hey, I'm gonna work for like four hours." When in
reality, this took two minutes. That speed is unparallel. Now, I know most of you's probably thinking, "Oh, this is like a rag system." No, it can be used as a rag system, but it's not. We wanted to make sure that you're able to query this. And that's why I'm focusing so much on the vector side because not only can you use this while you're querying it directly to the vector database, but [clears throat] in our presentation, Dixon's going to show you how to connect it to a third party. I'm going to focus more on exactly how to do these queries, showing you the visualizations. But if after the speech you want to see how I connect it
locally, it's literally on my laptop. Oh, and by the way, I totally forgot this in the beginning. I got a super high-powered machine. I got another machine that I brought with me. It's a old like maybe seven years old M1 16 gigs of RAM and it's still performing outperforming any of those traditional databases. And if you want, I'll bring my laptop that old laptop down so to show you that speed. >> And exactly what Kevin's talking about with, you know, the talking about the rag model here. The truth is and what we want to demonstrate to you all is the power of vector is again three things is that the flexibility of a vector database comes in essentially you can
run it standalone where again this is air gap. This is running at your home. This is running on his laptop that has 16 gigs of RAM can run on anything that you own and you can query directly. You don't need an attached, you don't need to pay any of the big guys, Anthropic, OpenAI, etc. You can just use as a query system whether it's for your home network or small business or even some midsize to a certain degree. But let's say you want to add that intelligence, you want to go ahead and add that local LLM, right? You like a model for interpretation that be to give you that intelligence, no problem. And you'll be
able to pair it up with a local LM. And again, your data is your data. Doesn't go out the wire. This is everything enclosed. And it's great for a lot of systems as you guys could probably imagine. And what I'll be demonstrating today is uh I have a video of myself essentially again using Chroma DB. I think it's one of the easiest ones to start with. And all I'm going to do is [laughter] >> what I'm going to do is connect uh connect I connect Open AI, right? And of course, this video was created a little bit while ago, so it just had chat 4, but uh I essentially am going to be using the ADA uh2 embit text embedded
model connecting to OpenAI and again just running just like you would do right now at home any simple question, but it's going to use the intelligence of a third party. So >> we're coming up very close to our demo time, but one thing that I wanted to say is I know this sounds complex. Does that look complex to you? We try to make this as simple as possible. Dixon is going to show you the video. The video is six minutes. In six minutes, you're able to have this power right at your fingertips. But one of the things that we wanted to show you is down here. This is where your LLM resides. Of course, you have your
documents or results, how to chunk them, embed them. Of course, I'm going to put quadrant, but you can put any vector database right here. But this is the beauty of it. If you take this out, it still works. If you put it in, it enhances your ability to query this stuff a lot faster. With that being said, girls, I love you. My daughters are here, my sisters here. They've been so supportive of me and I I really appreciate it so much girls. I love you so many other people but I thank my daughters and again uh for myself I thank obviously Bides for hosting us. Really appreciate giving us the opportunity here. We thank you all for coming in and
of course some of our supporters. I see some of my people came in. I really appreciate them coming out and uh supporting us here on stage. And I think it's time for demo time. >> Yes. So, we have two different demos. One that we did with video just in case the demo gods want to mess with us and one that I'm going to do live. So, I'm hoping everything works out we with the live one. But with that being said, give us a second. >> So, um again, we're going to go through really basic install. Um this is meant for me zero to hero. And I literally mean that in all sinc sincerity. What I
mean by that is you're going to see pip installs. We're going to go literally you're going to see all the libraries I install. So that when you have confidence when you go to that GitHub and you're like well these two guys on stage said it was so easy. I'm going to literally walk it through you right now. So what the goal will be here is to utilize Chromob. We're going to take end mapap results that of course you can run anywhere and get anywhere, right? And just to play with the results. So Kevin, if you may please. So obviously I'm just demonstrating we got an XML right there. That is your output from your end map, right?
Standardization. Nothing new. I'm going to go ahead and create a virtual environment for Python, right? Because I don't want to mess up my Python environment. Nothing fancy there. Right. So we're going to go ahead and activate the environment so that it is usable. Right? So now with the virtual environment there as we see I'm just going to start with XML to dictionary. What what is the purpose of that? That is part of one of our converters. So what we provide to you on the GitHub website is we provide you a converter to convert the tools to be able to actually be ingested and then from ingestion you go ahead and lead to the query. So it's
three pieces. You guys see I just went ahead and cat the file out. Nothing fancy there. Again everything's on GitHub. You guys can review the source code. All right. So what I'm going to do is go ahead and execute it. Right? If uh my figuring there for a second there, right, I'm just going to execute it. You guys see it's very very simple. All I'm doing is converting that XML to JSON. Exactly what Kevin was talking about earlier where vector databases prefer JSON for the most part. So great, awesome. I have my converter script. I have the JSON. I have the original XML. Right? So now we're going to cat it out to show you again. Nothing
fancy. Just turns into JSON. It's all good. Okay. So I'm going clear the screen. Now as I mentioned earlier we've done the conversion. Okay. JSON. I install a pip install Chromob. Very simple. All right. You see it fly through. It goes through and it takes a second. And there we So now I'm going to go ahead and download. I'm w getting essentially the file. That's a test connect. Now, why do I do that? Because as many of you probably tested code on GitHub or other places, it drives me nuts when I get can't get the results of what the tester is and it could be a configuration error. That test connect simply gets a heartbeat and make sure
that the ChromB is listening. Once again, there go ahead and install the wheel for that piece. I'm installing now the end map to Chroma uh to OpenAI, excuse me, the script, right? So we go through and what we're going to do is go ahead and that's going to ingest into it. So again after the test connect.py I went ahead now and executing the end mapap to chromob. As you see there I like my code to have documentation. It drives me nuts when people don't put documentation and don't have an easy to use interface. So I do pride myself on that. I just successfully imported 50 hosts into my Chroma DB into a collection called end
mapap test. Oh, I have a reporter I should use, right? You see right there. So now simply again, now how do I go ahead and connect this to OpenAI? We go do a pip install lang chain and open AAI. We're going to do this for three pieces of lang chain, right? So we're going to see here another pip install lang chain with the Chroma, right, for Chromod. And last but not least, we're going to do classic. So lane chain classic. Let's go ahead and install that. Okay, then now is the last piece. We've converted the data, right? We've converted the data. We've ingested it into Chromob. Now, how do I query it? How do I actually get results? Right?
The important stuff, right? All I'm doing up there, as you guys can see, is simply querying it after I wgeted it from lang chain. Bam. This is that was Kevin was mentioning about rag model. Right? Now this remember my demo here is actually querying open AI and using catchb4 but as you'll see here from the data set I literally query against my data it returns all the results right here it tells you all the different services obviously again that depends on your data you know if obviously you're pinging hosts that or you're getting hosts that don't have data but either case see here I went again it's that we go against Reddus right which hosts are
running Windows within the data set I imported goes ahead and tells me which exact hosts are running which hosts are running Linux goes ahead and runs and obviously again with even chat right free BSD we know that's Unix and it's not Linux but nevertheless you know that's a chat that's a chat thing but that's the catch about LLMs right you have to keep running them through >> are there any services running on non-standard ports right so again with intelligence of an LLM and depending on the model you'll be able to look through and see if there's certain things maybe running on non-standard ports it's supposed to run on 443 it's running on 9000 uh you know stuff so that also the
cool part about tying it to an LLM is some people didn't know what rancher services right it helps out with K8s and so you could just simply ask it hey what is rancher server because I don't know what it is and obviously it'll tell you all about what rancher service does and everything like that and of course it tells you down there in the bottom the IPs so literally few minutes of your time you got a lo running a local model in this case it is going out for the AI portion for the LM for open AI but that's why Kevin's going to do a live demonstration of literally using quadrant airgapped running right on his
laptop.
Hello. Hello. So, I'm not going to go into installation here. People that use get um Docker, go on to Docker, download Quadrant. Super simple configuration. Unless you're going to deploy this inside your environment and you need permissions, credentials, things like that, that's a whole different story. But we just wanted to get to the point. So, here's a Docker instance that's running and it's literally running on port 6333. And when you use your local browser, that's what it looks like. They have a nice and this is all built in by the way very very minimal configurations for this demonstration. I did zero configurations and literally that's the way it comes out. So they have a nice
welcome stream uh welcome screen that you can go through. Another function that I really really love here is this built-in console. It's almost like a web terminal console that you can go ahead and query this information. [clears throat] And here is where I have a whole slew of queries against what I've been doing. And I I know I'm going quick, but I will take this step by step. I just wanted to show you how the query interface is. But say I don't want to do it through here. Here's another way that you can start looking at your collections. The collections are all laid out. You can have it in. So, these collections right here are all
without embeddings. The ones towards the end are with embeddings. Now, I'm going to show you the difference between them. Here's uh one of the bug bounties that I did. And all you all I have is these three because I just ran a mass. But now if I wanted to see it with embeddings,
you'll see at the bottom here, maybe you can't see it, But that bottom piece right here says embeddings. And then you literally can click on that little dropdown and for those key value pairs which are only three the embeddings are listed there and you can do queries against embeddings or queries on specific key value pairs and I think that's huge huge uh advantage. All right. So now let's start seeing how this really works. I picked the amass. I run this just to see how many. Can everybody see that or no? Semi. All right. Well, in this query that I did, which is just exact true, it shows me what's the total amount of points do
I have inside that collection. And that can be useful later on where if you're doing something like fair buster for one um one bug bounty and I'll use it against another. Sometimes you may not get all the same results, but you need to know how many endpoints you have in there. Here's a quick way to do that. If I wanted to go and start seeing, hey, how many MX records do I have altogether? You could see how quick that came up. And this is not taped. I literally clicked instance. Now I want to visually start seeing this data.
You can literally copy that query, go into your amass collection, go into visualize, and right here you would literally stick that same query, run it, and now that similarity search, you see there's different points. And this is where value comes into play heavy where oh these two are closer. So I'm going to wind up looking at this because it classified them in a different way than looking at something like down here. Now, if I wanted to go ahead and say I want to see what the relationship between these are and how they connect to one another, I would take the same query, go back, go to graph, copy that, hit run, and now it automatically did
that. What I like about this so much is it went really, really fast. and being able to detect if I start looking at these different points. If you notice that the information on your right hand panel, yeah, right hand panel starts changing. So, say I I come across one of these and I'm like, "Oh, this seems interesting. I could double click." It automatically did that by itself. That's something that when you start looking at pattern matching, that's what's going to start elevating your game a lot faster. And being able to see that pattern from a red team perspective, you'll be able to start targeting things much quicker. Are we good on time?
All right, let's get to some nitty-gritty good stuff. I did a SSL scan on the bug bounty and I want to know whether they have TLS. I know people are going to say, "Oh, SSL, V2, V1. People don't use that." No, maybe not in this country, but in other countries they do. And I'm going to show it to you right now. So, in this specific query, I have 105 different points. In those points, I want all the information that relates to IP, target, and the protocols being used. So, I would first run it. And you could see there in each one of these there's more information. But because I only asked for this specific information, it gave me that. Now
imagine doing again something like that with regular syntax language. Your query will probably be super long. In here it's one, two, three, three lines. Also, being able to identify this right away, as quickly as possible, is huge.
Now, I want to be able to graph that out and see how that looks graphically.
Literally, it took out of that 147, there's about probably be 50 here. And you seen it was instant on the connections, on correlations, something like that. Again, doing that manually, who knows how long it'll take. Sorry. You can zoom in on it. One of the other things that I really like about this is as I'm starting to go through this and if anything comes and sticks out to you, you could literally click on it, it'll automatically change the graph and say, and if I wanted to, I can pull them apart to see which one's closer to one another. That's something again where if you needed to do something like that and you're using like Neo4j or you know any
of these other different tools, you're going to need plugins, you're going to need time, you're going to need all this stuff. This is already built in Quadrant.
Okay. I wanted to keep going until they kicked me off stage. But please, I um I know we're running out of time. There's so so much information. If you see me out there, please, you want to know more, grab me, pull me aside. Let's get to the table. I'll open it up and go through it with you. Uh and if you want, again, I have my super [snorts] old laptop. I'll bring that down so you could be able to see it too on old systems. And I say that because I came up in a time where I didn't have a lot of money. And being able to use things that you have at your disposal instead of saying, "Oh, I need
to save up and get this highowered machine." For me, that's another reason why I chose Quadrant because you can still use it on low minimum resources and still get the same value back. Uh once again, thank you everybody for coming. I really, really appreciate it. Thank you girls. I love you. Thank you, Dixon. And thank you, Besides Charm. >> Thank you, everybody. [applause]