News

5 min read

Learn about AI bypass and exploitation with a new lab scenario: FullHouse

Individuals and organizations are still learning how to detect and respond to AI threats. Get a hands-on experience with this latest release!

JXoaT avatar

JXoaT,
Feb 14
2024

Are you ready to be tested in a cutting-edge lab environment? Step into FullHouse (created by amra13579) where AI and blockchain are here to give you a run for your money. This new scenario offers a potent mix of challenge and innovation in a condensed format: 4 Machines, 7 flags, and multiple interesting attack vectors.

We know you’re probably fatigued from hearing about AI–but this isn’t just a buzzword blitz. Nobody should overlook the power of getting ahead on technology advancements in the industry. FullHouse provides the space to fully understand new emerging threats in a practical, engaging scenario.

What’s FullHouse about? 

Casino Hack The Box

Step into the HTBCasino, entrusted with ensuring the privacy and security of its players. Your mission is to uncover vulnerabilities in new and legacy components, gain a foothold on the internal network, escalate privileges, and compromise the entire infrastructure—all while collecting flags along the way. 

Here’s a glimpse into what you’ll be learning and what you should be prepared for:

  • Source Code Review

  • Web Application Attacks

  • Reversing

  • Windows Exploitation

  • Active Directory Exploitation

  • Blockchain Exploitation

  • AI Bypass and Exploitation

A new frontier for security practitioners and businesses

A dash of AI and blockchain should excite anyone curious about these technologies' impacts on our industry. Novel tech and high adoption rates are a classic combination. One that often leads to a common outcome, new vulnerabilities

As a security enthusiast or professional, you should take action in this conversation. From a red team perspective, you could be leveraging the introduction of AI into environments to exploit internal systems or utilizing AI as part of your exploit strategy:

  • Crafting exploits

  • Utilizing deep fake technology 

  • Testing using AI poisoning 

You could even simply utilize ChatGPT to improve your learning process or automate workflows (or even help with HTB Machines…) and level up your hacking game.

Conversely, it would help to prepare for threats like those noted above. Companies are already bringing AI into their environments. The worries of company leaders should project where their defensive efforts will go. What does that look like?

Deloitte's State of Generative AI Report sheds light on this for any curious blue teamers. 

"According to the business and technology leaders we surveyed during the fourth quarter of 2023, the biggest concerns related to governance were: lack of confidence in results (36%), intellectual property issues (35%), misuse of client or customer data (34%), ability to comply with regulations (33%), and lack of explainability and/or transparency (31%)." 

It all comes down to the assets. How company secrets and consumer information are safeguarded will always live rent-free in the minds of leaders going into this revolution.

The uncertainty towards this technology can also be seen in our community: individuals and organizations seem still to be “catching up” with the integration of AI and blockchain into multiple security domains. The results observed during our annual CTF competition for corporate teams seem to confirm this, with a -30% completion rate in Challenges featuring these technologies.

Ai Lab

💡 Download the Attack Readiness Report 2023 for more insights!

There’s a clear disparity between professionals who can tackle the challenges this new market will be looking for. Investing time and dedication to learning these disciplines can be a great way to stay ahead of the competition in a fast-moving job market.

Why businesses should take a closer look

AI is the loudest theme going into 2024, with the majority of security predictions forecasted around it. In fact, there's a high likelihood that your company has or is already incorporating a governance policy to use generative AI/LLMs. 

Everyone is in a rush to stay current with trends, and there's a question of the risks of implementing this technology, regardless of readiness. How this technology has the potential to be utilized against a company is also mercurial to most. 

Gartner chimed in with how it would impact enterprises and their spending that might come from these newer attack vectors:

“While it can work as a powerful tool for performance optimization, it also stands as a new threat vector: By 2028, enterprise spending dedicated to battling it will surpass $30 billion, cannibalizing 10% of marketing and cybersecurity budgets.”

This year will likely see a rise in AI-based predictive social engineering, a disturbing convergence of AI and social manipulation techniques, and the expansion of AI to encompass automated responses and predictive analytics. 

The FullHouse lab experience will give you perspective on how a scenario like this would play out. All realistic exploits and techniques simulated in the lab can easily be replicated in a company infrastructure to test the AI readiness of any team or organization. 

How to get started with AI 

For individuals

FullHouse is available on HTB Labs to all platform members who have reached Guru rank or higher. It can be easily found by visiting the Advanced Labs section on your dashboard and looking into Endgames.

VIP members below Guru rank can only submit flags for retired Endgames, whereas VIP members who are Guru rank or above can submit flags for both active and retired Endgames. These regulations apply to all members.



For teams and organizations

FullHouse is available to all corporate teams and organizations within the Professional Labs offering on HTB Enterprise Platform (with official write-ups and MITRE ATT&CK mapping). Teams with an existing Professional Labs environment can easily assign FullHouse as part of the skills development plan with a couple of clicks.

If your organization does not have access to HTB Enterprise Platform or Professional Labs, fill out the form below to consult our team to create a tailored workforce development plan based on the latest vulnerabilities and exploits. 

CONTACT US

Hack The Blog

The latest news and updates, direct from Hack The Box