Xanthorox: The OSINT's new tool for "being evil"

In this frenetic world of cybersecurity, where attackers are constantly evolving, knowing the enemy becomes as important as protecting your assets. In this context, Xanthorox, a new conversational AI that since April has been causing quite a stir, as it ‘allows people with little knowledge to be evil’. Yes, watch out for that pissed-off employee who can now hack your phone or drop ransomware on you if he gives it a while.

For me, Xanthorox is an essential tool for cyber intelligence professionals. Its conversational approach makes it easy to access Threat Intelligence and do Proactive Threat Hunting, allowing us to know the state of the art of threats, discover, profile and anticipate malicious actors before they attack.

What is Xanthorox?

Xanthorox is an advanced conversational AI that allows us to do OSINT (Open Source Intelligence) and is designed to collect, analyse and correlate public information about cyber threats. Its main focus is to monitor suspicious activity, correlate data from different sources and provide useful information to strengthen an organisation's defences.

It is intended for both cyber intelligence teams in large organisations and independent analysts seeking to better understand the threat ecosystem. Thanks to its modular design, it can be integrated with other threat analysis and management tools, such as MISP, Maltego or SIEM platforms.

Yes, it is true that it can also be used to do evil, but at this stage of life, our defence cannot be to trust that someone who wants to do evil will not do it because they do not have the technical capacity to do so.

The screenshot below demonstrates how it would help create advanced ransomware: Xanthorox, a new conversational AI that ‘allows people with little knowledge to do evil’.

Turning to the white hat side, let's see how it can help us in our defensive work.

Key capabilities of Xanthorox

• Threat actor analysis: Xanthorox allows us to create attacker profiles based on aliases, domains used, TTPs (Tactics, Techniques and Procedures), IP addresses and relationships between these elements.
• Analysis of malware and exploits: Xanthorox allows malware samples to be broken down and studied, identifying their methods of infection, communication with C&C (Command and Control) and possible attack vectors.
• Real-time threat tracking: Integrates threat intelligence feeds to detect malicious IPs, suspicious domains and hashes of compromised files.
• Attack Simulation (Red Teaming): Security teams can use Xanthorox to emulate real attacker techniques and assess the resilience of their systems.
• Forensic Task Automation: Automates the collection of evidence in security incidents, accelerating breach response.
• Hidden Vulnerability Detection: Helps identify configuration flaws, exposed services and potential entry points for attackers.
• Experimentation and learning: Facilitates the acquisition of Threat Intelligence knowledge.

So, another tool that joins the club of Maltego, Metasploit, Netcat, TOR, Cobalt Strike and others that every ethical hacker should know to delve into the TTPs of their adversaries to thwart their attacks.