- Популярные видео
- Авто
- Видео-блоги
- ДТП, аварии
- Для маленьких
- Еда, напитки
- Животные
- Закон и право
- Знаменитости
- Игры
- Искусство
- Комедии
- Красота, мода
- Кулинария, рецепты
- Люди
- Мото
- Музыка
- Мультфильмы
- Наука, технологии
- Новости
- Образование
- Политика
- Праздники
- Приколы
- Природа
- Происшествия
- Путешествия
- Развлечения
- Ржач
- Семья
- Сериалы
- Спорт
- Стиль жизни
- ТВ передачи
- Танцы
- Технологии
- Товары
- Ужасы
- Фильмы
- Шоу-бизнес
- Юмор
SWORN: Custom MCP Gateway for Protocol SIFT | SANS Find Evil! 2026 Submission
SWORN (Signed Workflow Of Reasoned Narratives) is my solo entry for the SANS Find Evil! 2026 hackathon. It is a Custom MCP Gateway for the SANS SIFT Workstation that exposes the toolset as sixteen typed forensic functions wrapped in pydantic schemas, with no generic shell anywhere in the catalog. Every finding is cryptographically signed by Ed25519 back to the exact tool invocation that produced it, and a coerced LLM cannot push a finding that lacks a valid provenance chain.
Repository: https://github.com/JonathanSolvesProb...
License: Apache 2.0
Hackathon: https://findevil.devpost.com/
Chapters
0:00 Scene 1: Typed catalog, no execute_shell_cmd (Criterion 4)
0:21 Scene 2: Signed ledger session start (Criterion 5)
0:45 Scene 3: Specialists triage and self-correction (Criterion 1, tiebreaker, plus Criterion 3)
1:26 Scene 4: Corroboration gate and audit trace (Criterion 2 plus Criterion 5)
1:55 Scene 5: Negative-control silence (Criterion 2)
2:17 Scene 6: Injection defense, HMAC approval, TheHive write-back (Criteria 4, 5, and 6)
The five architectural moats demonstrated in the video
1. Cryptographically signed provenance per finding. Ed25519 append-only, hash-chained JSONL ledger. The signing key lives in the gateway, not the LLM.
2. Inference Constraint Gateway, architectural not prompt-based. No execute_shell_cmd. All sixteen tools are typed pydantic schemas with fixed binary paths and shell off.
3. Automated cross-tool corroboration. Execution-class findings require two distinct artifact families. Single-source claims auto-demote to INDICATION and never reach DRAFT.
4. Measured precision and recall on a labeled corpus, with a negative-control silence check on known-clean baselines.
5. Architectural defense against prompt injection from evidence content. Forty-one vendor delimiters escaped server-side, evidence wrapped with a server-issued invocation_id the LLM cannot forge.
A finding never leaves DRAFT until a human examiner signs it with an HMAC the LLM never sees. APPROVED findings push to TheHive as governed write-back. The AI proposes; a human still owns the signature.
Citations and references
SANS SIFT Workstation:
https://www.sans.org/tools/sift-works...
Protocol SIFT (the framework this extends):
https://github.com/teamdfir/protocol-...
"Introducing Protocol SIFT: Meeting AI Threat Speed with Defensive AI Orchestration" by Rob T. Lee:
https://robtlee73.substack.com/p/intr...
"Protocol SIFT: An Experimental Research Initiative for AI-Assisted DFIR" on the SANS blog:
https://www.sans.org/blog/protocol-si...
Anthropic's GTG-1002 threat intelligence disclosure (the offensive AI operation that motivated the defensive gap SWORN addresses):
https://www.anthropic.com/news/disrup...
Valhuntir by Steve Anson (the example submission and inspiration):
https://github.com/AppliedIR/Valhuntir
Model Context Protocol specification:
https://modelcontextprotocol.io/
Forensic toolchains wrapped as typed MCP functions
Volatility 3 (memory): https://github.com/volatilityfoundati...
plaso, log2timeline, psort (super-timeline): https://github.com/log2timeline/plaso
EvtxECmd, MFTECmd, PECmd, RECmd (Eric Zimmerman tools): https://ericzimmerman.github.io/
RegRipper (registry plugins): https://github.com/keydet89/RegRipper4.0
Hayabusa (Sigma-based EVTX triage): https://github.com/Yamato-Security/ha...
The Sleuth Kit (filesystem): https://www.sleuthkit.org/
bulk_extractor (feature carving): https://github.com/simsong/bulk_extra...
YARA (malware signatures): https://virustotal.github.io/yara/
Hindsight (Chromium browser forensics): https://github.com/obsidianforensics/...
TheHive (case management write-back): https://thehive-project.org/
Stack
Python 3.10+, pydantic, cryptography (Ed25519), MCP Python SDK, click, structlog, httpx, pytest. Seventy-three unit tests passing on the SIFT VM.
Regulatory mappings documented in docs/regulatory-mappings.md
NIST SP 800-86, ISO/IEC 27037, FRE 901(b)(9) and 902(13), Daubert factors.
Architecture diagram in three formats inside the repo
docs/architecture.png (raster, 144 DPI)
docs/architecture.svg (vector)
docs/architecture.drawio (editable source for draw.io and diagrams.net)
Threat model: docs/threat-model.md
Evidence integrity: docs/evidence-integrity.md
What is next: docs/whats-next.md
Solo submission by Jonathan Andrei.
Видео SWORN: Custom MCP Gateway for Protocol SIFT | SANS Find Evil! 2026 Submission канала JonathanSolvesProblems
Repository: https://github.com/JonathanSolvesProb...
License: Apache 2.0
Hackathon: https://findevil.devpost.com/
Chapters
0:00 Scene 1: Typed catalog, no execute_shell_cmd (Criterion 4)
0:21 Scene 2: Signed ledger session start (Criterion 5)
0:45 Scene 3: Specialists triage and self-correction (Criterion 1, tiebreaker, plus Criterion 3)
1:26 Scene 4: Corroboration gate and audit trace (Criterion 2 plus Criterion 5)
1:55 Scene 5: Negative-control silence (Criterion 2)
2:17 Scene 6: Injection defense, HMAC approval, TheHive write-back (Criteria 4, 5, and 6)
The five architectural moats demonstrated in the video
1. Cryptographically signed provenance per finding. Ed25519 append-only, hash-chained JSONL ledger. The signing key lives in the gateway, not the LLM.
2. Inference Constraint Gateway, architectural not prompt-based. No execute_shell_cmd. All sixteen tools are typed pydantic schemas with fixed binary paths and shell off.
3. Automated cross-tool corroboration. Execution-class findings require two distinct artifact families. Single-source claims auto-demote to INDICATION and never reach DRAFT.
4. Measured precision and recall on a labeled corpus, with a negative-control silence check on known-clean baselines.
5. Architectural defense against prompt injection from evidence content. Forty-one vendor delimiters escaped server-side, evidence wrapped with a server-issued invocation_id the LLM cannot forge.
A finding never leaves DRAFT until a human examiner signs it with an HMAC the LLM never sees. APPROVED findings push to TheHive as governed write-back. The AI proposes; a human still owns the signature.
Citations and references
SANS SIFT Workstation:
https://www.sans.org/tools/sift-works...
Protocol SIFT (the framework this extends):
https://github.com/teamdfir/protocol-...
"Introducing Protocol SIFT: Meeting AI Threat Speed with Defensive AI Orchestration" by Rob T. Lee:
https://robtlee73.substack.com/p/intr...
"Protocol SIFT: An Experimental Research Initiative for AI-Assisted DFIR" on the SANS blog:
https://www.sans.org/blog/protocol-si...
Anthropic's GTG-1002 threat intelligence disclosure (the offensive AI operation that motivated the defensive gap SWORN addresses):
https://www.anthropic.com/news/disrup...
Valhuntir by Steve Anson (the example submission and inspiration):
https://github.com/AppliedIR/Valhuntir
Model Context Protocol specification:
https://modelcontextprotocol.io/
Forensic toolchains wrapped as typed MCP functions
Volatility 3 (memory): https://github.com/volatilityfoundati...
plaso, log2timeline, psort (super-timeline): https://github.com/log2timeline/plaso
EvtxECmd, MFTECmd, PECmd, RECmd (Eric Zimmerman tools): https://ericzimmerman.github.io/
RegRipper (registry plugins): https://github.com/keydet89/RegRipper4.0
Hayabusa (Sigma-based EVTX triage): https://github.com/Yamato-Security/ha...
The Sleuth Kit (filesystem): https://www.sleuthkit.org/
bulk_extractor (feature carving): https://github.com/simsong/bulk_extra...
YARA (malware signatures): https://virustotal.github.io/yara/
Hindsight (Chromium browser forensics): https://github.com/obsidianforensics/...
TheHive (case management write-back): https://thehive-project.org/
Stack
Python 3.10+, pydantic, cryptography (Ed25519), MCP Python SDK, click, structlog, httpx, pytest. Seventy-three unit tests passing on the SIFT VM.
Regulatory mappings documented in docs/regulatory-mappings.md
NIST SP 800-86, ISO/IEC 27037, FRE 901(b)(9) and 902(13), Daubert factors.
Architecture diagram in three formats inside the repo
docs/architecture.png (raster, 144 DPI)
docs/architecture.svg (vector)
docs/architecture.drawio (editable source for draw.io and diagrams.net)
Threat model: docs/threat-model.md
Evidence integrity: docs/evidence-integrity.md
What is next: docs/whats-next.md
Solo submission by Jonathan Andrei.
Видео SWORN: Custom MCP Gateway for Protocol SIFT | SANS Find Evil! 2026 Submission канала JonathanSolvesProblems
SANS Find Evil Find Evil 2026 DFIR Protocol SIFT SIFT Workstation MCP Model Context Protocol Custom MCP Server AI agent incident response digital forensics threat hunting AI security prompt injection prompt injection defense Ed25519 cryptographic provenance signed ledger audit trail Volatility 3 plaso log2timeline RegRipper Hayabusa Sleuth Kit bulk_extractor YARA Hindsight Rob T Lee hackathon 2026 cybersecurity forensic AI SWORN
Комментарии отсутствуют
Информация о видео
7 ч. 54 мин. назад
00:01:01
Другие видео канала
