ALFA-Chains: AI-Supported Discovery of Privilege Escalation and Remote Exploit Chains
Miguel Tulla
Andrea Vignali
Christian Colon
Giancarlo Sperli
Simon Pietro Romano
Masataro Asai
Una-May O’Reilly
Erik Hemberg
Abstract
We present ALFA-Chains, a novel method capable of discovering chains of known Privilege Escalation (PE) and Remote exploits in a network. It can assist in penetration-testing without being tied to any specific penetration-testing framework. We test ALFA-Chains' ability to find exploit chains in networks ranging from 3 to 200 hosts. It can discover a chain in a 20 host network in as little as 0.01 seconds. More importantly, it is able to discover 12 novel exploit chains in a realistic firewalled network. We demonstrate the execution of one of these chains, proving ALFA-Chains' capability to improve penetration-testing.
View on arXiv@article{tulla2025_2504.07287,
title={ ALFA-Chains: AI-Supported Discovery of Privilege Escalation and Remote Exploit Chains },
author={ Miguel Tulla and Andrea Vignali and Christian Colon and Giancarlo Sperli and Simon Pietro Romano and Masataro Asai and Una-May O'Reilly and Erik Hemberg },
journal={arXiv preprint arXiv:2504.07287},
year={ 2025 }
}Comments on this paper