Machine learning has already proven itself an extremely useful tool for blue teams and defensive products. Organizations and their vendors have access to millions of endpoints, logs, and events. Extending talks and research given at previous DefCon events, this presentation will discuss research at integrating operationally relevant machine learning techniques into offensive operations. Through a few practical examples, we’ll explore basic statistics for operator efficacy, detecting a sandbox for payload security using a simple neural network, analyzing command sequences from previous operations to provide command recommendations for current operations, and using reinforcement learning to teach malware to pivot across a network. PhD NOT required!
Will Pearce is Senior Security Consultant/Researcher at Silent Break Security. His work involves security consulting, red team operations, and offensive research. He has presented “Dark Side Ops” course series for blackhat and other groups. His research is focused primarily on malware development, windows techniques, and exploring the intersection of machine learning and offensive operations.
Nick Landers is the Technical Lead at Silent Break Security. His work involves security consulting, red team operations, malware development, and offensive research. He has authored and presented the “Dark Side Ops” course series for over 3 years at BlackHat and other conferences. Internally, he develops tooling, evasions, and strategies for offensive operations.