Scheming with Machines: Using ML to Support Offensive Teams

BSidesLV 2019

Presented by: Nick Landers, Will Pearce
Date: Wednesday August 07, 2019
Time: 15:00 - 15:55
Location: Ground Truth

Machine learning has already proven itself an extremely useful tool for blue teams and defensive products. Organizations and their vendors have access to millions of endpoints, logs, and events. Extending talks and research given at previous DefCon events, this presentation will discuss research at integrating operationally relevant machine learning techniques into offensive operations. Through a few practical examples, we’ll explore basic statistics for operator efficacy, detecting a sandbox for payload security using a simple neural network, analyzing command sequences from previous operations to provide command recommendations for current operations, and using reinforcement learning to teach malware to pivot across a network. PhD NOT required!

Will Pearce

Will Pearce is Senior Security Consultant/Researcher at Silent Break Security. His work involves security consulting, red team operations, and offensive research. He has presented “Dark Side Ops” course series for blackhat and other groups. His research is focused primarily on malware development, windows techniques, and exploring the intersection of machine learning and offensive operations.

Nick Landers

Nick Landers is the Technical Lead at Silent Break Security. His work involves security consulting, red team operations, malware development, and offensive research. He has authored and presented the “Dark Side Ops” course series for over 3 years at BlackHat and other conferences. Internally, he develops tooling, evasions, and strategies for offensive operations.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats