SlideShare a Scribd company logo

MLSEC 2020

Download as PPTX, PDF
Zoltan Balazs
Zoltan Balazs

This document discusses the Machine Learning Security Evasion Competition 2020 organized by Hyrum Anderson and Zoltan Balazs. It provided an overview of the competition which challenged participants to modify malware samples to evade detection by machine learning models in an offensive track, or to develop their own machine learning models for submission in a defensive track. The document outlines various approaches used by winners to evade models, such as appending extra data to executables. It concludes by providing the names of the competition winners and statistics on participant numbers and model checks during the competition.

Internet
1 of 24
Machine Learning Security Evasion Competition 2020 Hyrum Anderson - @drhyrum and Zoltan Balazs - @zh4ck
Whoami @zh4ck Head of Vulnerability Research Lab @ CUJO AI Zombie Browser Toolkit • https://github.com/Z6543/ZombieBrowserPack HWFW Bypass tool • Similar stuff was used in PacketRedirect in Danderspritz FlewAvenue by EQGRP • https://github.com/Z6543/hwfwbypass Malware Analysis Sandbox Tester tool • https://github.com/Z6543/Sandbox_tester Played with crappy IoT devices – my RCE exploit code running on ~600 000 IP cameras via Persirai • https://jumpespjump.blogspot.hu/2015/09/how-i-hacked-my-ip-camera-and-found.html • https://jumpespjump.blogspot.hu/2015/08/how-to-secure-your-home-against.html Invented the idea of encrypted exploit delivery via Diffie-Hellman key exchange, to bypass exploit detection appliances • https://www.mrg-effitas.com/generic-bypass-of-next-gen-intrusion-threat-breach-detection-systems/ Co-organizer of the Hackersuli meetup Programme committee member of the Hacktivity conference
Whoami @drhyrum architect, Azure Trustworhy Machine Learning @ Microsoft • ML security as a 1st class, practical security concern cofounder and co-chair, CAMLIS https://camlis.org/ background • (1st) signal processing, machine learning • (2nd) information security relevant research • Reinforcement learning AV evasion: • https://github.com/endgameinc/gym-malware • Co-creator of EMBER 2017 and 2018 datasets: • https://github.com/endgameinc/ember
https://skylightcyber.com/2019/07/18/cylance-i-kill-you/ ML detection bypass in the past Super l33t ML malware detection bypass from 2019 • strings RocketLeague.exe >> mimikatz.exe Super l33t ML malware detection bypass from 2016 • upx.exe
evademalwareml.io 2019 Purpose: advance the field of offensive and defensive ML-based malware detection Step 1: Download 50 working malware samples Step 2: Download 3 ML model with weights (white-box attack) Step 3: Modify the malware samples to evade detection by all models Step 4: PROFIT! Award: Nvidia Titan RTX
evademalwareml.io 2019 Outcomes ~70 people registered 11 contestant able to bypass at least one ML model Winner: 2019 August 28, 15:25 UTC William Fleshman • Will's writeup: https://towardsdatascience.com/evading-machine-learning-malware-classifiers- ce52dabdb713 Writeups from other competitive teams • Jakub Debski https://www.eset.com/blog/company/evading-machine-learning-detection-in-a- cyber-secure-world/ • Fabricio Ceschin et al., https://secret.inf.ufpr.br/papers/roots_shallow.pdf
evademalwareml.io 2019 Approaches used Packing the samples with a packer • nice, but if the sample is already packed, chances are it will not work • this is partially a competition-specific issue, if you write your own malware, you can create your own packer which can bypass ML detection This image was designed by Ange Albertini https://corkami.blogspot.com
evademalwareml.io 2019 Approaches used Adding new sections to the executable • even better if these sections are from known benign files, e.g. resources from MS files • works most of the time, but can break malware • some malware/packer has self-checks, and adding new sections can break this • just by adding a new section – you can bypass some AV (out of scope) • fun fact: some AV uses shortcuts for signature-based detection like if section==X check this. Improves performance, easy to bypass.
evademalwareml.io 2019 Approaches used Appending extra data to the executable, a.k.a overlay • actually, this was the winner strategy … • dumb, plain, simple, and it works • it works if you have the ML models and weights, a.k.a white-box attack • this overlay technique will not bypass static signature AV checks (out of scope) • except when the AV has a rule that Filesize less than X … • yes, this still happens cat overlay >> malware.exe Overlay 
evademalwareml.io 2019 Some key takeaways malconv and non neg malconv is too academic • but not effective in practice LIEF is awesome https://github.com/lief-project/LIEF Malware is tricky • some samples do not reproduce the same IoCs over time • mainly because of C&C down • packed and protected samples are hard to deal with
evademalwareml.io 2019 Fun with SSDeep SSDeep is a program for computing context triggered piecewise hashes (CTPH). Also called fuzzy hashes, CTPH can match inputs that have homologies. Such inputs have sequences of identical bytes in the same order, although bytes in between these sequences may be different in both content and length. 6144:9dA3OOLEQ5dIZHlxBM/lxBM/lxBM/lxBMe:9u3O+EQ5dIrMpMpMpMe 49152:lOctKPaSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS:c2O 12288:I8Mr88Mr88Mr88Mr88Mr88Mr88Mr88Mr88Mr88MrZ:Ilr8lr8lr8lr8lr8lr8lr8lr8lr8lrZ 49152:IOctnPjppprOctnPjppprOctnPjppprOctnPjppprOctnPjppprOctnPjppp:J2P02P02P02P02P02P
mlsec.io 2020 DEFENDER CHALLENGE • Create your own ML model and submit to the competition • Docker All The Things ATTACKER CHALLENGE • Black-box attack against submitted defences • Source code provided for only the ember model Sponsors and partners • Microsoft, CUJO AI, VMRay, MRG Effitas Main organizer people remained the same  Win Azure credits for your take over the world ML research plans
mlsec.io 2020 Defensive track Two submissions that passed minimum requirements Look for the following ML models in your offensive track • ember [default model for which there is code] • needforspeed • domumpqb
mlsec.io 2020 Offensive track - Aug 06 – Sep 18, 2020 AoE Malware families • Remcos • Lokibot • Raccoon • Netwire • Hawkeye • Azorult • Amadey • Agent Tesla • Ursnif • Trickbot • Sodinokibi • njRAT • Nanocore • Maze • Masslogger • Gh0st RAT • Dharma • AsyncRat • Zeppelin Ransomware • VHD Ransomware • Qbot • Paymen45 ransomware • Formbook • Citadel • Ave Maria
MLSEC 2020 attacker flowchart 1. register at https://mlsec.io 2. review terms of service 3. download 50 provided malware samples 4. <your secret sauce to modify samples> 5. verify malware functionality (Windows 10 x64) 6. Optional: Use the API! 7. upload ZIP; partial uploads ok (upload rate limiting) 8. up to 3 points for each sample (# of evade models) 9. highest score wins 10. to win, your solution must be published (e.g., blog)
Mind the sample names Filenames in downloaded ZIP 001 002 003 … 050 Filenames in uploaded ZIP 001 002 003 … 050
tips! You might consider some of these manipulations • add / remove signature • change section names/properties • modify imports/exports • create TLS callback • change PE header • fix/change checksum • add/modify/remove version info • new entry point that redirects • change code/data (no-ops)
tips! Not allowed / won’t function: • Droppers Multiple registration is against the rules and will result in immediate disqualification Join the Slack channel! https://join.slack.com/t/evademalwareml/shared_invite/zt-9birv1qf-KJFEiyLLRVtrsNDuyA0clA
mlsec.io 2020 About the frontends and backends Python – Flask Admin for GUI Cloudflare, Nginx, Gunicorn for scalability and performance Python backend scripts scheduled by CRON VMRay sandbox
mlsec.io 2020 API 1. Submit sample to all ML model curl -X POST https://api.mlsec.io/api/ml_submit_sample_all?api_token=<API_KEY> --data-binary @001 2. Submit sample to specific ML model curl -X POST https://api.mlsec.io/api/ml_submit_sample?api_token=<API_KEY>&model=ember --data-binary @001 3. Get ML model results curl -X GET https://api.mlsec.io/api/ml_get_sample?api_token=<API_KEY>&jobid=<JOB_ID> 4. Upload ZIP curl -X POST https://api.mlsec.io/api/post_one_zip/new/?url=%2Fzipfile%2F&api_token=<API_KEY> --form "name=name" --form path=@my.zip 5. Query specific ZIP status curl -X GET https://api.mlsec.io/api/get_one_zip/<ID>?api_token=<API_KEY> 6. Query all sample status curl -X GET https://api.mlsec.io/api/get_all_sample/?api_token=<API_KEY> 7. Query specific sample status curl -X GET https://api.mlsec.io/api/get_one_sample/<ID>?api_token=<API_KEY>
The Winners of 2020 Winner of attacker track - Fabrício Ceschin and Marcus Botacin https://secret.inf.ufpr.br/2020/09/29/adversarial-malware-in-machine-learning-detectors-our-mlsec-2020-secrets/ Defender track winner in white paper format - Erwin Quiring, Lukas Pirch, Michael Reimsbach, Daniel Arp, Konrad Rieck https://arxiv.org/pdf/2010.09569.pdf Defender track second place in white paper format - Fabrício Ceschin and Marcus Botacin https://ieeexplore.ieee.org/document/8636415 Attacker track, second place – Wunderwuzzi a.k.a Johann Rehberger https://embracethered.com/blog/posts/2020/microsoft-machine-learning-security-evasion-competition/
Winners and stats Attacker Winner: XOR crypter/Base64 obfuscation + lot of dead imports to the import table Defender Winner: In total, ~60 people registered for the competition. 2 people submitted a valid Docker image with a working ML-based malware detection inside. 5 people were able to bypass at least a single ML model while preserving the malware functionality. The ML engines checked samples 5,654 times in total.
Real life AV/ML evasion If you are interested in how these techniques works in REAL LIFE https://cujo.com/machine-learning- security-evasion-competition- 2020-results-and-behind-the- scenes/
Thank You Hyrum Anderson - @drhyrum and Zoltan Balazs - @zh4ck See you at HITB's Discord channel for questions & answers!

Recommended

SANS_PentestHackfest_2022-PurpleTeam_Cloud_Identity.pptx
SANS_PentestHackfest_2022-PurpleTeam_Cloud_Identity.pptxSANS_PentestHackfest_2022-PurpleTeam_Cloud_Identity.pptx
SANS_PentestHackfest_2022-PurpleTeam_Cloud_Identity.pptx
JasonOstrom1
 
Digital Forensics and Incident Response in The Cloud Part 3
Digital Forensics and Incident Response in The Cloud Part 3Digital Forensics and Incident Response in The Cloud Part 3
Digital Forensics and Incident Response in The Cloud Part 3
Velocidex Enterprises
 
Modern Evasion Techniques
Modern Evasion TechniquesModern Evasion Techniques
Modern Evasion Techniques
Jason Lang
 
TensorFlow meetup: Keras - Pytorch - TensorFlow.js
TensorFlow meetup: Keras - Pytorch - TensorFlow.jsTensorFlow meetup: Keras - Pytorch - TensorFlow.js
TensorFlow meetup: Keras - Pytorch - TensorFlow.js
Stijn Decubber
 
Us 17-krug-hacking-severless-runtimes
Us 17-krug-hacking-severless-runtimesUs 17-krug-hacking-severless-runtimes
Us 17-krug-hacking-severless-runtimes
Ravishankar Somasundaram
 
AppSec California 2016 - Making Security Agile
AppSec California 2016 - Making Security AgileAppSec California 2016 - Making Security Agile
AppSec California 2016 - Making Security Agile
Oleg Gryb
 
Modern Web Security, Lazy but Mindful Like a Fox
Modern Web Security, Lazy but Mindful Like a FoxModern Web Security, Lazy but Mindful Like a Fox
Modern Web Security, Lazy but Mindful Like a Fox
C4Media
 
Code quality par Simone Civetta
Code quality par Simone CivettaCode quality par Simone Civetta
Code quality par Simone Civetta
CocoaHeads France
 

Recommended

SANS_PentestHackfest_2022-PurpleTeam_Cloud_Identity.pptx
SANS_PentestHackfest_2022-PurpleTeam_Cloud_Identity.pptxSANS_PentestHackfest_2022-PurpleTeam_Cloud_Identity.pptx
SANS_PentestHackfest_2022-PurpleTeam_Cloud_Identity.pptx
JasonOstrom1
 
Digital Forensics and Incident Response in The Cloud Part 3
Digital Forensics and Incident Response in The Cloud Part 3Digital Forensics and Incident Response in The Cloud Part 3
Digital Forensics and Incident Response in The Cloud Part 3
Velocidex Enterprises
 
Modern Evasion Techniques
Modern Evasion TechniquesModern Evasion Techniques
Modern Evasion Techniques
Jason Lang
 
TensorFlow meetup: Keras - Pytorch - TensorFlow.js
TensorFlow meetup: Keras - Pytorch - TensorFlow.jsTensorFlow meetup: Keras - Pytorch - TensorFlow.js
TensorFlow meetup: Keras - Pytorch - TensorFlow.js
Stijn Decubber
 
Us 17-krug-hacking-severless-runtimes
Us 17-krug-hacking-severless-runtimesUs 17-krug-hacking-severless-runtimes
Us 17-krug-hacking-severless-runtimes
Ravishankar Somasundaram
 
AppSec California 2016 - Making Security Agile
AppSec California 2016 - Making Security AgileAppSec California 2016 - Making Security Agile
AppSec California 2016 - Making Security Agile
Oleg Gryb
 
Modern Web Security, Lazy but Mindful Like a Fox
Modern Web Security, Lazy but Mindful Like a FoxModern Web Security, Lazy but Mindful Like a Fox
Modern Web Security, Lazy but Mindful Like a Fox
C4Media
 
Code quality par Simone Civetta
Code quality par Simone CivettaCode quality par Simone Civetta
Code quality par Simone Civetta
CocoaHeads France
 
EMBA - Firmware analysis - Black Hat Arsenal USA 2022
EMBA - Firmware analysis - Black Hat Arsenal USA 2022EMBA - Firmware analysis - Black Hat Arsenal USA 2022
EMBA - Firmware analysis - Black Hat Arsenal USA 2022
MichaelM85042
 
Event-driven automation, DevOps way ~IoT時代の自動化、そのリアリティとは?~
Event-driven automation, DevOps way ~IoT時代の自動化、そのリアリティとは?~Event-driven automation, DevOps way ~IoT時代の自動化、そのリアリティとは?~
Event-driven automation, DevOps way ~IoT時代の自動化、そのリアリティとは?~
Brocade
 
CBDW2014 - MockBox, get ready to mock your socks off!
CBDW2014 - MockBox, get ready to mock your socks off!CBDW2014 - MockBox, get ready to mock your socks off!
CBDW2014 - MockBox, get ready to mock your socks off!
Ortus Solutions, Corp
 
Defcon 22 - Stitching numbers - generating rop payloads from in memory numbers
Defcon 22 - Stitching numbers - generating rop payloads from in memory numbersDefcon 22 - Stitching numbers - generating rop payloads from in memory numbers
Defcon 22 - Stitching numbers - generating rop payloads from in memory numbers
Alexandre Moneger
 
Secure Programming Practices in C++ (NDC Oslo 2018)
Secure Programming Practices in C++ (NDC Oslo 2018)Secure Programming Practices in C++ (NDC Oslo 2018)
Secure Programming Practices in C++ (NDC Oslo 2018)
Patricia Aas
 
Kubernetes and container security
Kubernetes and container securityKubernetes and container security
Kubernetes and container security
Volodymyr Shynkar
 
Vulnerability, exploit to metasploit
Vulnerability, exploit to metasploitVulnerability, exploit to metasploit
Vulnerability, exploit to metasploit
Tiago Henriques
 
Security Vulnerabilities in Mobile Applications (Kristaps Felzenbergs)
Security Vulnerabilities in Mobile Applications (Kristaps Felzenbergs)Security Vulnerabilities in Mobile Applications (Kristaps Felzenbergs)
Security Vulnerabilities in Mobile Applications (Kristaps Felzenbergs)
TestDevLab
 
Microservices Application Tracing Standards and Simulators - Adrians at OSCON
Microservices Application Tracing Standards and Simulators - Adrians at OSCONMicroservices Application Tracing Standards and Simulators - Adrians at OSCON
Microservices Application Tracing Standards and Simulators - Adrians at OSCON
Adrian Cockcroft
 
Kernel Con 2022: Securing Cloud Native Workloads
Kernel Con 2022: Securing Cloud Native WorkloadsKernel Con 2022: Securing Cloud Native Workloads
Kernel Con 2022: Securing Cloud Native Workloads
Gabriel Schuyler
 
Clean Infrastructure as Code
Clean Infrastructure as CodeClean Infrastructure as Code
Clean Infrastructure as Code
QAware GmbH
 
Abusing bleeding edge web standards for appsec glory
Abusing bleeding edge web standards for appsec gloryAbusing bleeding edge web standards for appsec glory
Abusing bleeding edge web standards for appsec glory
Priyanka Aash
 
Search for Vulnerabilities Using Static Code Analysis
Search for Vulnerabilities Using Static Code AnalysisSearch for Vulnerabilities Using Static Code Analysis
Search for Vulnerabilities Using Static Code Analysis
Andrey Karpov
 
Security Tips to run Docker in Production
Security Tips to run Docker in ProductionSecurity Tips to run Docker in Production
Security Tips to run Docker in Production
Gianluca Arbezzano
 
BSidesDFW2022-PurpleTeam_Cloud_Identity.pptx
BSidesDFW2022-PurpleTeam_Cloud_Identity.pptxBSidesDFW2022-PurpleTeam_Cloud_Identity.pptx
BSidesDFW2022-PurpleTeam_Cloud_Identity.pptx
JasonOstrom1
 
DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...
DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...
DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...
Lacework
 
Phil Basford - machine learning at scale with aws sage maker
Phil Basford - machine learning at scale with aws sage makerPhil Basford - machine learning at scale with aws sage maker
Phil Basford - machine learning at scale with aws sage maker
AWSCOMSUM
 
Should Invoker Rights be used?
Should Invoker Rights be used?Should Invoker Rights be used?
Should Invoker Rights be used?
Getting value from IoT, Integration and Data Analytics
 
How to secure your web applications with NGINX
How to secure your web applications with NGINXHow to secure your web applications with NGINX
How to secure your web applications with NGINX
Wallarm
 
LLMOps for Your Data: Best Practices to Ensure Safety, Quality, and Cost
LLMOps for Your Data: Best Practices to Ensure Safety, Quality, and CostLLMOps for Your Data: Best Practices to Ensure Safety, Quality, and Cost
LLMOps for Your Data: Best Practices to Ensure Safety, Quality, and Cost
Aggregage
 
[ Hackersuli ] Privacy on the blockchain
[ Hackersuli ] Privacy on the blockchain[ Hackersuli ] Privacy on the blockchain
[ Hackersuli ] Privacy on the blockchain
Zoltan Balazs
 
Web3 + scams = It's a match
Web3 + scams = It's a matchWeb3 + scams = It's a match
Web3 + scams = It's a match
Zoltan Balazs
 

More Related Content

Similar to MLSEC 2020

EMBA - Firmware analysis - Black Hat Arsenal USA 2022
EMBA - Firmware analysis - Black Hat Arsenal USA 2022EMBA - Firmware analysis - Black Hat Arsenal USA 2022
EMBA - Firmware analysis - Black Hat Arsenal USA 2022
MichaelM85042
 
Event-driven automation, DevOps way ~IoT時代の自動化、そのリアリティとは?~
Event-driven automation, DevOps way ~IoT時代の自動化、そのリアリティとは?~Event-driven automation, DevOps way ~IoT時代の自動化、そのリアリティとは?~
Event-driven automation, DevOps way ~IoT時代の自動化、そのリアリティとは?~
Brocade
 
Defcon 22 - Stitching numbers - generating rop payloads from in memory numbers
Defcon 22 - Stitching numbers - generating rop payloads from in memory numbersDefcon 22 - Stitching numbers - generating rop payloads from in memory numbers
Defcon 22 - Stitching numbers - generating rop payloads from in memory numbers
Alexandre Moneger
 
Secure Programming Practices in C++ (NDC Oslo 2018)
Secure Programming Practices in C++ (NDC Oslo 2018)Secure Programming Practices in C++ (NDC Oslo 2018)
Secure Programming Practices in C++ (NDC Oslo 2018)
Patricia Aas
 
Kubernetes and container security
Kubernetes and container securityKubernetes and container security
Kubernetes and container security
Volodymyr Shynkar
 
Kernel Con 2022: Securing Cloud Native Workloads
Kernel Con 2022: Securing Cloud Native WorkloadsKernel Con 2022: Securing Cloud Native Workloads
Kernel Con 2022: Securing Cloud Native Workloads
Gabriel Schuyler
 
Clean Infrastructure as Code
Clean Infrastructure as CodeClean Infrastructure as Code
Clean Infrastructure as Code
QAware GmbH
 
Abusing bleeding edge web standards for appsec glory
Abusing bleeding edge web standards for appsec gloryAbusing bleeding edge web standards for appsec glory
Abusing bleeding edge web standards for appsec glory
Priyanka Aash
 
Security Tips to run Docker in Production
Security Tips to run Docker in ProductionSecurity Tips to run Docker in Production
Security Tips to run Docker in Production
Gianluca Arbezzano
 

Similar to MLSEC 2020 (20)

EMBA - Firmware analysis - Black Hat Arsenal USA 2022
EMBA - Firmware analysis - Black Hat Arsenal USA 2022EMBA - Firmware analysis - Black Hat Arsenal USA 2022
EMBA - Firmware analysis - Black Hat Arsenal USA 2022
 
Event-driven automation, DevOps way ~IoT時代の自動化、そのリアリティとは?~
Event-driven automation, DevOps way ~IoT時代の自動化、そのリアリティとは?~Event-driven automation, DevOps way ~IoT時代の自動化、そのリアリティとは?~
Event-driven automation, DevOps way ~IoT時代の自動化、そのリアリティとは?~
 
CBDW2014 - MockBox, get ready to mock your socks off!
CBDW2014 - MockBox, get ready to mock your socks off!CBDW2014 - MockBox, get ready to mock your socks off!
CBDW2014 - MockBox, get ready to mock your socks off!
 
Defcon 22 - Stitching numbers - generating rop payloads from in memory numbers
Defcon 22 - Stitching numbers - generating rop payloads from in memory numbersDefcon 22 - Stitching numbers - generating rop payloads from in memory numbers
Defcon 22 - Stitching numbers - generating rop payloads from in memory numbers
 
Secure Programming Practices in C++ (NDC Oslo 2018)
Secure Programming Practices in C++ (NDC Oslo 2018)Secure Programming Practices in C++ (NDC Oslo 2018)
Secure Programming Practices in C++ (NDC Oslo 2018)
 
Kubernetes and container security
Kubernetes and container securityKubernetes and container security
Kubernetes and container security
 
Vulnerability, exploit to metasploit
Vulnerability, exploit to metasploitVulnerability, exploit to metasploit
Vulnerability, exploit to metasploit
 
Security Vulnerabilities in Mobile Applications (Kristaps Felzenbergs)
Security Vulnerabilities in Mobile Applications (Kristaps Felzenbergs)Security Vulnerabilities in Mobile Applications (Kristaps Felzenbergs)
Security Vulnerabilities in Mobile Applications (Kristaps Felzenbergs)
 
Microservices Application Tracing Standards and Simulators - Adrians at OSCON
Microservices Application Tracing Standards and Simulators - Adrians at OSCONMicroservices Application Tracing Standards and Simulators - Adrians at OSCON
Microservices Application Tracing Standards and Simulators - Adrians at OSCON
 
Kernel Con 2022: Securing Cloud Native Workloads
Kernel Con 2022: Securing Cloud Native WorkloadsKernel Con 2022: Securing Cloud Native Workloads
Kernel Con 2022: Securing Cloud Native Workloads
 
Clean Infrastructure as Code
Clean Infrastructure as CodeClean Infrastructure as Code
Clean Infrastructure as Code
 
Abusing bleeding edge web standards for appsec glory
Abusing bleeding edge web standards for appsec gloryAbusing bleeding edge web standards for appsec glory
Abusing bleeding edge web standards for appsec glory
 
Search for Vulnerabilities Using Static Code Analysis
Search for Vulnerabilities Using Static Code AnalysisSearch for Vulnerabilities Using Static Code Analysis
Search for Vulnerabilities Using Static Code Analysis
 
Security Tips to run Docker in Production
Security Tips to run Docker in ProductionSecurity Tips to run Docker in Production
Security Tips to run Docker in Production
 
BSidesDFW2022-PurpleTeam_Cloud_Identity.pptx
BSidesDFW2022-PurpleTeam_Cloud_Identity.pptxBSidesDFW2022-PurpleTeam_Cloud_Identity.pptx
BSidesDFW2022-PurpleTeam_Cloud_Identity.pptx
 
DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...
DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...
DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...
 
Phil Basford - machine learning at scale with aws sage maker
Phil Basford - machine learning at scale with aws sage makerPhil Basford - machine learning at scale with aws sage maker
Phil Basford - machine learning at scale with aws sage maker
 
Should Invoker Rights be used?
Should Invoker Rights be used?Should Invoker Rights be used?
Should Invoker Rights be used?
 
How to secure your web applications with NGINX
How to secure your web applications with NGINXHow to secure your web applications with NGINX
How to secure your web applications with NGINX
 
LLMOps for Your Data: Best Practices to Ensure Safety, Quality, and Cost
LLMOps for Your Data: Best Practices to Ensure Safety, Quality, and CostLLMOps for Your Data: Best Practices to Ensure Safety, Quality, and Cost
LLMOps for Your Data: Best Practices to Ensure Safety, Quality, and Cost
 

More from Zoltan Balazs

Explain Ethereum smart contract hacking like i am a five
Explain Ethereum smart contract hacking like i am a fiveExplain Ethereum smart contract hacking like i am a five
Explain Ethereum smart contract hacking like i am a five
Zoltan Balazs
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Zoltan Balazs
 
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
Zoltan Balazs
 
[ENG] OHM2013 - The Quest for the Client-Side Elixir Against Zombie Browsers -
[ENG] OHM2013 - The Quest for the Client-Side Elixir Against Zombie Browsers - [ENG] OHM2013 - The Quest for the Client-Side Elixir Against Zombie Browsers -
[ENG] OHM2013 - The Quest for the Client-Side Elixir Against Zombie Browsers -
Zoltan Balazs
 
[HUN] Védtelen böngészők - Ethical Hacking
[HUN] Védtelen böngészők - Ethical Hacking [HUN] Védtelen böngészők - Ethical Hacking
[HUN] Védtelen böngészők - Ethical Hacking
Zoltan Balazs
 
[ENG] Hacker halted 2012 - Zombie browsers, spiced with rootkit extensions
[ENG] Hacker halted 2012 - Zombie browsers, spiced with rootkit extensions[ENG] Hacker halted 2012 - Zombie browsers, spiced with rootkit extensions
[ENG] Hacker halted 2012 - Zombie browsers, spiced with rootkit extensions
Zoltan Balazs
 
[ENG] Zombie browsers spiced with rootkit extensions - Hacktivity 2012
[ENG] Zombie browsers spiced with rootkit extensions - Hacktivity 2012[ENG] Zombie browsers spiced with rootkit extensions - Hacktivity 2012
[ENG] Zombie browsers spiced with rootkit extensions - Hacktivity 2012
Zoltan Balazs
 

More from Zoltan Balazs (20)

[ Hackersuli ] Privacy on the blockchain
[ Hackersuli ] Privacy on the blockchain[ Hackersuli ] Privacy on the blockchain
[ Hackersuli ] Privacy on the blockchain
 
Web3 + scams = It's a match
Web3 + scams = It's a matchWeb3 + scams = It's a match
Web3 + scams = It's a match
 
MIPS-X
MIPS-XMIPS-X
MIPS-X
 
How to hide your browser 0-day @ Disobey
How to hide your browser 0-day @ DisobeyHow to hide your browser 0-day @ Disobey
How to hide your browser 0-day @ Disobey
 
Explain Ethereum smart contract hacking like i am a five
Explain Ethereum smart contract hacking like i am a fiveExplain Ethereum smart contract hacking like i am a five
Explain Ethereum smart contract hacking like i am a five
 
How to hide your browser 0-days
How to hide your browser 0-daysHow to hide your browser 0-days
How to hide your browser 0-days
 
Test & Tea : ITSEC testing, manual vs automated
Test & Tea : ITSEC testing, manual vs automatedTest & Tea : ITSEC testing, manual vs automated
Test & Tea : ITSEC testing, manual vs automated
 
Hacking Windows 95 #33c3
Hacking Windows 95 #33c3Hacking Windows 95 #33c3
Hacking Windows 95 #33c3
 
Ransomware - what is it, how to protect against it
Ransomware - what is it, how to protect against itRansomware - what is it, how to protect against it
Ransomware - what is it, how to protect against it
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
 
IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?
 
Sandboxes
SandboxesSandboxes
Sandboxes
 
Sandbox detection: leak, abuse, test - Hacktivity 2015
Sandbox detection: leak, abuse, test - Hacktivity 2015Sandbox detection: leak, abuse, test - Hacktivity 2015
Sandbox detection: leak, abuse, test - Hacktivity 2015
 
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
 
Hacking with Remote Admin Tools (RAT)
Hacking with Remote Admin Tools (RAT) Hacking with Remote Admin Tools (RAT)
Hacking with Remote Admin Tools (RAT)
 
[ENG] Hacktivity 2013 - Alice in eXploitland
[ENG] Hacktivity 2013 - Alice in eXploitland[ENG] Hacktivity 2013 - Alice in eXploitland
[ENG] Hacktivity 2013 - Alice in eXploitland
 
[ENG] OHM2013 - The Quest for the Client-Side Elixir Against Zombie Browsers -
[ENG] OHM2013 - The Quest for the Client-Side Elixir Against Zombie Browsers - [ENG] OHM2013 - The Quest for the Client-Side Elixir Against Zombie Browsers -
[ENG] OHM2013 - The Quest for the Client-Side Elixir Against Zombie Browsers -
 
[HUN] Védtelen böngészők - Ethical Hacking
[HUN] Védtelen böngészők - Ethical Hacking [HUN] Védtelen böngészők - Ethical Hacking
[HUN] Védtelen böngészők - Ethical Hacking
 
[ENG] Hacker halted 2012 - Zombie browsers, spiced with rootkit extensions
[ENG] Hacker halted 2012 - Zombie browsers, spiced with rootkit extensions[ENG] Hacker halted 2012 - Zombie browsers, spiced with rootkit extensions
[ENG] Hacker halted 2012 - Zombie browsers, spiced with rootkit extensions
 
[ENG] Zombie browsers spiced with rootkit extensions - Hacktivity 2012
[ENG] Zombie browsers spiced with rootkit extensions - Hacktivity 2012[ENG] Zombie browsers spiced with rootkit extensions - Hacktivity 2012
[ENG] Zombie browsers spiced with rootkit extensions - Hacktivity 2012
 

Recently uploaded

一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理
一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理
一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理
aagad
 
Article writing on excessive use of internet.pptx
Article writing on excessive use of internet.pptxArticle writing on excessive use of internet.pptx
Article writing on excessive use of internet.pptx
abhinandnam9997
 
Production 2024 sunderland culture final - Copy.pptx
Production 2024 sunderland culture final - Copy.pptxProduction 2024 sunderland culture final - Copy.pptx
Production 2024 sunderland culture final - Copy.pptx
ChloeMeadows1
 
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkkaudience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
lolsDocherty
 

Recently uploaded (14)

ER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAEER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAE
 
How Do I Begin the Linksys Velop Setup Process?
How Do I Begin the Linksys Velop Setup Process?How Do I Begin the Linksys Velop Setup Process?
How Do I Begin the Linksys Velop Setup Process?
 
Premier Mobile App Development Agency in USA.pdf
Premier Mobile App Development Agency in USA.pdfPremier Mobile App Development Agency in USA.pdf
Premier Mobile App Development Agency in USA.pdf
 
Bug Bounty Blueprint : A Beginner's Guide
Bug Bounty Blueprint : A Beginner's GuideBug Bounty Blueprint : A Beginner's Guide
Bug Bounty Blueprint : A Beginner's Guide
 
Statistical Analysis of DNS Latencies.pdf
Statistical Analysis of DNS Latencies.pdfStatistical Analysis of DNS Latencies.pdf
Statistical Analysis of DNS Latencies.pdf
 
一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理
一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理
一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理
 
Pvtaan Social media marketing proposal.pdf
Pvtaan Social media marketing proposal.pdfPvtaan Social media marketing proposal.pdf
Pvtaan Social media marketing proposal.pdf
 
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesMulti-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
 
Article writing on excessive use of internet.pptx
Article writing on excessive use of internet.pptxArticle writing on excessive use of internet.pptx
Article writing on excessive use of internet.pptx
 
Production 2024 sunderland culture final - Copy.pptx
Production 2024 sunderland culture final - Copy.pptxProduction 2024 sunderland culture final - Copy.pptx
Production 2024 sunderland culture final - Copy.pptx
 
Cyber Security Services Unveiled: Strategies to Secure Your Digital Presence
Cyber Security Services Unveiled: Strategies to Secure Your Digital PresenceCyber Security Services Unveiled: Strategies to Secure Your Digital Presence
Cyber Security Services Unveiled: Strategies to Secure Your Digital Presence
 
Case study on merger of Vodafone and Idea (VI).pptx
Case study on merger of Vodafone and Idea (VI).pptxCase study on merger of Vodafone and Idea (VI).pptx
Case study on merger of Vodafone and Idea (VI).pptx
 
The Use of AI in Indonesia Election 2024: A Case Study
The Use of AI in Indonesia Election 2024: A Case StudyThe Use of AI in Indonesia Election 2024: A Case Study
The Use of AI in Indonesia Election 2024: A Case Study
 
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkkaudience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
 

MLSEC 2020

  • 1. Machine Learning Security Evasion Competition 2020 Hyrum Anderson - @drhyrum and Zoltan Balazs - @zh4ck
  • 2. Whoami @zh4ck Head of Vulnerability Research Lab @ CUJO AI Zombie Browser Toolkit • https://github.com/Z6543/ZombieBrowserPack HWFW Bypass tool • Similar stuff was used in PacketRedirect in Danderspritz FlewAvenue by EQGRP • https://github.com/Z6543/hwfwbypass Malware Analysis Sandbox Tester tool • https://github.com/Z6543/Sandbox_tester Played with crappy IoT devices – my RCE exploit code running on ~600 000 IP cameras via Persirai • https://jumpespjump.blogspot.hu/2015/09/how-i-hacked-my-ip-camera-and-found.html • https://jumpespjump.blogspot.hu/2015/08/how-to-secure-your-home-against.html Invented the idea of encrypted exploit delivery via Diffie-Hellman key exchange, to bypass exploit detection appliances • https://www.mrg-effitas.com/generic-bypass-of-next-gen-intrusion-threat-breach-detection-systems/ Co-organizer of the Hackersuli meetup Programme committee member of the Hacktivity conference
  • 3. Whoami @drhyrum architect, Azure Trustworhy Machine Learning @ Microsoft • ML security as a 1st class, practical security concern cofounder and co-chair, CAMLIS https://camlis.org/ background • (1st) signal processing, machine learning • (2nd) information security relevant research • Reinforcement learning AV evasion: • https://github.com/endgameinc/gym-malware • Co-creator of EMBER 2017 and 2018 datasets: • https://github.com/endgameinc/ember
  • 4. https://skylightcyber.com/2019/07/18/cylance-i-kill-you/ ML detection bypass in the past Super l33t ML malware detection bypass from 2019 • strings RocketLeague.exe >> mimikatz.exe Super l33t ML malware detection bypass from 2016 • upx.exe
  • 5. evademalwareml.io 2019 Purpose: advance the field of offensive and defensive ML-based malware detection Step 1: Download 50 working malware samples Step 2: Download 3 ML model with weights (white-box attack) Step 3: Modify the malware samples to evade detection by all models Step 4: PROFIT! Award: Nvidia Titan RTX
  • 6. evademalwareml.io 2019 Outcomes ~70 people registered 11 contestant able to bypass at least one ML model Winner: 2019 August 28, 15:25 UTC William Fleshman • Will's writeup: https://towardsdatascience.com/evading-machine-learning-malware-classifiers- ce52dabdb713 Writeups from other competitive teams • Jakub Debski https://www.eset.com/blog/company/evading-machine-learning-detection-in-a- cyber-secure-world/ • Fabricio Ceschin et al., https://secret.inf.ufpr.br/papers/roots_shallow.pdf
  • 7. evademalwareml.io 2019 Approaches used Packing the samples with a packer • nice, but if the sample is already packed, chances are it will not work • this is partially a competition-specific issue, if you write your own malware, you can create your own packer which can bypass ML detection This image was designed by Ange Albertini https://corkami.blogspot.com
  • 8. evademalwareml.io 2019 Approaches used Adding new sections to the executable • even better if these sections are from known benign files, e.g. resources from MS files • works most of the time, but can break malware • some malware/packer has self-checks, and adding new sections can break this • just by adding a new section – you can bypass some AV (out of scope) • fun fact: some AV uses shortcuts for signature-based detection like if section==X check this. Improves performance, easy to bypass.
  • 9. evademalwareml.io 2019 Approaches used Appending extra data to the executable, a.k.a overlay • actually, this was the winner strategy … • dumb, plain, simple, and it works • it works if you have the ML models and weights, a.k.a white-box attack • this overlay technique will not bypass static signature AV checks (out of scope) • except when the AV has a rule that Filesize less than X … • yes, this still happens cat overlay >> malware.exe Overlay 
  • 10. evademalwareml.io 2019 Some key takeaways malconv and non neg malconv is too academic • but not effective in practice LIEF is awesome https://github.com/lief-project/LIEF Malware is tricky • some samples do not reproduce the same IoCs over time • mainly because of C&C down • packed and protected samples are hard to deal with
  • 11. evademalwareml.io 2019 Fun with SSDeep SSDeep is a program for computing context triggered piecewise hashes (CTPH). Also called fuzzy hashes, CTPH can match inputs that have homologies. Such inputs have sequences of identical bytes in the same order, although bytes in between these sequences may be different in both content and length. 6144:9dA3OOLEQ5dIZHlxBM/lxBM/lxBM/lxBMe:9u3O+EQ5dIrMpMpMpMe 49152:lOctKPaSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS:c2O 12288:I8Mr88Mr88Mr88Mr88Mr88Mr88Mr88Mr88Mr88MrZ:Ilr8lr8lr8lr8lr8lr8lr8lr8lr8lrZ 49152:IOctnPjppprOctnPjppprOctnPjppprOctnPjppprOctnPjppprOctnPjppp:J2P02P02P02P02P02P
  • 12. mlsec.io 2020 DEFENDER CHALLENGE • Create your own ML model and submit to the competition • Docker All The Things ATTACKER CHALLENGE • Black-box attack against submitted defences • Source code provided for only the ember model Sponsors and partners • Microsoft, CUJO AI, VMRay, MRG Effitas Main organizer people remained the same  Win Azure credits for your take over the world ML research plans
  • 13. mlsec.io 2020 Defensive track Two submissions that passed minimum requirements Look for the following ML models in your offensive track • ember [default model for which there is code] • needforspeed • domumpqb
  • 14. mlsec.io 2020 Offensive track - Aug 06 – Sep 18, 2020 AoE Malware families • Remcos • Lokibot • Raccoon • Netwire • Hawkeye • Azorult • Amadey • Agent Tesla • Ursnif • Trickbot • Sodinokibi • njRAT • Nanocore • Maze • Masslogger • Gh0st RAT • Dharma • AsyncRat • Zeppelin Ransomware • VHD Ransomware • Qbot • Paymen45 ransomware • Formbook • Citadel • Ave Maria
  • 15. MLSEC 2020 attacker flowchart 1. register at https://mlsec.io 2. review terms of service 3. download 50 provided malware samples 4. <your secret sauce to modify samples> 5. verify malware functionality (Windows 10 x64) 6. Optional: Use the API! 7. upload ZIP; partial uploads ok (upload rate limiting) 8. up to 3 points for each sample (# of evade models) 9. highest score wins 10. to win, your solution must be published (e.g., blog)
  • 16. Mind the sample names Filenames in downloaded ZIP 001 002 003 … 050 Filenames in uploaded ZIP 001 002 003 … 050
  • 17. tips! You might consider some of these manipulations • add / remove signature • change section names/properties • modify imports/exports • create TLS callback • change PE header • fix/change checksum • add/modify/remove version info • new entry point that redirects • change code/data (no-ops)
  • 18. tips! Not allowed / won’t function: • Droppers Multiple registration is against the rules and will result in immediate disqualification Join the Slack channel! https://join.slack.com/t/evademalwareml/shared_invite/zt-9birv1qf-KJFEiyLLRVtrsNDuyA0clA
  • 19. mlsec.io 2020 About the frontends and backends Python – Flask Admin for GUI Cloudflare, Nginx, Gunicorn for scalability and performance Python backend scripts scheduled by CRON VMRay sandbox
  • 20. mlsec.io 2020 API 1. Submit sample to all ML model curl -X POST https://api.mlsec.io/api/ml_submit_sample_all?api_token=<API_KEY> --data-binary @001 2. Submit sample to specific ML model curl -X POST https://api.mlsec.io/api/ml_submit_sample?api_token=<API_KEY>&model=ember --data-binary @001 3. Get ML model results curl -X GET https://api.mlsec.io/api/ml_get_sample?api_token=<API_KEY>&jobid=<JOB_ID> 4. Upload ZIP curl -X POST https://api.mlsec.io/api/post_one_zip/new/?url=%2Fzipfile%2F&api_token=<API_KEY> --form "name=name" --form path=@my.zip 5. Query specific ZIP status curl -X GET https://api.mlsec.io/api/get_one_zip/<ID>?api_token=<API_KEY> 6. Query all sample status curl -X GET https://api.mlsec.io/api/get_all_sample/?api_token=<API_KEY> 7. Query specific sample status curl -X GET https://api.mlsec.io/api/get_one_sample/<ID>?api_token=<API_KEY>
  • 21. The Winners of 2020 Winner of attacker track - Fabrício Ceschin and Marcus Botacin https://secret.inf.ufpr.br/2020/09/29/adversarial-malware-in-machine-learning-detectors-our-mlsec-2020-secrets/ Defender track winner in white paper format - Erwin Quiring, Lukas Pirch, Michael Reimsbach, Daniel Arp, Konrad Rieck https://arxiv.org/pdf/2010.09569.pdf Defender track second place in white paper format - Fabrício Ceschin and Marcus Botacin https://ieeexplore.ieee.org/document/8636415 Attacker track, second place – Wunderwuzzi a.k.a Johann Rehberger https://embracethered.com/blog/posts/2020/microsoft-machine-learning-security-evasion-competition/
  • 22. Winners and stats Attacker Winner: XOR crypter/Base64 obfuscation + lot of dead imports to the import table Defender Winner: In total, ~60 people registered for the competition. 2 people submitted a valid Docker image with a working ML-based malware detection inside. 5 people were able to bypass at least a single ML model while preserving the malware functionality. The ML engines checked samples 5,654 times in total.
  • 23. Real life AV/ML evasion If you are interested in how these techniques works in REAL LIFE https://cujo.com/machine-learning- security-evasion-competition- 2020-results-and-behind-the- scenes/
  • 24. Thank You Hyrum Anderson - @drhyrum and Zoltan Balazs - @zh4ck See you at HITB's Discord channel for questions & answers!