Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Weaponizing Neural Networks
<html>In your browser!</html>
<p>Andrei Cotaie – Senior Security Engineer</p>
<p>Tiberiu Boros...
The opinions and views expressed in this presentation are based on our
independent research and does not relate on our emp...
Do we trust
machine learning ?
Where are we going?
Where do we come from?
What are we?
Generative models
• Handwriting
• Audio
• Video
• Probably, you already saw the DeepFake Videos :D ;)
What we're
going to talk
about
• JavaScript
• Machine Learning
• Neural networks
• Hiding intelligence (overfitting)
• Tra...
A .js world
Into the Browser:
JavaScript is used by 94.9% of all the websites
Out of the browser:
Wscript.exe, Cscript.exe...
.js security concerns
• Bad coding
• XSS / CSRF
• Authentication issues
• Server-side Code injection
• Vulnerable servers ...
.js obfuscation...
• The GOOD, The BAD and The UGLY
• Obfuscation != Encryption
HOW TO obfuscate your life:
• Dead Code in...
ML: Encoding,
Encryption
or
Compression of data ?
ML to the !“rescue”
• This is a single Long-Short-
Term Memory Cell
• It "learns" what it needs to
"remember"
ML Overfitting
Training set
Test set
Cats, obviously!
What it sees
ML Libraries for JS
• brain.js (Neural Networks)
• Synaptic (Neural Networks)
• Natural (Natural Language Processing)
• Co...
.JS+ ML + PAYLOAD +
HTML
= </LOVE>
Whole lotta love...
What is the definition
of insanity ?
Demo 1. Let's start
simple
One step back.
Analyzing the NN itself
You don't like
eval ?
• document.body.appendChild
• document.parentNode.insertBefore
• document.write
• $.load()
Demo 2. Any Request ?
Demo 3. POSTs ?
Debugging the JS
Antiforensic
• Maybe delete or undefine the
variables/objects ?
(delete OR unset)
• And maybe more legit cover channels mi...
Demo 4.
Oops I
Slacked it
again
Take away
• Do IT yourself! You can Float too! (using any ML
package)
• Statically reverting input data is almost impossib...
Q&A ?
Btw, fun fact!
Weaponizing Neural Networks. In your browser!
Weaponizing Neural Networks. In your browser!
Weaponizing Neural Networks. In your browser!
Weaponizing Neural Networks. In your browser!
Weaponizing Neural Networks. In your browser!
Weaponizing Neural Networks. In your browser!
Weaponizing Neural Networks. In your browser!
Weaponizing Neural Networks. In your browser!
Weaponizing Neural Networks. In your browser!
Weaponizing Neural Networks. In your browser!
Weaponizing Neural Networks. In your browser!
Weaponizing Neural Networks. In your browser!
Weaponizing Neural Networks. In your browser!
You’ve finished this document.
Download and read it offline.
Upcoming SlideShare
What to Upload to SlideShare
Next
Upcoming SlideShare
What to Upload to SlideShare
Next
Download to read offline and view in fullscreen.

Share

Weaponizing Neural Networks. In your browser!

Download to read offline

Andrei Cotaie and Tiberiu Boros in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.

The slides and other presentations can be found on https://def.camp/archive

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all
  • Be the first to like this

Weaponizing Neural Networks. In your browser!

  1. 1. Weaponizing Neural Networks <html>In your browser!</html> <p>Andrei Cotaie – Senior Security Engineer</p> <p>Tiberiu Boros - Computer Scientist</p> Or how to abuse neural networks in learning stupid stuff !
  2. 2. The opinions and views expressed in this presentation are based on our independent research and does not relate on our employer. The research presented in this presentation should only be used for educational purposes.
  3. 3. Do we trust machine learning ? Where are we going? Where do we come from? What are we?
  4. 4. Generative models • Handwriting • Audio • Video • Probably, you already saw the DeepFake Videos :D ;)
  5. 5. What we're going to talk about • JavaScript • Machine Learning • Neural networks • Hiding intelligence (overfitting) • Training of a NN • Executing NN in HTML pages • Reverse Engineering the NN JSON/JS • Natural and Embedded AntiForensic
  6. 6. A .js world Into the Browser: JavaScript is used by 94.9% of all the websites Out of the browser: Wscript.exe, Cscript.exe, node, jsc, rhino etc JS desktop applications frameworks: Electron
  7. 7. .js security concerns • Bad coding • XSS / CSRF • Authentication issues • Server-side Code injection • Vulnerable servers / Fake services • Exploit kits • Watering Holes • Droppers • Recon • MINING • Click Fraud • Third party compromise (British Airways hack)
  8. 8. .js obfuscation... • The GOOD, The BAD and The UGLY • Obfuscation != Encryption HOW TO obfuscate your life: • Dead Code insertion • Subroutine reordering • Code transposition • Instruction substitution • Code integration • Register reassignment
  9. 9. ML: Encoding, Encryption or Compression of data ?
  10. 10. ML to the !“rescue” • This is a single Long-Short- Term Memory Cell • It "learns" what it needs to "remember"
  11. 11. ML Overfitting Training set Test set Cats, obviously! What it sees
  12. 12. ML Libraries for JS • brain.js (Neural Networks) • Synaptic (Neural Networks) • Natural (Natural Language Processing) • ConvNetJS (Convolutional Neural Networks) • mljs (A set of sub-libraries with a variety of functions) • Neataptic (Neural Networks) • Webdnn (Deep Learning) • Tensorflow (google project)
  13. 13. .JS+ ML + PAYLOAD + HTML = </LOVE> Whole lotta love...
  14. 14. What is the definition of insanity ?
  15. 15. Demo 1. Let's start simple
  16. 16. One step back. Analyzing the NN itself
  17. 17. You don't like eval ? • document.body.appendChild • document.parentNode.insertBefore • document.write • $.load()
  18. 18. Demo 2. Any Request ?
  19. 19. Demo 3. POSTs ?
  20. 20. Debugging the JS
  21. 21. Antiforensic • Maybe delete or undefine the variables/objects ? (delete OR unset) • And maybe more legit cover channels might help • Make sure transitions between NN calls are made untraceable. Add some intelligence to that ?
  22. 22. Demo 4. Oops I Slacked it again
  23. 23. Take away • Do IT yourself! You can Float too! (using any ML package) • Statically reverting input data is almost impossible using just the latent representations • Whenever great minds create something innovative, lazy evil minds will abuse it • Do we trust neural networks to run in our browsers?
  24. 24. Q&A ?
  25. 25. Btw, fun fact!

Andrei Cotaie and Tiberiu Boros in Bucharest, Romania on November 8-9th 2018 at DefCamp #9. The slides and other presentations can be found on https://def.camp/archive

Views

Total views

170

On Slideshare

0

From embeds

0

Number of embeds

0

Actions

Downloads

6

Shares

0

Comments

0

Likes

0

×