SlideShare a Scribd company logo

ENNEoS Presentation - HackMiami

Download as PPTX, PDF
D
Drew Kirkpatrick

Slides for my talk discussing research on the Evolutionary Neural Network Encoder of Shenanigans (ENNEoS), a proof-of-concept encoder for shellcode. The software uses genetic algorithms to evolve neural networks that contain the shellcode and output it on demand so that it can be executed in memory.

Science
1 of 15
Using Neural Networks to Hide Shellcode Evolutionary Neural Network Encoder of Shenanigans (ENNEoS)
Who am I? Drew Kirkpatrick Senior Security Consultant OSCP, GWAPT M.S. Computer Science M.S. Computer Information Systems B.A. Psychology, Economics
What the heck are we going to talk about? ● Hiding shellcode ● Neural networks as black boxes ● The ENNEoS proof-of-concept encoder ● What’s up under the hood ● Fitness functions (the good stuff, trust me!) ● The loader ● Demo ● Heckling session
Shellcode ● Shellcode is a small piece of computer code that starts a remote command “shell” ● Obfuscating shellcode is a common way to avoid antivirus detection ● Encrypting the shellcode is one way ● Changing the signature of the shellcode is another way ● Hiding the shellcode in a neural network?
So why neural networks? ● Neural networks are inherently opaque ● Recurrent neural networks can have complex sequences of inputs as triggers ● Neural nets are great for storing data like shellcode, right?
So what did ya make? ● ENNEoS - Evolutionary Neural Network Encoder of Shenanigans ● Uses genetic algorithms to evolve neural networks that contain and output the desired shellcode ● Example loader retrieves the shellcode from the neural network and executes it
● As in NeuroEvolution of Augmenting Topologies (NEAT) obviously! ● Genetic algorithms evolve the structure of the neural network ○ The “hardware” of the neural network ● Genetic algorithms also evolve the weights of the neural network ○ The “software” of the neural network ● Can create recurrent neural networks ● It has a valid crossover operation! That sounds NEAT!
The important part… Fitness Functions ● Sounds complicated? No sweat! ● The genetic algorithm will solve the problem for you ● Just needs some guidance ● Genetic algorithm requires a scoring algorithm ● Informs the genetic algorithm how good a neural network is at solving your problem ● The genetic algorithm does the rest to find a solution (i.e. encoding) ● Yes. Yes that is awesomesauce.
Careful what you wish for... ● That sounds so easy! ● 100% guarantee you will screw up your first fitness function ● It will do precisely what you tell it to ● You will get unexpected results ● Those unexpected results will make complete sense in hindsight
Proof of concept fitness function ● Calculates difference between neural network output and desired shellcode character ● If the character matches, give a bonus ● Square the value ● Proof of concept currently ignores input
The encoder Main Thread Creates 3,000 bots Retrieves 3,000 neural networks from Genetic Algorithm Schedules execution jobs. Main Thread Pushes neural network scores into Genetic Algorithm Ends generation Performs evolution Execution Threads Stimulates bots with inputs Uses Fitness Function to score output 03 01 02
The loader DNA Reads in Genomes created by the Encoder Brains! Creates bots Inserts neural networks into bots Retrieve Shellcode Pushes inputs into bots Retrieves outputs from bots Pop Shells Copies bot output into executable memory Executes
Demo!
What’s next? ● Major code cleanup. Oh the horrors. ● Better multithreading ● More advanced fitness functions ● Pre-baked fitness functions
Contact, code, heckling Drew Kirkpatrick drew.kirkpatrick@trustedsec.com @hoodoer https://github.com/hoodoer/ENNEoS

Recommended

ENNEoS Presentation - CackalackyCon
ENNEoS Presentation - CackalackyConENNEoS Presentation - CackalackyCon
ENNEoS Presentation - CackalackyCon
Drew Kirkpatrick
 
Report
ReportReport
Report
Roger Rush
 
Cairo 2019-seminar
Cairo 2019-seminarCairo 2019-seminar
Cairo 2019-seminar
Forcada Mikel
 
Mmmm Technology
Mmmm TechnologyMmmm Technology
Mmmm Technology
guest3501685d
 
Autoecoders.pptx
Autoecoders.pptxAutoecoders.pptx
Autoecoders.pptx
MirzaJahanzeb5
 
Autoencoders
AutoencodersAutoencoders
Autoencoders
CloudxLab
 
Neural Networks and Deep Learning
Neural Networks and Deep LearningNeural Networks and Deep Learning
Neural Networks and Deep Learning
Anastasiia Kornilova
 
NEURALINK.pptx
NEURALINK.pptxNEURALINK.pptx
NEURALINK.pptx
AnoopT11
 

Recommended

ENNEoS Presentation - CackalackyCon
ENNEoS Presentation - CackalackyConENNEoS Presentation - CackalackyCon
ENNEoS Presentation - CackalackyCon
Drew Kirkpatrick
 
Report
ReportReport
Report
Roger Rush
 
Cairo 2019-seminar
Cairo 2019-seminarCairo 2019-seminar
Cairo 2019-seminar
Forcada Mikel
 
Mmmm Technology
Mmmm TechnologyMmmm Technology
Mmmm Technology
guest3501685d
 
Autoecoders.pptx
Autoecoders.pptxAutoecoders.pptx
Autoecoders.pptx
MirzaJahanzeb5
 
Autoencoders
AutoencodersAutoencoders
Autoencoders
CloudxLab
 
Neural Networks and Deep Learning
Neural Networks and Deep LearningNeural Networks and Deep Learning
Neural Networks and Deep Learning
Anastasiia Kornilova
 
NEURALINK.pptx
NEURALINK.pptxNEURALINK.pptx
NEURALINK.pptx
AnoopT11
 
Testing for the deeplearning folks
Testing for the deeplearning folksTesting for the deeplearning folks
Testing for the deeplearning folks
Vishwas N
 
BTC2019 - The Key Creation Ceremony
BTC2019 - The Key Creation CeremonyBTC2019 - The Key Creation Ceremony
BTC2019 - The Key Creation Ceremony
Joshua McDougall
 
Main
MainMain
Main
monty_mvh
 
Weaponizing Neural Networks. In your browser!
Weaponizing Neural Networks. In your browser!Weaponizing Neural Networks. In your browser!
Weaponizing Neural Networks. In your browser!
DefCamp
 
Untitled presentation.pptx
Untitled presentation.pptxUntitled presentation.pptx
Untitled presentation.pptx
amansingh185156
 
GDSC Introduction to Deep Learning Workshop
GDSC Introduction to Deep Learning WorkshopGDSC Introduction to Deep Learning Workshop
GDSC Introduction to Deep Learning Workshop
ssuser540861
 
Brain Computer Interface & It's Applications | NeuroSky Minwave | Raspberry Pi
Brain Computer Interface & It's Applications | NeuroSky Minwave | Raspberry PiBrain Computer Interface & It's Applications | NeuroSky Minwave | Raspberry Pi
Brain Computer Interface & It's Applications | NeuroSky Minwave | Raspberry Pi
Vishal Aditya
 
Blue Brain
Blue BrainBlue Brain
Blue Brain
Gaurav Hajare
 
CSSC ML Workshop
CSSC ML WorkshopCSSC ML Workshop
CSSC ML Workshop
GDSC UofT Mississauga
 
Ann model and its application
Ann model and its applicationAnn model and its application
Ann model and its application
milan107
 
Anomaly Detection using Deep Auto-Encoders
Anomaly Detection using Deep Auto-EncodersAnomaly Detection using Deep Auto-Encoders
Anomaly Detection using Deep Auto-Encoders
Gianmario Spacagna
 
Simple Introduction to AutoEncoder
Simple Introduction to AutoEncoderSimple Introduction to AutoEncoder
Simple Introduction to AutoEncoder
Jun Lang
 
softcomputing.pptx
softcomputing.pptxsoftcomputing.pptx
softcomputing.pptx
Kaviya452563
 
Blue brain
Blue brainBlue brain
Blue brain
deepulivecool
 
Deep learning Techniques JNTU R20 UNIT 2
Deep learning Techniques JNTU R20 UNIT 2Deep learning Techniques JNTU R20 UNIT 2
Deep learning Techniques JNTU R20 UNIT 2
EXAMCELLH4
 
AUTOENCODER AND ITS TYPES , HOW ITS USED, APPLICATIONS , ADVANTAGES AND DISAD...
AUTOENCODER AND ITS TYPES , HOW ITS USED, APPLICATIONS , ADVANTAGES AND DISAD...AUTOENCODER AND ITS TYPES , HOW ITS USED, APPLICATIONS , ADVANTAGES AND DISAD...
AUTOENCODER AND ITS TYPES , HOW ITS USED, APPLICATIONS , ADVANTAGES AND DISAD...
devismileyrockz
 
Distributed machine learning 101 using apache spark from a browser devoxx.b...
Distributed machine learning 101 using apache spark from a browser devoxx.b...Distributed machine learning 101 using apache spark from a browser devoxx.b...
Distributed machine learning 101 using apache spark from a browser devoxx.b...
Andy Petrella
 
Blue brain
Blue brainBlue brain
Blue brain
Parker Punj
 
Deep learning
Deep learning Deep learning
Deep learning
SauravJaiswal17
 
Basics of Brain-Computer Interface
Basics of Brain-Computer InterfaceBasics of Brain-Computer Interface
Basics of Brain-Computer Interface
Isuru Jayarathne
 
Nanoparticles synthesis and characterization​ ​
Nanoparticles synthesis and characterization​ ​Nanoparticles synthesis and characterization​ ​
Nanoparticles synthesis and characterization​ ​
kaibalyasahoo82800
 
TEST BANK For Radiologic Science for Technologists, 12th Edition by Stewart C...
TEST BANK For Radiologic Science for Technologists, 12th Edition by Stewart C...TEST BANK For Radiologic Science for Technologists, 12th Edition by Stewart C...
TEST BANK For Radiologic Science for Technologists, 12th Edition by Stewart C...
ssifa0344
 

More Related Content

Similar to ENNEoS Presentation - HackMiami

Anomaly Detection using Deep Auto-Encoders
Anomaly Detection using Deep Auto-EncodersAnomaly Detection using Deep Auto-Encoders
Anomaly Detection using Deep Auto-Encoders
Gianmario Spacagna
 

Similar to ENNEoS Presentation - HackMiami (20)

Testing for the deeplearning folks
Testing for the deeplearning folksTesting for the deeplearning folks
Testing for the deeplearning folks
 
BTC2019 - The Key Creation Ceremony
BTC2019 - The Key Creation CeremonyBTC2019 - The Key Creation Ceremony
BTC2019 - The Key Creation Ceremony
 
Main
MainMain
Main
 
Weaponizing Neural Networks. In your browser!
Weaponizing Neural Networks. In your browser!Weaponizing Neural Networks. In your browser!
Weaponizing Neural Networks. In your browser!
 
Untitled presentation.pptx
Untitled presentation.pptxUntitled presentation.pptx
Untitled presentation.pptx
 
GDSC Introduction to Deep Learning Workshop
GDSC Introduction to Deep Learning WorkshopGDSC Introduction to Deep Learning Workshop
GDSC Introduction to Deep Learning Workshop
 
Brain Computer Interface & It's Applications | NeuroSky Minwave | Raspberry Pi
Brain Computer Interface & It's Applications | NeuroSky Minwave | Raspberry PiBrain Computer Interface & It's Applications | NeuroSky Minwave | Raspberry Pi
Brain Computer Interface & It's Applications | NeuroSky Minwave | Raspberry Pi
 
Blue Brain
Blue BrainBlue Brain
Blue Brain
 
CSSC ML Workshop
CSSC ML WorkshopCSSC ML Workshop
CSSC ML Workshop
 
Ann model and its application
Ann model and its applicationAnn model and its application
Ann model and its application
 
Anomaly Detection using Deep Auto-Encoders
Anomaly Detection using Deep Auto-EncodersAnomaly Detection using Deep Auto-Encoders
Anomaly Detection using Deep Auto-Encoders
 
Simple Introduction to AutoEncoder
Simple Introduction to AutoEncoderSimple Introduction to AutoEncoder
Simple Introduction to AutoEncoder
 
softcomputing.pptx
softcomputing.pptxsoftcomputing.pptx
softcomputing.pptx
 
Blue brain
Blue brainBlue brain
Blue brain
 
Deep learning Techniques JNTU R20 UNIT 2
Deep learning Techniques JNTU R20 UNIT 2Deep learning Techniques JNTU R20 UNIT 2
Deep learning Techniques JNTU R20 UNIT 2
 
AUTOENCODER AND ITS TYPES , HOW ITS USED, APPLICATIONS , ADVANTAGES AND DISAD...
AUTOENCODER AND ITS TYPES , HOW ITS USED, APPLICATIONS , ADVANTAGES AND DISAD...AUTOENCODER AND ITS TYPES , HOW ITS USED, APPLICATIONS , ADVANTAGES AND DISAD...
AUTOENCODER AND ITS TYPES , HOW ITS USED, APPLICATIONS , ADVANTAGES AND DISAD...
 
Distributed machine learning 101 using apache spark from a browser devoxx.b...
Distributed machine learning 101 using apache spark from a browser devoxx.b...Distributed machine learning 101 using apache spark from a browser devoxx.b...
Distributed machine learning 101 using apache spark from a browser devoxx.b...
 
Blue brain
Blue brainBlue brain
Blue brain
 
Deep learning
Deep learning Deep learning
Deep learning
 
Basics of Brain-Computer Interface
Basics of Brain-Computer InterfaceBasics of Brain-Computer Interface
Basics of Brain-Computer Interface
 

Recently uploaded

Chemical Tests; flame test, positive and negative ions test Edexcel Internati...
Chemical Tests; flame test, positive and negative ions test Edexcel Internati...Chemical Tests; flame test, positive and negative ions test Edexcel Internati...
Chemical Tests; flame test, positive and negative ions test Edexcel Internati...
ssuser79fe74
 
Seismic Method Estimate velocity from seismic data.pptx
Seismic Method Estimate velocity from seismic data.pptxSeismic Method Estimate velocity from seismic data.pptx
Seismic Method Estimate velocity from seismic data.pptx
AlMamun560346
 
Connaught Place, Delhi Call girls :8448380779 Model Escorts | 100% verified
Connaught Place, Delhi Call girls :8448380779 Model Escorts | 100% verifiedConnaught Place, Delhi Call girls :8448380779 Model Escorts | 100% verified
Connaught Place, Delhi Call girls :8448380779 Model Escorts | 100% verified
Delhi Call girls
 
❤Jammu Kashmir Call Girls 8617697112 Personal Whatsapp Number 💦✅.
❤Jammu Kashmir Call Girls 8617697112 Personal Whatsapp Number 💦✅.❤Jammu Kashmir Call Girls 8617697112 Personal Whatsapp Number 💦✅.
❤Jammu Kashmir Call Girls 8617697112 Personal Whatsapp Number 💦✅.
Nitya salvi
 
9999266834 Call Girls In Noida Sector 22 (Delhi) Call Girl Service
9999266834 Call Girls In Noida Sector 22 (Delhi) Call Girl Service9999266834 Call Girls In Noida Sector 22 (Delhi) Call Girl Service
9999266834 Call Girls In Noida Sector 22 (Delhi) Call Girl Service
nishacall1
 
Conjugation, transduction and transformation
Conjugation, transduction and transformationConjugation, transduction and transformation
Conjugation, transduction and transformation
Areesha Ahmad
 
Call Girls Alandi Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Alandi Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Alandi Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Alandi Call Me 7737669865 Budget Friendly No Advance Booking
roncy bisnoi
 
Vip profile Call Girls In Lonavala 9748763073 For Genuine Sex Service At Just...
Vip profile Call Girls In Lonavala 9748763073 For Genuine Sex Service At Just...Vip profile Call Girls In Lonavala 9748763073 For Genuine Sex Service At Just...
Vip profile Call Girls In Lonavala 9748763073 For Genuine Sex Service At Just...
Monika Rani
 
SCIENCE-4-QUARTER4-WEEK-4-PPT-1 (1).pptx
SCIENCE-4-QUARTER4-WEEK-4-PPT-1 (1).pptxSCIENCE-4-QUARTER4-WEEK-4-PPT-1 (1).pptx
SCIENCE-4-QUARTER4-WEEK-4-PPT-1 (1).pptx
RizalinePalanog2
 

Recently uploaded (20)

Nanoparticles synthesis and characterization​ ​
Nanoparticles synthesis and characterization​ ​Nanoparticles synthesis and characterization​ ​
Nanoparticles synthesis and characterization​ ​
 
TEST BANK For Radiologic Science for Technologists, 12th Edition by Stewart C...
TEST BANK For Radiologic Science for Technologists, 12th Edition by Stewart C...TEST BANK For Radiologic Science for Technologists, 12th Edition by Stewart C...
TEST BANK For Radiologic Science for Technologists, 12th Edition by Stewart C...
 
GBSN - Microbiology (Unit 3)
GBSN - Microbiology (Unit 3)GBSN - Microbiology (Unit 3)
GBSN - Microbiology (Unit 3)
 
GBSN - Microbiology (Unit 1)
GBSN - Microbiology (Unit 1)GBSN - Microbiology (Unit 1)
GBSN - Microbiology (Unit 1)
 
Chemical Tests; flame test, positive and negative ions test Edexcel Internati...
Chemical Tests; flame test, positive and negative ions test Edexcel Internati...Chemical Tests; flame test, positive and negative ions test Edexcel Internati...
Chemical Tests; flame test, positive and negative ions test Edexcel Internati...
 
COST ESTIMATION FOR A RESEARCH PROJECT.pptx
COST ESTIMATION FOR A RESEARCH PROJECT.pptxCOST ESTIMATION FOR A RESEARCH PROJECT.pptx
COST ESTIMATION FOR A RESEARCH PROJECT.pptx
 
module for grade 9 for distance learning
module for grade 9 for distance learningmodule for grade 9 for distance learning
module for grade 9 for distance learning
 
Seismic Method Estimate velocity from seismic data.pptx
Seismic Method Estimate velocity from seismic data.pptxSeismic Method Estimate velocity from seismic data.pptx
Seismic Method Estimate velocity from seismic data.pptx
 
CELL -Structural and Functional unit of life.pdf
CELL -Structural and Functional unit of life.pdfCELL -Structural and Functional unit of life.pdf
CELL -Structural and Functional unit of life.pdf
 
Connaught Place, Delhi Call girls :8448380779 Model Escorts | 100% verified
Connaught Place, Delhi Call girls :8448380779 Model Escorts | 100% verifiedConnaught Place, Delhi Call girls :8448380779 Model Escorts | 100% verified
Connaught Place, Delhi Call girls :8448380779 Model Escorts | 100% verified
 
Hire 💕 9907093804 Hooghly Call Girls Service Call Girls Agency
Hire 💕 9907093804 Hooghly Call Girls Service Call Girls AgencyHire 💕 9907093804 Hooghly Call Girls Service Call Girls Agency
Hire 💕 9907093804 Hooghly Call Girls Service Call Girls Agency
 
❤Jammu Kashmir Call Girls 8617697112 Personal Whatsapp Number 💦✅.
❤Jammu Kashmir Call Girls 8617697112 Personal Whatsapp Number 💦✅.❤Jammu Kashmir Call Girls 8617697112 Personal Whatsapp Number 💦✅.
❤Jammu Kashmir Call Girls 8617697112 Personal Whatsapp Number 💦✅.
 
9999266834 Call Girls In Noida Sector 22 (Delhi) Call Girl Service
9999266834 Call Girls In Noida Sector 22 (Delhi) Call Girl Service9999266834 Call Girls In Noida Sector 22 (Delhi) Call Girl Service
9999266834 Call Girls In Noida Sector 22 (Delhi) Call Girl Service
 
Conjugation, transduction and transformation
Conjugation, transduction and transformationConjugation, transduction and transformation
Conjugation, transduction and transformation
 
Call Girls Alandi Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Alandi Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Alandi Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Alandi Call Me 7737669865 Budget Friendly No Advance Booking
 
Forensic Biology & Its biological significance.pdf
Forensic Biology & Its biological significance.pdfForensic Biology & Its biological significance.pdf
Forensic Biology & Its biological significance.pdf
 
Vip profile Call Girls In Lonavala 9748763073 For Genuine Sex Service At Just...
Vip profile Call Girls In Lonavala 9748763073 For Genuine Sex Service At Just...Vip profile Call Girls In Lonavala 9748763073 For Genuine Sex Service At Just...
Vip profile Call Girls In Lonavala 9748763073 For Genuine Sex Service At Just...
 
Botany 4th semester series (krishna).pdf
Botany 4th semester series (krishna).pdfBotany 4th semester series (krishna).pdf
Botany 4th semester series (krishna).pdf
 
High Class Escorts in Hyderabad ₹7.5k Pick Up & Drop With Cash Payment 969456...
High Class Escorts in Hyderabad ₹7.5k Pick Up & Drop With Cash Payment 969456...High Class Escorts in Hyderabad ₹7.5k Pick Up & Drop With Cash Payment 969456...
High Class Escorts in Hyderabad ₹7.5k Pick Up & Drop With Cash Payment 969456...
 
SCIENCE-4-QUARTER4-WEEK-4-PPT-1 (1).pptx
SCIENCE-4-QUARTER4-WEEK-4-PPT-1 (1).pptxSCIENCE-4-QUARTER4-WEEK-4-PPT-1 (1).pptx
SCIENCE-4-QUARTER4-WEEK-4-PPT-1 (1).pptx
 

ENNEoS Presentation - HackMiami

  • 1. Using Neural Networks to Hide Shellcode Evolutionary Neural Network Encoder of Shenanigans (ENNEoS)
  • 2. Who am I? Drew Kirkpatrick Senior Security Consultant OSCP, GWAPT M.S. Computer Science M.S. Computer Information Systems B.A. Psychology, Economics
  • 3. What the heck are we going to talk about? ● Hiding shellcode ● Neural networks as black boxes ● The ENNEoS proof-of-concept encoder ● What’s up under the hood ● Fitness functions (the good stuff, trust me!) ● The loader ● Demo ● Heckling session
  • 4. Shellcode ● Shellcode is a small piece of computer code that starts a remote command “shell” ● Obfuscating shellcode is a common way to avoid antivirus detection ● Encrypting the shellcode is one way ● Changing the signature of the shellcode is another way ● Hiding the shellcode in a neural network?
  • 5. So why neural networks? ● Neural networks are inherently opaque ● Recurrent neural networks can have complex sequences of inputs as triggers ● Neural nets are great for storing data like shellcode, right?
  • 6. So what did ya make? ● ENNEoS - Evolutionary Neural Network Encoder of Shenanigans ● Uses genetic algorithms to evolve neural networks that contain and output the desired shellcode ● Example loader retrieves the shellcode from the neural network and executes it
  • 7. ● As in NeuroEvolution of Augmenting Topologies (NEAT) obviously! ● Genetic algorithms evolve the structure of the neural network ○ The “hardware” of the neural network ● Genetic algorithms also evolve the weights of the neural network ○ The “software” of the neural network ● Can create recurrent neural networks ● It has a valid crossover operation! That sounds NEAT!
  • 8. The important part… Fitness Functions ● Sounds complicated? No sweat! ● The genetic algorithm will solve the problem for you ● Just needs some guidance ● Genetic algorithm requires a scoring algorithm ● Informs the genetic algorithm how good a neural network is at solving your problem ● The genetic algorithm does the rest to find a solution (i.e. encoding) ● Yes. Yes that is awesomesauce.
  • 9. Careful what you wish for... ● That sounds so easy! ● 100% guarantee you will screw up your first fitness function ● It will do precisely what you tell it to ● You will get unexpected results ● Those unexpected results will make complete sense in hindsight
  • 10. Proof of concept fitness function ● Calculates difference between neural network output and desired shellcode character ● If the character matches, give a bonus ● Square the value ● Proof of concept currently ignores input
  • 11. The encoder Main Thread Creates 3,000 bots Retrieves 3,000 neural networks from Genetic Algorithm Schedules execution jobs. Main Thread Pushes neural network scores into Genetic Algorithm Ends generation Performs evolution Execution Threads Stimulates bots with inputs Uses Fitness Function to score output 03 01 02
  • 12. The loader DNA Reads in Genomes created by the Encoder Brains! Creates bots Inserts neural networks into bots Retrieve Shellcode Pushes inputs into bots Retrieves outputs from bots Pop Shells Copies bot output into executable memory Executes
  • 13. Demo!
  • 14. What’s next? ● Major code cleanup. Oh the horrors. ● Better multithreading ● More advanced fitness functions ● Pre-baked fitness functions
  • 15. Contact, code, heckling Drew Kirkpatrick drew.kirkpatrick@trustedsec.com @hoodoer https://github.com/hoodoer/ENNEoS

Editor's Notes

  1. Doesn’t have to be shellcode. Super awesome way to hide you Britney Spears mp3’s at work
  2. We’re going to be here a while. Is everyone comfortable? Dr. Ken Stanley, University of Central Florida, Uber AI Engineering labs Inputs Topology/Hardware Perception Red, yours vs mine Inputs and outputs, 0.0 -> 1.0
  3. Random search vs guided search All the other parts about designing the neural network (topology), the weights, etc, are done automatically for you.
  4. There will be facepalms
  5. Heavily multi-threaded A lot of C++ Almost all complex functionality is abstracted away in the classes Takes shellcode, gives you neural networks Steps: Chunks shellcode Main thread Initialized CGA Creates 3000 ShellyBots Gets 3000 neural networks from CGA for shellybots Schedules execution jobs Execution Threads Takes assigned ShellyBots with brains, stimulates them Uses fitness function to score the output and push back to main thread Main thread Pushes scores into genetic algortihm Epoch Rinse and repeat Creates a neural network per chunk of shellcode
  6. Reads in genome of neural networks, one per chunk Creates a ShellBot per chunk, inserts brain Pushes inputs, pulls outputs Copies neural network outputs into executable memory and calls it
  7. Pop some shells