Genetic Algorithms for Brute Forcing

Presented at Hackfest 2017, Nov. 4, 2017, 10 a.m. (Unknown duration).

Machine Learning algorithms have many applications in Cyber Security; while, most of these applications are directly related to defensive aspects such as intrusion detection and prevention, machine learning algorithms may be used to attack systems as effectively as it can be used to defend them.

This brief talk introduces a tool that leverages a basic machine learning solution-a genetic algorithm-as a way to brute force obfuscated or randomly generated URLs. Compared to some traditional methods (such as a naive brute force) this approach can have a high success rate.

Presenters:

• Christopher Ellis
  Chris entered into the security space accidentally as a hobby first, and now works for a large company as part of a red team and penetration testing group. In his spare time, Chris builds security-related tooling and scripts that fall in a wide variety of spaces from data exfiltration and ransomware distribution to brute forcing and vulnerability scanning.

Links:

• https://hackfest.ca/en/2017/speakers2017/#genetic
• https://infocon.org/cons/Hackfest/Hackfest 9 2017/Genetic Algorithms for Brute Forcing (Christopher Ellis).mp4
• https://infocon.org/cons/Hackfest/Hackfest 9 2017/Genetic Algorithms for Brute Forcing (Christopher Ellis).eng.srt (subtitles)
• https://www.youtube.com/watch?v=zdnNhH9zzaw

Similar Presentations:

• BSidesLV 2017 / The New Cat and Mouse Game: Attacking and Defending Machine Learning Based Software
• DEF CON 16 (2008) / Buying Time - What is your Data Worth? (A Generalized Solution to Distributed Brute Force Attacks)
• Black Hat USA 2018 / AI & ML in Cyber Security - Why Algorithms are Dangerous