Machine learning is the next golden child for defenders, promising to solve all their challenges. Outside of attacking these solutions directly, research applying these new toys to red team challenges is difficult to find. How can red teams collect, analyze, and use the data available to them? What are the practicalities of using ML for red purposes? Can ML actually assist an operator? How about become one? This talk will tackle these questions from the ground up.We'll share code that explores the following concepts: How to start processing and analyzing data, Sandbox detection with decision trees, neural networks, and word embeddings, Inferring AD control relationships with fuzzy logic, Teaching a reinforcement learning algorithm to operate like a human, It's not magic, it's math.
Will Pearce is a Senior Security Consultant and Data Operations Lead at Silent Break Security. His work involves security consulting, red team operations, and data operations. He has taught the "Dark Side Ops" course series for over 2 years at Black and DerbyCon.
Nick Landers is the Technical Lead at Silent Break Security. His work involves security consulting, red team operations, malware development, and offensive research. He has authored and presented the ""Dark Side Ops"" course series for over 3 years at Black Hat and other conferences.