DEF CON 25 (2017) – Weaponizing Machine Learning – Petro, Morris – Stream – 30July2017

30 July 2017 – DEF CON 25 (2017)
Dan ‘AltF4’ Petro & Ben Morris – Bishop Fox

Weaponizing Machine Learning: Humanity Was Overrated Anyway

At risk of appearing like mad scientists, reveling in our latest unholy creation, we proudly introduce you to DeepHack: the open-source hacking AI. This bot learns how to break into web applications using a neural network, trial-and-error, and a frightening disregard for humankind.

DeepHack can ruin your day without any prior knowledge of apps, databases – or really anything else. Using just one algorithm, it learns how to exploit multiple kinds of vulnerabilities, opening the door for a host of hacking artificial intelligence systems in the future.

This is only the beginning of the end, though. AI-based hacking tools are emerging as a class of technology that pentesters have yet to fully explore. We guarantee that you’ll be either writing machine learning hacking tools next year, or desperately attempting to defend against them.

No longer relegated just to the domain of evil geniuses, the inevitable AI dystopia is accessible to you today! So join us and we’ll demonstrate how you too can help usher in the destruction of humanity by building weaponized machine learning systems of your own – unless time travelers from the future don’t stop us first.


  1. jafhar1 says:

    So essentially one could use this machine learning how to hack into a bank or build a real terminator

  2. gyroninja says:

    22:50 I could be wrong, but wasn’t there another defcon talk a while ago about machine learning for sql injections. IIRC it used evolution based machine learning. It had different queries breed together and other conventional stuff related to this approach.
    Edit: Found it. If anyone was curious it was: DEF CON 21 – Soen – Evolving Exploits Through Genetic Algorithms.

  3. James Bos says:

    This really puts shit into perspective in terms of the data people are willingly providing to Facebook etc. Give it 5 years and I guarantee someone will be making a killing selling AI data the same way Amazon is selling CPU cycles.

  4. digidoor says:

    If you look at the word science, it is from Greek and it simply means knowledge. So as long as you know something you, in essence, are a scientist. Me thinks that those who want to seem like big kids are over using the word ‘science’ to say that they are smarter than others or that their findings are indisputably true which is not always true when there is funding behind projects. I have heard both these statements “scientists say that global is happening”,”scientists say there is no global warming” depending on who is president and giving out the cash.

  5. Sophrosynicle says:

    Considering the cryptocurrency market and trend fueled mass GPU consumption and usage, a lot of people who are already mining coins (and in some cases moving toward a situation where mining is no longer as profitable for them) that wish to learn about and engage in ML, are in a seriously convenient position.

    So not only will Satoshi have transformed our economy, but he/they (together with IBM, Amazon, Google and all great ML resource and dataset providers) will have laid the foundation for a booming AI market and technological revolution.

  6. Random Schmid says:

    dont really understand what the reward of a non-functioning sql query is and how it differs from another non-functioning query
    did I miss it or is it not covered by them?

  7. donald teague says:

    The shadow government and you are the industrial and I will never forget you are the only person in a background in a few days to go home in the afternoon so no one will ever know if I need the address and I’ll send it mean to go home in the afternoon so no one will ever know. Random words on Android auto fill left box.

  8. busty-ka tumblr com says:

    that one dudes voice and nonverbal communication is a mixture of Edward Snowden and Seth Rogen

  9. Luke Cauthen says:

    They didn’t really do anything that special with hacking… They merely implemented and common ML algorithm to do bruteforcing.

  10. over00lord Unknown says:

    1:26AM You ever realize some bit of information at the bottom/end of something, and then realized that your a dumbass because hints were everywhere…… XD 😛 1:28 AM 9/2/2017

  11. LordDecapo says:

    It’s called Data Science cause a lot of this research started with finding hidden patterns in MASSIVE data sets.. as well as even the most basic AI system has to traverse through a monumentally sized data spaces to find one of the handful of possible good answers

Comments are closed.