Machine learning from idea to reality: a PowerShell case study

Detecting both ‘offensive’ and obfuscated PowerShell scripts in Splunk using Windows Event Log 4104 This blog provides a ‘look behind the scenes’ at the RIFT Data Science team and describes the process of moving from the need or an idea for research towards models that can be used in practice. More specifically, how known and … Continue reading Machine learning from idea to reality: a PowerShell case study

Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 10: Efficacy Demonstration, Project Conclusion and Next Steps

After 400 days of research, the Project Ava team round up their conclusions on whether machine learning could ever be harnessed to complement current pentesting capabilities. Read more to uncover the team’s verdict on whether this will ever be possible in the near future... Overview Having spent almost 400 people days of research effort on … Continue reading Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 10: Efficacy Demonstration, Project Conclusion and Next Steps

Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 9: Adventures with Expert Systems

In the penultimate blog of the Project Ava series, our research team take a look at expert systems to test for Cross-Site Scripting (XSS) vulnerabilities, develop a proof of concept, and discuss whether machine learning could ever be harnessed to complement currenting pentesting capabilities.  Overview Penetration testing can sometimes be repetitive and tedious. This suggests … Continue reading Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 9: Adventures with Expert Systems

Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 8: Development of Prototype #4 – Building on Takaesu’s Approach with Focus on XSS

Following on from last week’s blog, the eighth instalment in the Project Ava series revisits the theory and approaches of security engineer and researcher, Isao Takaesu, with a focus on XSS. Overview In Part 3 of this blog series, one of the existing approaches by others that we found from literature reviews was that of … Continue reading Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 8: Development of Prototype #4 – Building on Takaesu’s Approach with Focus on XSS

Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 7: Development of Prototype #3 – Adventures in Anomaly Detection

In last week’s blog, our research team set out the process of creating a SQLi proof of concept.  Overview In our previous prototypes we focused on text processing (vectorizing, word2vect, neural networks, etc.). We recognized that despite some signs of potential, the overall approach is difficult because: It’s not the way the human brain works … Continue reading Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 7: Development of Prototype #3 – Adventures in Anomaly Detection

Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 6: Development of Prototype #2 – Creating a SQLi PoC

Following on from the team’s first prototype, which explored text processing and semantic relationships, the sixth blog in the Project Ava series moves on to creating a SQLi proof of concept… Overview Building on our initial work with word vectorisation and support-vector machines (SVMs), we set out to create a Proof of Concept (PoC) system … Continue reading Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 6: Development of Prototype #2 – Creating a SQLi PoC

Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 5: Development of Prototype #1 – Text Processing and Semantic Relationships

In the fifth blog of the Project Ava series, our research team start to delve into the fun stuff – creating prototypes for applying machine learning to pentesting. Find out how the team got on with their first prototype below. Overview Having understood existing solutions and architected a system for collection of the data necessary … Continue reading Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 5: Development of Prototype #1 – Text Processing and Semantic Relationships

Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 4: Architecture and Design

Building on from previous research and approaches to using machine learning for pentesting scenarios, this week our research team moves onto the architecture and design of the Project Ava ‘system’. Read on to find out about the architectures tested and the team’s conclusions. Overview Unsurprisingly, machine learning requires data – lots of data, and that … Continue reading Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 4: Architecture and Design

Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 3: Understanding Existing Approaches and Attempts

Last week, our research team explored the capabilities of IBM’s Natural Language Processing (NLP) tool and how we might be able to apply it to social engineering or phishing campaigns. In this phase of the research, the team talk us through the existing approaches and attempts to harness machine learning for pentesting scenarios. Overview The … Continue reading Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 3: Understanding Existing Approaches and Attempts