We live in a world where AI plays a major role in our daily lives. But as hackers, do we leverage ML, especially when it comes it pen-testing/ security research? Security Engineers tend to not venture into such systems mostly because of the steep learning curve involved. This is exactly what we are trying to solve using the AI toolkit. We can achieve a lot using off the shelf models, services like (AWS Rekognition) and tuning existing implementations to our liking .AI toolkit is a collection of modules, which makes ML easy for hackers. The toolkit includes modules which can be re-used in your own scripts for input generation / image recognition / payload generation / bot detection / anomaly detection, etc. We discuss how these modules work internally and how one can improve and contribute to the toolkit We also discuss how these modules can be used for Fuzzing / OSINT / Malware detection and Application security.
Anto Joseph is a Security Engineer for Tinder. He is involved in developing and advocating security in Machine Learning and Systems & Application Security Research. Previously, he has worked at Intel, Citrix, and E&Y in multiple information security roles. He is very passionate about exploring new ideas in these areas and has been a presenter and trainer at various security conferences including BH USA, Defcon, BruCon, HackInParis, HITB Amsterdam, HackLu, Hacktivity, PHdays, X33fCon, NullCon, c0c0n and more. He is an active contributor to many open-source projects and some of his work is available at https://github.com/antojoseph.