Data Driven Offense presented at Infiltrate 2015

by Ram Shankar, Sacha Faust,

Summary : While the industry’s “blue team” of defenders and analysts are racing to make security detections smart by harnessing the power of Big Data, the aim of this talk is to convey that the “red team” of attackers and penetration testers also stand to benefit by taking a data driven approach. Attendees of this session will learn how to employ distributed computing (specifically, HDInsight stack) to automate their attacks at scale and learn Machine learning (“ML”) tools (specifically, contextual bandits, supervised learning, clustering, regression and dimensionality reduction) that can sharpen their attacks and make it adaptive. Through practical systems built by the Azure Red Team and Azure Security Data Science group, audience will learn that the benefits of data driven offense include evading existing anomaly detection systems, automatically finding optimal attack strategies, and effectively decrease both meant-time-to-compromise (MTTC) and mean-time-to-pwnage (MTTP). At the end of the session, the audience will be armed with a tangible framework and the ML toolkits required for large scale attack automation and execution. To attend this talk, no prior knowledge of ML or distributed computing is required.