Andrei Cotaie and Tiberiu Boros in Bucharest, Romania on November 8-9th 2018 at DefCamp #9. The slides and other presentations can be found on https://def.camp/archive

1. Weaponizing Neural Networks
<html>In your browser!</html>
<p>Andrei Cotaie – Senior Security Engineer</p>
<p>Tiberiu Boros - Computer Scientist</p>
Or how to abuse neural networks in learning stupid stuff !

2. The opinions and views expressed in this presentation are based on our
independent research and does not relate on our employer.
The research presented in this presentation should only be used for
educational purposes.

3. Do we trust
machine learning ?
Where are we going?
Where do we come from?
What are we?

4. Generative models
• Handwriting
• Audio
• Video
• Probably, you already saw the DeepFake Videos :D ;)

5. What we're
going to talk
about
• JavaScript
• Machine Learning
• Neural networks
• Hiding intelligence (overfitting)
• Training of a NN
• Executing NN in HTML pages
• Reverse Engineering the NN JSON/JS
• Natural and Embedded AntiForensic

6. A .js world
Into the Browser:
JavaScript is used by 94.9% of all the websites
Out of the browser:
Wscript.exe, Cscript.exe, node, jsc, rhino etc
JS desktop applications frameworks:
Electron

7. .js security concerns
• Bad coding
• XSS / CSRF
• Authentication issues
• Server-side Code injection
• Vulnerable servers / Fake services
• Exploit kits
• Watering Holes
• Droppers
• Recon
• MINING
• Click Fraud
• Third party compromise (British Airways hack)

8. .js obfuscation...
• The GOOD, The BAD and The UGLY
• Obfuscation != Encryption
HOW TO obfuscate your life:
• Dead Code insertion
• Subroutine reordering
• Code transposition
• Instruction substitution
• Code integration
• Register reassignment

9. ML: Encoding,
Encryption
or
Compression of data ?

10. ML to the !“rescue”
• This is a single Long-Short-
Term Memory Cell
• It "learns" what it needs to
"remember"

11. ML Overfitting
Training set
Test set
Cats, obviously!
What it sees

12. ML Libraries for JS
• brain.js (Neural Networks)
• Synaptic (Neural Networks)
• Natural (Natural Language Processing)
• ConvNetJS (Convolutional Neural
Networks)
• mljs (A set of sub-libraries with a variety
of functions)
• Neataptic (Neural Networks)
• Webdnn (Deep Learning)
• Tensorflow (google project)

13. .JS+ ML + PAYLOAD +
HTML
= </LOVE>
Whole lotta love...

14. What is the definition
of insanity ?

16. Demo 1. Let's start
simple

18. One step back.
Analyzing the NN itself

21. You don't like
eval ?
• document.body.appendChild
• document.parentNode.insertBefore
• document.write
• $.load()

23. Demo 2. Any Request ?

26. Demo 3. POSTs ?

30. Debugging the JS

32. Antiforensic
• Maybe delete or undefine the
variables/objects ?
(delete OR unset)
• And maybe more legit cover channels might
help
• Make sure transitions between NN calls are
made untraceable. Add some intelligence to
that ?

34. Demo 4.
Oops I
Slacked it
again

36. Take away
• Do IT yourself! You can Float too! (using any ML
package)
• Statically reverting input data is almost impossible
using just the latent representations
• Whenever great minds create something
innovative, lazy evil minds will abuse it
• Do we trust neural networks to run in our browsers?

37. Q&A ?

38. Btw, fun fact!