Black Hat USA Arsenal 2019 - Eyeballer: Weaponized Machine Learning to Target Website Screenshots

Date & Time:
Past Event
Bishop Fox speaking engagements on offensive security research and tools.

AI-based hacking tools are here and taking aim at your network perimeter. With recent advances in machine learning, hackers can now solve tasks that previously required human experience and decision making. Our open source tool Eyeballer uses a convolutional neural network to sift through mountains of screenshots and tells the hacker what is likely to have vulnerabilities and what isn't, just by looking at it.

You know a busted website when you see one: broken HTML, blocky frames—something obviously written in raw PHP before MVC frameworks even existed, made custom by your target over a decade ago. Signature-based scanners won't help you find this diamond-in-the-rough vulnerability. And who has time to look through 100,000 EyeWitness screenshots to find your most likely entry point? This is where AI comes in to give those websites a quick eyeballing so you don't have to.

The future of hacking will augment human expertise with AI analysis. To help spur this on, we'll be releasing both the source code behind Eyeballer and our training dataset of tens of thousands of carefully curated website screenshots. We'll also be showing off live demos of the whole thing so you can witness for yourself the results of melding machine and man.

See Dan Petro and Gavin Stroy at the Black Hat USA Arsenal 2019 this summer.


Dan petro

About the speaker, Dan Petro

Lead Researcher at Bishop Fox

Dan Petro is a Lead Researcher at Bishop Fox and focuses on application penetration testing (static and dynamic), product security reviews, network penetration testing (external and internal), and cryptographic analysis. Dan has presented at several Black Hats and DEF CONs on topics such as hacking smart safes, hijacking Google Chromecasts, and weaponizing AI. He has developed several open-source tools including Untwister, which breaks pseudorandom number generators. Additionally, Dan has been quoted in Wired, The Guardian, Business Insider, and Mashable. Dan holds both a Bachelor of Science and a Master of Science in Computer Science from Arizona State University.
More by Dan

Gavin stroy

About the speaker, Gavin Stroy

Senior Security Consultant

Gavin Stroy (CCNP) is a Senior Security Analyst at Bishop Fox, where he focuses on application assessments (static and dynamic) and network penetration testing (external and internal). Gavin is an active member of the security research community and has published an article on Network Based File Carving in eForensics Magazine. He has spoken on the topic of machine learning at DEFCON China and has presented the AI tool Eyeballer at Black Hat USA in 2019.
More by Gavin

Ready to get started? We can help.

Contact Us

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.