Bishop Fox, the largest private professional services firm focused on offensive security testing, has created a new AI-based, open source pentesting tool called Eyeballer. Senior Security Associate Dan Petro and Senior Security Analyst Gavin Stroy presented Eyeballer to the world today at a 2019 Black Hat Arsenal presentation, “A Picture is Worth a Thousand Vulns Weaponized Machine Learning to Target Website Screenshots,” in Las Vegas.

The machine learning Eyeballer tool was designed to help pentesters quickly identify what websites are “interesting” and which ones aren’t when looking at a large-scale external perimeter. Notably, Eyeballer doesn’t actually “hack into” anything. Its whole job is to look at screenshots of websites and identify the ones that are most likely to contain actionable leads for the human hacker.

Read More: Strategy Analytics: Sony Captures a Third of VR Hardware Revenues as Market Transitions to Higher Quality

“We strongly believe that the future of hacking includes augmenting human expertise with AI analysis. While there are a number of AI tools on the defensive side, there are few, if any, that pentesters can use for offensive security,” said Petro. “With Eyeballer, we wanted to make a practical pentesting tool that would help every offensive hacker do their jobs better and faster.”

Eyeballer uses a convolutional neural network to sift through mountains of screenshots and tells the hacker what is likely to have vulnerabilities and what isn’t, just by looking at it. Specifically, Eyeballer tags images with one or more labels that are of specific value to pentesters: things that human beings typically are looking for during large scale external engagements. For example: Is the site old-looking? Does it have a login? Is it the homepage of the app? Is this a custom 404 page?

Read More: Dragonchain Open Sources Its Blockchain Platform

In particular, finding websites that “look old” is extremely valuable when trying to break in. Old websites have a distinct look-and-feel that is hard to pinpoint an exact definition for, and impossible to make a traditional signature on. Yet, they’re extremely valuable targets for pentesters. Having AI that can identify “old looking” websites is extremely useful.

“In terms of accuracy, our latest Eyeballer models are hitting a benchmark of approximately 92% overall accuracy on an evaluation dataset,” add Stroy. “Eyeballer is a practical pentesting tool that security professionals can use now in the real world.”

Read More: VeChain Toolchain Brings Inspiration for Enterprise-Level Blockchain Application at the World Blockchain Summit in Singapore

Bishop Fox Introduces New AI-Based, Open Source Pentesting Tool at 2019 Black Hat Arsenal

Authors

Opsani Secures $10 Million Series A Funding From Redpoint Ventures For AI-Driven Continuous Optimization Of Cloud Applications

Actifio GO Expands to Copy Data Management-as-a-Service Offering Now Available on Google Cloud Platform Marketplace

Related Articles

Switch Continues to Expand Strategic Sales Team with Addition of Jeffery Bryce

New Announcement Trailer for the Location-Based Mobile MMORPG Otherworld Heroes

Outsmarting Deep Fakes: Researchers Devise an AI-Driven Imaging System That Protects Authenticity

Snowflake Joins with Adobe to Transform Customer Experiences

Comcast Acquires BluVector, Developer of AI-Powered Cybersecurity Technology

F.N.B. Corporation Expands Data Science Expertise to Enhance Customer Experience

Leave a Reply Cancel reply

How To Increase Your Brick-And-Mortar Sales Without Risking Profit Margins

Of Interest? Can AI Think Ethically?