In this talk we use deep learning and transfer learning to improve attacks based on unicode characters. We cover how to create the best dictionary of confusables (similarity among unicode characters) using a VGG16 model. This dictionary allows to create new sophisticated offensive tools and create new application testing procedures.
During the talk we discuss about of the limits of countermeasures for unicode encoding attacks, for example, how to avoid punycode and will show some bad validation in famous products as Whatsapp, Signal, Telegram, Skype, Openoffice, software for detection plagarism, among others.
We also plan to release this dictionary and the tool Deepconfusables.
Alfonso Muñoz
Miguel Hernández Boza
José Ignacio Escribano
