InfoSec Write-ups

Home

Newsletter

About

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. Subscribe to our weekly newsletter for the coolest infosec updates: https://weekly.infosecwriteups.com/

Follow publication

Bypassing ML based phishing and spam detection using evasion

Harish SG

Published in

InfoSec Write-ups

3 min readSep 11, 2023

I am Harish SG, a security researcher who studies Masters in Cybersecurity at UT Dallas and AI security intern at Cisco,previously hunted on the Microsoft Bug Bounty Program and Google VRP

I am sharing this article for security awareness and educational purposes only and main purpose of this article to discuss issues in deep learning algorithms and I am sharing only personal opinions and none of these are related to my work at Cisco.

In this article, I am gonna share about How I was able to bypass ML based phishing and spam detection.

Example 1

ML model classified below email as phishing email

ML model classified below email as safe email

In this example email! with some small changes I am able to bypass ML based phishing email detection and this clearly shows dataset of this ML model biased on time sensitive messages

Example 2

ML model classfied below email as phishing email

ML model classfied below email as safe email

In this example email! with some small changes I am able to bypass ML based phishing email detection and this clearly shows dataset of this ML model biased on length of phishing email messages.

Bypassing ML based Spam detection

ML model classfied below twitter message as spam

ML model classfied below twitter message as not spam

I was able to bypass ML based with some small changes to make it look like safe messages. basically all dataset we used train ML models are biased with a subtle difference between one category and other category.

Think we should learn from this research

we should not depend on ML model for cybersecurity %100
we should implement additional validators along with ML models
ML models should be batch trained based on continous non baised feedback on output of ML models
dataset should be more generalised and it should cover almost all usecases.

Try hacking LLM : https://github.com/harishsg993010/DamnVulnerableLLMProject

Hacking into Bard : https://infosecwriteups.com/hacking-google-bard-24f9dfa7b455

Follow me on twitter: https://twitter.com/CoderHarish

Follow me on linkedin :https://www.linkedin.com/in/harish-santhanalakshmi-ganesan-31ba96171/

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Try for $5/month

Cybersecurity

Published in InfoSec Write-ups

57K Followers

Last published 12 hours ago

Written by Harish SG

1.1K Followers

9 Following

A Passionate security researcher

No responses yet

Write a response

What are your thoughts?

Also publish to my profile

More from Harish SG and InfoSec Write-ups

InfoSec Write-ups

Harish SG

Bypassing KYC using deepfake

I am Harish SG, a security researcher who studies Masters in Cybersecurity at UT Dallas and AI security intern at Cisco,previously hunted…

Jan 5, 2024

Powerful Linux Tricks That Will Change Your Life

InfoSec Write-ups

Frost

Powerful Linux Tricks That Will Change Your Life

If you’ve ever worked in a Linux environment, you know how powerful and versatile it can be. But let’s be honest, at first glance the…

Mar 12

InfoSec Write-ups

Anubhav Uniyal

HackTheBox | Titanic Writeup

This walkthrough details the process of exploiting the Titanic machine (Rated: Easy) on HackTheBox.

Mar 3

Can we make any smaller opensource LLM models smarter than human?

Harish SG

Can we make any smaller opensource LLM models smarter than human?

I am Harish SG, a security researcher who studied Masters in Cybersecurity at UT Dallas and AI security engineer at Cisco, previously…

Oct 4, 2024

See all from Harish SG

See all from InfoSec Write-ups

Recommended from Medium

The Dark Side of Bug Bounty Hunting: Frustrations No One Talks About

OSINT Team

Vivek PS

The Dark Side of Bug Bounty Hunting: Frustrations No One Talks About

Bug bounty hunting looks like a hacker’s dream — huge payouts, flexible work, and the thrill of breaking into systems legally. But behind…

6d ago

Free Labs to Train Your Pentest & CTF Skills ☣️

InfoSec Ninja

Adarsh Pandey

Free Labs to Train Your Pentest & CTF Skills ☣️

If you're passionate about cybersecurity, ethical hacking, or simply want to improve your pentesting and Capture the Flag (CTF) skills…

Feb 4

How SSRF Leads to RCE in a .NET Application

0xUN7H1NK4BLE

How SSRF Leads to RCE in a .NET Application

In the world of web application security, a Server-Side Request Forgery (SSRF) vulnerability can sometimes open a Pandora’s box, leading…

5d ago

Saumya Kasthuri

Part-2.8 Business Logic Testing

Test For Business Logic

Nov 12, 2024

How I Found My First P1 in a Bug Bounty Program

Cyx

How I Found My First P1 in a Bug Bounty Program

My name is Ignacio Jose Riva, and I am a full-time Bug Bounty Hunter actively working on Bugcrowd, hunting for all kinds of…

5d ago

Offensive Black Hat Hacking & Security

Harshad Shah

Cybersecurity Roadmap 2025

How to start cybersecurity in 2025?

Dec 14, 2024

See more recommendations

Help
Status
About
Careers
Press
Blog
Privacy
Rules
Terms
Text to speech