Here is a small demo of my latest project, an ICMP backdoor listener that waits for a payload in the ethernet frame to then connect back with a reverse shell, both the implant and the code to generate the ping packet are in Go asciinema.org/a/SvNWp9d8a6U3…

If anyone wants to see me talk about embedding backdoors into existing pickled AI/ML models I'll be talking in Track 3 of Defcon at 1PM on Friday 8/12. If you want to watch it online, I'm guessing it may be broadcast at twitch.tv/defcon_dctv_th…

I had a blast the one time I competed in DEF CON Scavenger Hunt so +1 for this recommendation.

We have ~21 challenges donated by ~5 orgs that span all manner of ML attacks. Big shoutout to Netsec Explained Joe Lucas Jankh Rich Harang Sven Cattell ColdwaterQ (@[email protected]) Jacob B ⚜️🦧 for their time and effort. Stay tuned for more details!

ColdwaterQ (@[email protected]) is talking about Backdooring Pickles: A decade only made things worse forum.defcon.org/node/241825 Friday at 13:00, Track 3

So glad I had the opportunity to present at #DEFCON30!! If you want to inject a mythic c2 agent into a pickled #MachineLearning model (default for most python frameworks) you can find the code for the wrapper at github.com/MythicAgents/p….

One important note - functionality of the model is retained and gives outputs like normal.

#DEFCON30 how do you want COVID reported for the unofficial poll? [email protected] ?

Jason Scott The Wayback Machine has been the only snapshot of many early infosec conferences, and the only way InfoconDB could catalog and document what happened at these cons. InfoconDB could not exist as it does without the Internet Archive and Wayback Machine.

Some examples of search engine optimization are probably types of targeted evasion against recommender systems. “How can I get ranked as highly as possible in a broad range of categories?” in direct contradiction to the engine’s goals.

Ever wondered what kinds of #machinelearning files could contain pickles. Let me know what I missed so than anyone attempting to avoid getting exploited can, and anyone looking for exploit targets can as well. #cybersecurity #DataScience github.com/coldwaterq/pic…

Defcon youtube videos seem to be mostly live. This is the talk I presented, if anyone has any questions feel free to hit me up on here. youtu.be/lECEXFtVjig

Not sure if I'll use Mastadon any more than I've used twitter, but defcon.social/@coldwaterq

Made a small pdf, with one page repeated a ton of times to test resource exhaustion against pdf parsers. It's not fancy, but I couldn't find something that did it already, so I quickly made something that did. Any other cool PDF parser attacks? gist.github.com/coldwaterq/ff0…

My friends said I was crazy for taking extra math classes for fun ... they were right ... until now