Do you like Security, Data analytics and other goodies? Share Jankh's interest while they speak about "Introduction to Adversarial ML and other AI attacks"!

I realised I never posted this here :) jankh.medium.com/can-you-trust-…

We have ~21 challenges donated by ~5 orgs that span all manner of ML attacks. Big shoutout to Netsec Explained Joe Lucas Jankh Rich Harang Sven Cattell ColdwaterQ (@[email protected]) Jacob B ⚜️🦧 for their time and effort. Stay tuned for more details!

Join our #defcon AI security capture-the-flag; ends on Sep 12th. 22 challenges from 5 orgs (thanks NVIDIA, Jankh, Jacob B ⚜️🦧, and us). Kaggle is providing $25k in prizes. Beginner or pro, play from anywhere! #defcon30 kaggle.com/competitions/a…

I wrote 5 Challenges for the AI Village CTF at DEFCON. I thought I'd write up a blog post to talk about the inner workings of them. Shout outs to the whole AIV team but especially moo and Joe Lucas running the show. link.medium.com/WGQpZiArttb

Internal feedback from our own Kaggle Grandmaster team was that, “Token was particularly elegant”.

I found and disclosed my first critical AI vuln yesterday :) Sorry to the team who just lost their weekend to it lol.

I just published a pretty novel blog post on turning two low-risk vulnerabilities into system admin compromise by using session fixation to bypass CSRF protections. Give it a read :) link.medium.com/8aPeXbQoRxb

At DEF CON 31 I did the Payment Village Workshop, CTF, and Card Hacking Challenge. Was an absolute blast. Here's my writeup on how I did the card hacking challenge. medium.com/@jankh/stealin… Thanks to paymentvillage for running it, was absolutely eye opening.

It's that time again, the AI Village @ DEF CON CTF has started over at Kaggle! Huge shoutout to Kaggle for hosting - they are an awesome partner. Also want to thank NVIDIA Protect AI NetSPI Giskard and Jankh for their challenges! kaggle.com/competitions/a…

During #BHEU Briefing "Breaching the Perimeter via Cloud Synchronized Browser Settings" Jankh will demonstrate novel techniques to leverage these settings to wreak havoc against an internal network. Register now >> bit.ly/3M12b4p

We've come to the end of the AI Village @ DEF CON AI/ML CTF hosted by Kaggle Congratulations to the winners, and congrats to anyone who learned something new! You can see all the clever things players came up with to solve challenges. kaggle.com/competitions/a… 30 days is a long

Did you know that if you edit the html within an Iframe on a page JavaScript doesn't have permission to read(CORS), it will rewrite it to the DOM unsafely and allow the JavaScript to read it? I can't seem to find a non-SE way to exploit it, but sure is quirky

Smashed the Card Hacking Challenge for the paymentvillage @ DEF CON again this year. Within the two challenges and I found 3 vulns, plus a fun way to chain them into a neat infinite money glitch. Full writeup is here, would recommend a read. medium.com/@jankh/an-infi…

Last week I hacked an HVAC, Water Treatment Plant, and a Smart Grid as part of the Hack The Box Cyber Skills Benchmark CTF Competition. I thought I'd give writing up the concepts and methodology a go as it's a pretty unusual space within cyber. medium.com/p/fires-floods…

Chip cards didn’t save us. Here’s how attackers still break payment systems — and what it looks like in the wild: paymentvillage.substack.com/p/cards-are-st… #infosec #payments #ctf #defcon