threlfall

Adversaries sometimes compute gradients. Other times, they rob you.

Build your adversary flywheel.

Posted on April 23, 2024

Adversaries sometimes compute gradients. [Read More]

Tags: ml sdlc red team

What enables malicious models?

It's not just about the malicious models, to create a practical attack path, you need more ducks in a row.

Posted on March 4, 2024

Practicalities of Malicious Models [Read More]

Tags: ml malware sdlc red team

Introducing the Offsec ML Playbook v0.1

Enabling Red Teams to quickly leverage TTPs on ML infrastructure

Posted on October 26, 2023

Offsec ML Playbook [Read More]

Tags: ml malware sdlc red team

Using KServe to deploy malicious models

Weaponizing MLops for red teams and bounty hunters

Posted on October 25, 2023

This post builds upon my prior research into what red teams can do with ML environments. Now we look at using other components of common ML pipelines in our attacks as either pre or post exploitation targets. [Read More]

Tags: ml malware sdlc red team

Model Confusion - Weaponizing ML models for red teams and bounty hunters

How I hacked a bunch of companies via machine learning attacks.

Posted on August 8, 2023

This post accompanies my DEFCON31 AI Village talk - “You sound confused, anyways… Thanks for the jewels”. [Read More]

Tags: ml malware sdlc red team