New research just dropped I'll be presenting at @wearetroopers.bsky.social next week - Attacking ML Training Infrastructure
💥 Model poisoning for code execution
⚠️ Abusing ML workflows
⚙️ MLOKit updates and new threat hunting rules
www.ibm.com/think/x-forc...
Register while you still can for @retbandit.bsky.social and I's @blackhatevents.bsky.social #BHUSA training, seats are filling up fast!!
www.blackhat.com/us-25/traini...
I am thrilled to be presenting new research on attacking ML training infrastructure at @wearetroopers.bsky.social this summer. Stay tuned for a blog post and lots of updates to MLOKit closer to the conference!
Learn 📝 about this emerging topic in a first-of-its-kind #BHUSA training from @retbandit.bsky.social and I where you will use hands-on labs to perform attacks such as model theft, model poisoning and much more 🤖
blackhat.com/us-25/traini...
[Blog] This ended up being a great applied research project with my co-worker Dylan Tran on weaponizing a technique for fileless DCOM lateral movement based on the original work of James Forshaw. Defensive recommendations provided.
- Blog: ibm.com/think/news/f...
- PoC: github.com/xforcered/Fo...
I am excited to announce the first conference dedicated to the offensive use of AI in security! Request an invite at offensiveaicon.com.
Co-organized by RemoteThreat, Dreadnode, & DEVSEC.
The Security Conversation - The value of offensive security work is fully realized by participation in the security conversation.
aff-wg.org/2025/03/13/t...
#MythicTip Want to start automating stuff with Mythic, but not sure where to start? Check out the built-in Jupyter notebooks with Mythic Scripting installed and have fun! Lots of ready to run examples exist already :) Just log in with the Jupyter token from your .env file
It was an honor to speak at the @780thmibdecyber.bsky.social’s AvengerCon on the use of AI in Offensive Cyber Operations, Vuln Discovery/Weaponization, OST Dev as well as attacking AI systems.
Here’s a few slides from the talk…
@NSACyber @ARCYBER @CISAgov @US_CYBERCOM
Normally you can't auth to Entra ID connected webapps with bearer tokens. But if Teams can open SharePoint/OneDrive with an access token, I guess so can we. roadtx now supports opening SharePoint with access tokens in the embedded browser 😀
New blog post on the abuse of the IDispatch COM interface to get unexpected objects loaded into a process. Demoed by using this to get arbitrary code execution in a PPL process. googleprojectzero.blogspot.com/2025/01/wind...
If you would like to learn how to attack and defend popular platforms that are used to develop and deploy ML models, early sign-up is now available for @retbandit.bsky.social and I's @blackhatevents.bsky.social training course ⬇️
www.blackhat.com/us-25/traini...
In Part 1 of my Intune Attack Paths series, I discuss the fundamental components and mechanics of Intune that lead to the emergence of attack paths: posts.specterops.io/intune-attac...
Live streams from the last ShmooCon security conference, which took place last week, are available on YouTube
www.youtube.com/playlist?lis...
Thank you very much, glad you enjoyed it!
You can find our @shmoocon.bsky.social presentation slides at the below GitHub repo. Thanks again to all that attended. Also, thank you to the conference organizers for putting on a great con and having us! #shmoocon
github.com/h4wkst3r/Con...
Thank you Casey, we really enjoyed your talk as well on the Windows projected file system!!
New
@netspi.bsky.social
blog out today on "Hijacking Azure Machine Learning Notebooks (via Storage Accounts)". This is very similar to Storage Account attacks that have been done against Function/Logic Apps and Cloud Shell - www.netspi.com/blog/technic...
Whitepaper and MLOKit tool referenced in blog post:
Whitepaper 📝
www.ibm.com/downloads/do...
MLOKit Tool 🔨
github.com/xforcered/ML...
MLOps platforms are becoming critical to enterprises. This has caused @retbandit.bsky.social and I to research these platforms and how they can be abused by attackers. Check out our research we will be presenting @shmoocon.bsky.social this week.
securityintelligence.com/x-force/abus...
IBM X-Force's Logan Goins has released Krueger, a .NET tool for remotely killing EDR using the Windows Defender Application Control (WDAC) utility
github.com/logangoins/K...
Detection Engineering is sometimes hard, and may fail. Still a lot of things can be learned by the process. In this blog I cover a lot. I had a detection, currently it's broken but MS is on it :D
medium.com/falconforce/...
Secureworks Japan has released PyTune, a post-exploitation tool for enrolling fake devices into Microsoft Intune
www.blackhat.com/eu-24/briefi...
github.com/secureworks/...
@retbandit.bsky.social and I are thrilled to be speaking @shmoocon.bsky.social in January on research we have been conducting on attacking and defending popular enterprise Machine Learning Operations (MLOps) platforms we see during adversary simulation engagements. Whitepaper and tool coming soon!
