New blog just dropped 🤠 I've spent hours boiling down why adversarial examples fundamentally exist, distilled down to technical crystal-clear explanations anyone can grasp. This is what I wish someone had given me months ago. Give it a read ❤️ .

My old team is hiring! Its one of best internal Red Teams IYKYK. Lots of complex & challenging ops in an environment with $1B/yr cyber spend. Huge training budgets & all the toys/gadgets money can buy 😎 the team is seriously amazing. Check out the posting for more details.

Introducing Grok Imagine.

Great research 🔥 pretty insane level of risk to leave your users exposed to for months. Not implementing an immediate fix & waiting on protocol upgrade feels kinda shitty. The full article + triage timeline & conversation is worth the read.

Check out @hiddenlayersec newest transferable & universal prompt attack technique coined "Policy Puppetry". It's hot out of the oven & ready for you to use on your next red team 🔥.

Happy to announce that I've joined the world's best @HiddenLayerSec! 🔥 I'm absolutely pumped to be securing AI with this insanely stacked & talented team. Good times on the horizon 😎.

So those vulnerabilities I found in that sex toy app 3 years ago. the ones where I could access 60,000+ accounts & all their super private data? They might FINALLY be fixing everything. Super weird experience. Heavily redacted blog post dropping soon if all goes well 👀.

Finally finished reading 🤯 this is 100% a must read. I dont know of anyone else who's consistently finding insane vulns in AI/ML projects & posting writeups/sharing their thought process. Patrick doesn't miss 🎯.

Maybe its a mindset issue, but spending time reading AML ATK/DEF papers to midway realize its 99% useless in the real world feels. annoying? Especially when proven w/ unnecessary constraints + the fact that research clusters are so far detatched from "real" deployment clusters.

👀👀👀🔥🔥🔥🔥.

Happy holidays folks! Here's to happiness, love, success, and as always stylish shells 🐚 in the year ahead ❤️

It's a hard sell

Dopped a spicy 25-min read exploring adversarial ML 🤠 It's a mix of in-depth & light peppering of the broader field. So much I couldn’t fit (extraction, inversion, poisoning), but I hope it sparks curiosity. Made for learners no fancy background ❤️.

Dropping a lengthy blog this week on adversarial AI/ML attacks (evasion & kinda-poisoning). Beginner-friendly, covering fundamentals, math & theory. We often overestimate the difficulty of published defenses. Lots of cool attacks can often reduce accuracy to (below) chance

My colleague @0xd3adbeef_ just published a great blog outlining his methodology in discovering CVE-2024-31227, a DoS in Redis (7.0-7.2.4). It's a great writeup covering fuzzing techniques with AFL++ & writing harnesses for network services .

Okay, I'll stop glazing @dreadnode after this post, but their CTF platform Crucible for adversarial AI/LLM is HANDS DOWN the best out there. It’s free, the challenges are incredible! Truly the perfect place to apply your skills and keep learning 💯🔥

I've done a heaps of trainings and far too many courses & yet none compare to @dreadnode adversarial Ml training taught by @moo_hax & @monoxgas. This course has been an absolute slingshot into developing non-bullshit AI/ML red teaming capabilities.

This method allows you to read any file on the NTFS volume regardless of permissions or locks imposed by the OS. Obviously avoid using dumb high-level windows APIs like CreateFile. NTFS ReadFile is too noisy for EDRs.

Not enough people realize how poorly EDRs monitor NTFS 😅 nothing stops you from directly reading the MFT & extracting files from NTFS. Just read raw data from sectors, parse MTF for non-resident files, reconstruct files w/ NTFS structure on disk, extract the file contents 🙂.

I've been on a bit of a hiatus these last few months. Wasn’t sure I'd even come back to infosec at all. Life’s dealt me some shit hands lately. I'll try to slowly pump out blogs & reply to messages. Sorry if I left you on read, wasn’t intentional - just had a lot going on.

You hate to see it 🙃