A cactus coup at the goldrush saloon: swindling machine learning caches via wagon train

Presented at CactusCon 12 (2024), Feb. 17, 2024, 2:30 p.m. (60 minutes).

Howdy! And welcome. All across the world, everyone is galloping ahead on machine intelligence, almost as though we're still assembling the wagon mid trail. Despite their ubiquity, there's a lot about machine learning models that might surprise you and definitely surprises many ML and security engineers. For example, models can contain malware and still give accurate results. But did you know you can administer the ML repos for household names and just have their engineers hand you over their models, training sets and more? As it stands today, ML is a great place for an attacker to operate, because ML environments have access to your data 'crown jewels' by necessity. No lengthy or complicated pivoting and privesc processes needed here. This presentation demonstrates how Adrian has distributed malware using undocumented, novel techniques compromising some of the largest companies in the world, one of which he discovered entirely unintentionally! Additionally, he will show you how to write ML malware and how to distribute it. You'll see a demonstration on how to loot the machine learning environments. And finally you'll learn how Mary developed detection opportunities and architecture to analyze thousands of machine learning models at scale and documented model architectures for forensic analysis. All the work done will be released as open source code to help you do the same and try out your own ideas to secure your saloon, as well as advice on mitigation and prevention.

Presenters:

• Adrian Wood / threlfall - Dropbox Red Team   as threlfall
  Adrian Wood, aka threlfall, discovered a love for hacking from cracking and modding video games and from the encouragement of online friends. He has worked as a red team consultant for WHITEHACK, a company he founded, and later as a lead engineer for an offensive research team at a US bank, where he was very interested in appsec, container security, CI/CD security and also founded their bug bounty program. He currently works for Dropbox, working on their red team. In his free time, he enjoys playing saxophone, working on vintage cars, and fly-fishing.
• mairebear - Dropbox Threat Intelligence
  Mary Walker, aka mairebear, is a security engineer for Dropbox, where she clicks and scrolls on the threat intel team. Her interest in malware started in the early 2000s, when she would willy-nilly delete registry keys to remove viruses on her parents' Windows XP machine. Prior to Dropbox, she worked at Amazon dabbling in developing tools for security teams, writing forensic automation in AWS, undertaking most flavours of forensics, and performing ad-hoc malware analysis. Outside of work, she plays video games and stress bakes in the Pacific Northwest with her husband and pets.

Links:

• https://cactuscon-12.sessionize.com/session/552315

Similar Presentations:

• CarolinaCon 13 (2017) / So you want to learn Machine Learning
• BruCON 0x09 (2017) / Practical Machine Learning in InfoSecurity Workshop
• CanSecWest 2024 / Malice in Chains: Supply chain attacks using machine learning models