Thursday, December 31, 2020

Vulnerabilities of Machine Learning Infrastructure (Slides/Video)

Vulnerabilities of Machine Learning Infrastructure talk as presented at CodeBlue 2020 Japan and Standoff365 by Sergey Gordeychik.

The boom of AI brought to the market a set of impressive solutions both on the hardware and software side. On the other hand, massive implementation of AI in various areas brings about problems, and security is one of the greatest concerns.

Friday, December 18, 2020

GradeZero - A Chance


In the hustle and bustle, it is very easy to walk past the crossroads of Fortune, points where we can change our destination and take a new path. Often her signs interfere with us, annoy us and we try not to notice them, fearing to fall out of rhythm, even if the usual rut does not bring anything more than a kaleidoscope of glasses.
Listen carefully, watch out! Fate always gives a new chance, don't miss it!



Saturday, November 14, 2020

Vulnerabilities of Machine Learning Infrastructure

As presented at The Standoff online cyber-range and security conference by Sergey Gordeychik.



In this talk we will present results of hands-on vulnerability research of different components of AI infrastructure including NVIDIA DGX GPU servers, ML frameworks such as Pytorch, Keras and Tensorflow, data processing pipelines and specific applications, including Medical Imaging and face recognition powered CCTV. Updated Internet Census toolkit based on the Grinder framework will be introduced.

Saturday, November 7, 2020

GradeZero - Expansion

Sooner or later, everyone has a moment when we find ourselves at the end of the road. A path that seemed to us endless and promised at its end shimmering victories. But instead, all our dreams and hopes become empty, dull and meaningless. The hero of "Expansion" decided to manage it in a cardinal way - he flew to Mars. 

Wednesday, October 28, 2020

NVIDIA DGX machine learning servers vulnerabilities

NVIDIA has published fixes for vulnerabilities in NVIDIA Machine learning servers with CVSS up to 9.8.

NVIDIA DGX-1, DGX-2, and DGX A100 Servers are affected and can be hacked via BMC OOB interfaces. 

Friday, October 9, 2020

Tuesday, August 18, 2020

Wind Turbines strikes again

 

Nice to see Nordex devices featured in SCADA StrangeLove "Too Smart Grid in da Cloud" talk back to 2014 available via SatCOM in 2020.

Saturday, July 25, 2020

Vulnerabilities in AI Healthcare pipelines

Must see if you use/develop Artificial Intelligence in Healthcare and care about Cybersecurity and Privacy.


Monday, July 13, 2020

How to make your own Internet Census

Simple writeup on the Internet-scale census with example or Artificial Intelligence and Machine Learning infrastructure assessment by Antony Nikolaev. Sample Lab of Cybersecurity of Machine Learning and Artificial Intelligence at Harbour.Space University.

Just in case if you need spare Tensorboard in Africa or Kubeflow elsewhere.


Monday, July 6, 2020

Hacking Odyssey at HITBLockdown002

How to Hack Medical Imaging Applications via DICOM by Maria Nedyak

DATE: July 25, 2020
TIME: 04:00 PM - 05:00 PM (GMT +8)

Monday, June 15, 2020

Hacking Kubeflow for fun and mining

Microsoft Azure Security Center (ASC) recently published detailed description of Kubeflow backdooring attack.

Tuesday, June 2, 2020

A practical guide to SD-WAN Evil

Good writeup by Marcel Gamma. A story about Silverpeak SD-WAN vulnerabilities discovery / fixing / disclosure.


Wednesday, May 13, 2020

Digital Lockdown: AI vs COVID-19


A free webinar series featuring industry leaders from Harbour.Space University’s faculty of practicing professionals, sharing valuable content and insiders’ knowledge that you don’t learn in traditional classrooms!

Registration

Tuesday, May 5, 2020

Malicious Portal SilverPeak REST API access

Details about new security vulnerabilities in SD-WAN solution. There is no authentication between cloud SilverPeak’s Portal on the Internet and customers’  EdgeConnect devices. EdgeConnect doesn’t authenticate Portal. Portal can execute any command on EdgeConnect via REST API.

Monday, April 20, 2020

SilverPeak’s IPsec UDP protocol implementation fails to provide forward secrecy

The IPsec UDP protocol implementation in SilverPeak EdgeConnect product fails to provide the claimed perfect forward secrecy property. Additionally, the product provides interfaces and has vulnerabilities that can be used to reconstruct the traffic encryption keys for all tunnels.


Tuesday, April 14, 2020

AI Finger 2020

New release of Internet census of Machine Learning and Artificial Intelligence Frameworks and Applications, April 2020.