Joined October 2011
- Tweets 80
- Following 73
- Followers 119
- Likes 70
5 Photos and videos
My friends said I was crazy for taking extra math classes for fun ... they were right ... until now
29 Jul 2023
I'm seriously debating going back to school for a math degree now
1
1
259
Made a small pdf, with one page repeated a ton of times to test resource exhaustion against pdf parsers. It's not fancy, but I couldn't find something that did it already, so I quickly made something that did. Any other cool PDF parser attacks? gist.github.com/coldwaterq/f…
2
9
938
Not sure if I'll use Mastadon any more than I've used twitter, but defcon.social/@coldwaterq
Defcon youtube videos seem to be mostly live. This is the talk I presented, if anyone has any questions feel free to hit me up on here. youtu.be/lECEXFtVjig
1
3
Ever wondered what kinds of #machinelearning files could contain pickles. Let me know what I missed so than anyone attempting to avoid getting exploited can, and anyone looking for exploit targets can as well. #cybersecurity #DataScience github.com/coldwaterq/pickle…
2
5
ColdwaterQ (@coldwaterq@defcon.social) retweeted
10 Sep 2022
Some examples of search engine optimization are probably types of targeted evasion against recommender systems. “How can I get ranked as highly as possible in a broad range of categories?” in direct contradiction to the engine’s goals.
1
1
3
ColdwaterQ (@coldwaterq@defcon.social) retweeted
15 Aug 2022
The Wayback Machine has been the only snapshot of many early infosec conferences, and the only way InfoconDB could catalog and document what happened at these cons. InfoconDB could not exist as it does without the Internet Archive and Wayback Machine.
1
3
One important note - functionality of the model is retained and gives outputs like normal.
So glad I had the opportunity to present at #DEFCON30!! If you want to inject a mythic c2 agent into a pickled #MachineLearning model (default for most python frameworks) you can find the code for the wrapper at github.com/MythicAgents/pick….
1
1
5
ColdwaterQ (@coldwaterq@defcon.social) retweeted
15 Aug 2022
#DEFCON30 how do you want COVID reported for the unofficial poll? safety@defcon.org ?
2
4
12
So glad I had the opportunity to present at #DEFCON30!! If you want to inject a mythic c2 agent into a pickled #MachineLearning model (default for most python frameworks) you can find the code for the wrapper at github.com/MythicAgents/pick….
13
22
ColdwaterQ (@coldwaterq@defcon.social) retweeted
10 Aug 2022
@ColdwaterQ is talking about Backdooring Pickles: A decade only made things worse forum.defcon.org/node/241825 Friday at 13:00, Track 3
3
2
We have ~21 challenges donated by ~5 orgs that span all manner of ML attacks. Big shoutout to @GTKlondike @josephtlucas @JankhJankh @rharang @comathematician @ColdwaterQ @BenevOrang for their time and effort.
Stay tuned for more details!
4 Aug 2022
The AI Village is proud to announce our CTF for @defcon 30. Evade, poison, steal, and otherwise hack AI and ML systems. There'll be something for everybody, so check it out. Follow for more details.
1
9
22
I had a blast the one time I competed in @DefConScavHunt so 1 for this recommendation.
2 Aug 2022
Which is why you could play @DefConScavHunt
We make you go everywhere and interact with just about everyone!
4
If anyone wants to see me talk about embedding backdoors into existing pickled AI/ML models I'll be talking in Track 3 of Defcon at 1PM on Friday 8/12. If you want to watch it online, I'm guessing it may be broadcast at twitch.tv/defcon_dctv_three
2
6
13
litefuzz - application and network services fuzzer that runs on windows, linux and mac
github.com/sec-tools/litefuz…
#security #fuzzing #litefuzz
4
7
ColdwaterQ (@coldwaterq@defcon.social) retweeted
25 Jul 2020
Here is a small demo of my latest project, an ICMP backdoor listener that waits for a payload in the ethernet frame to then connect back with a reverse shell, both the implant and the code to generate the ping packet are in Go
asciinema.org/a/SvNWp9d8a6U3…
4
29
94