NorthSec 2024

With Great gAIn Comes Greater Security Issues - When ML Frameworks' Scale for Growth Incorporates Security Risks to Users' Cloud Accounts
05-16, 10:00–10:30 (US/Eastern), Salle de Bal

There are various Machine Learning/BigData frameworks that have become quite popular in the past year due to the release of ChatGPT. This sudden popularity has caused that the scale for growth in parallel computing comes first and leaves aside the implementation of security mechanisms in some of the frameworks' components. In this talk I will go over the research process that I performed on one of these frameworks in an AWS install, showing how it started as two vulnerabilities in a web dashboard and quickly became privilege escalation in an AWS account.


What is the language of your talk/workshop?

English

As a senior penetration tester at Bishop Fox, Berenice focuses on application security and cloud penetration testing (AWS). In the past year, Berenice has worked in security research against frameworks in the cloud. Berenice holds many cybersecurity certifications including Offensive Security Certified Professional (OSCP), Off-Sec Web Assessor (OSWA) and Offensive Security Wireless Professional (OSWP).
When she's not finding bugs, Berenice enjoys attending hacking conferences and collecting stickers, pins and token coins.

This speaker also appears in: