CIIT 2018

Last weekend I had a chance to present on 15th International Conference on Informatics and Information Technologies.
The talk was called Adversary Model for Machine Learning, and focuses on how to approach the topic of threat modeling for AI.

Copy of the presentation can be found in my GitHub repository.

Linkedin unread notifications count is open for everyone

Whenever I get email from Linkedin, there’s the logo at the top with the unread notifications count.
It’s nice detail, and of course, will be even nicer if I can find a way to abuse this.

Read More

Makedonski telekom and the 18 months old breach

Makedonski telekom is the second largest telecommunications provider in Macedonia.

The web version of their iptv service called MaxTV was hacked and had links to (fake) online pharmacy stores.

Read More

IPTV streams from Orion TV

Orion TV is Serbian iptv app created by Orion Telekom.
It’s been few months since they started the promo period for their mobile iptv app, allowing you to watch all channels for free.

Read More

Awesome AI Security

Last month I started Awesome AI Security , list dedicated to sharing resources about AI Security.
The response has been better than expected, 45 watches, 549 stars and 55 forks.
Unfortunately there were 0 pull requests. Hopefully, those will come soon.

PwnedPasswords as java library

Pwned Passwords is service provided by Have I been pwned?
It’s a collection that contains millions of real world passwords exposed in data breaches.
This exposure makes them unsuitable for ongoing use as they’re at much greater risk of being used to take over other accounts.

Read More

Adversary Models for AI

When discussing security it’s useful to have a model of your adversary.
Models help us understand the impact of the selected adversary and develop optimal attack and defense strategies.

Read More

How machine learning works

I’m starting new blog series designed to highlight and explore the security challenges in the AI world.
Before I dive into this AI thing, I wanted to do a basic tutorial, a high overview on how machine learning works.

Read More

XSS Weekend

Last weekend I was playing with 1188.mk, an online white pages directory aimed at people in Macedonia.
The goal was to bypass the captcha, and get another tool in my automated OSINT tools collection.
The captcha bypass mission failed, but I found xss on 1188 and 3 other websites from the same company (Itea Solutions).

Read More

You're doing it wrong! #mkfail edition

What happens when website owners get notified about security issues, and they decide to ignore the report?
They become part of blog posts, like this one for example.

Read More