Arbitrary Code Execution via PyTorch Pickle Serialization
Technical analysis of Python's Pickle Virtual Machine vulnerabilities in ML models, __reduce__ method exploitation, and transitioning to Safetensors.
5 docs tagged with "rce"
View all tagsHow to Craft a Polyglot File
Polyglot files are valid in multiple formats simultaneously (e.g., GIF + Shell Script). Learn how attackers use them to bypass RAG ingestion filters and achieve RCE.
Python Pickle RCE: The Architecture of Deserialization Exploits
A deep technical breakdown of the Python Pickle Virtual Machine (PVM), the __reduce__ magic method, and how ML models are weaponized for Remote Code Execution.
Reverse Shell Detection: Exposing Persistence in ML Artifacts
A deep technical breakdown of how attackers establish persistence via Python Reverse Shells, bypassing NAT and firewalls, and how to detect them via static AST analysis.
YAML Deserialization Attacks: RCE via Configuration Parsing
A deep technical analysis of how PyYAML deserialization maps tags to Python object instantiation, leading to Remote Code Execution in MLOps configuration pipelines.