toolsmith snapshot: Protect AI ModelScan

Protection Against Model Serialization Attacks

 Posted on February 16, 2025  |  5 minutes  |  Russ McRee, Ph.D.

/post/modelscan/modelscan-thumb.png

Protect AI’s OSS portfolio includes tools aimed at improving security of AI/ML software. These tools are meant for a wide range of engineering, security and ML practitioners including developers, security engineers/researchers, ML engineers, LLM engineers and prompt engineers, and data scientists.
Of particular interest in light of model serialization attacks is ModelScan.

[Read More]
AI  ModelScan  Tensorflow  serialization  toolsmith  Python  data science 

Sandfly Security

toolsmith #151: Agentless Linux security with unmatched speed and reliability

 Posted on June 28, 2023  |  5 minutes  |  Russ McRee, Ph.D.

Sandfly Security, headquartered in New Zealand (where they know sandflies all to well), refers to itself as such because they’re like sandflies: they relentlessly bug and discourage intruders, deploying like a swarm onto endpoints, then disappear only to return again and again. Theses swarms of checks make life miserable for hackers on Linux hosts while minimizing system impact. I’ve been following Sandfly’s Craig Rowland on Twitter for awhile with the intent of giving Sandlfy a look for toolsmith, and in the time I’ve kept watch, the offering has grown into a comprehensive and robust platform for Linux security.

[Read More]
blue team  sandfly  linux  agentless  toolsmith  visualization 

EDA with CISSM

toolsmith #150: Exploratory Data Analysis with University of Maryland's Center for International and Security Studies Cyber Attacks Database

 Posted on May 4, 2023  |  12 minutes  |  Russ McRee, Ph.D.

Introduction

Exploratory data analysis (EDA) is a mission critical task underpinning the predominance of detection development and preparation for cybersecurity-centric machine learning. There are a number of actions that analysts can take to better understand a particular data set and ready it for more robust utilization. In the spirit of toolsmith, and celebration of this being the 150th issue since toolsmith’s inception in late 2006, consider what follows a collection of tools for your security data analytics tool kit.

[Read More]
blue team  data science  ggplot2  R  toolsmith  visualization 

HolisticInfoSec

Russ McRee

 Posted on January 1, 0001  |  5 minutes  |  Russ McRee, Ph.D.

Russ McRee writes award-winning toolsmith, published monthly as often as possible. ;-) As of August 2018, toolsmith is exclusively published via holisticinfosec.io. From September 2015 through August 2018, toolsmith was exclusively published at the HolisticInfoSec blog. From November 2006 through August 2015, toolsmith was published in the ISSA Journal. Thank you for your continued patronage and support. August 2015 - There Is No Privacy - Hook Analyser vs. Hacking Team July 2015 - Malware Analysis with REMnux Docker Containers June 2015 - IoT Fruit - Pineapple and Raspberry May 2015 - Attack & Detection: Hunting in-memory adversaries with Rekall and WinPmem April 2015 - Rapid Assessment of Web Resources (RAWR! [Read More]
toolsmith