Probabl invites you to their event

[Webinar] Let’s exploit pickle, and skops to the rescue!

About 1 hour

About this event

Pickle files can be evil and simply loading them can run arbitrary code on your system. This talk presents why that is, how it can be exploited, and how skops is tackling the issue for scikit-learn/statistical ML models. We go through some lower level pickle related machinery, and go in detail how the new format works.

And a longer one if you want:

Pickle files can be evil and simply loading them can run arbitrary code on your system. This talk presents why that is, and we show in simple ways how you can create such an exploit. It would give you a good basis to understand pickle vulnerabilities. This talk also gives you the resources to find more about these exploits.

We then talk about how skops [1] is tackling the issue for scikit-learn/statistical ML models. We go through some lower level pickle related machinery, and go in detail how the new format works. The new format does not only solve the issue for scikit-learn models, but also for most third party estimators which are in the same ecosystem.

In terms of usage, you can simply chage two import statements and use the new format almost as a drop in replacement.

[1] https://skops.readthedocs.io/en/stable/persistence.html

Hosted by

  • External speaker
    AJ E
    Adrin Jalali

Probabl

Own Your Data Science

We are Probabl, the company created by the founders of scikit-learn

View all events
Host webinars on Host webinars on Livestorm
Virtual Meetings Webinars Virtual Events On-Demand Webinars Automated Webinars Product Demos Company communication Customer training Live Q&As Employee onboarding Live events