| license: mit | |
| tags: | |
| - security-research | |
| - proof-of-concept | |
| # msgpack-numpy Scanner Evasion PoC (CWE-502) | |
| **Security Research - Proof of Concept** | |
| This repository contains a malicious `.msgpack` model file that embeds a pickle payload via msgpack-numpy's numpy object array serialization (`dtype='O'`). ProtectAI modelscan 0.8.8 returns `SCAN_NOT_SUPPORTED` for `.msgpack` files, so the embedded pickle payload bypasses safety scanning. | |
| ## Files | |
| - `malicious_model.msgpack` — Malicious model file with embedded pickle payload | |
| - `poc.py` — Full PoC script that creates the model, scans it, and demonstrates code execution | |
| ## Usage | |
| ```bash | |
| pip install msgpack msgpack-numpy modelscan | |
| python poc.py | |
| ``` | |
| ## Disclaimer | |
| This PoC is for authorized security research only. The payload writes a harmless sentinel file to `/tmp/`. | |