• tl;dr sec
  • Posts
  • [tl;dr sec] #174 - Mitigating SSRF in 2023, Isolation & Container Namespaces, Offensive AI Compilation

[tl;dr sec] #174 - Mitigating SSRF in 2023, Isolation & Container Namespaces, Offensive AI Compilation

The challenges in mitigating SSRF and the best way to do it, how Linux namespaces provide isolation properties for containers, resources on attacking AI models / using it for offensive purposes.

Hey there,

I hope you’ve been doing well!

Lift-ed Spirits

Despite living within a few hour drive of Tahoe for over a decade, I’d never been until recently.

It seems to be almost a rite of passage for Bay Area residents to do weekend pilgrimages to Tahoe to ski.

I managed to learn enough to go down a few runs that were quite fun, and retained most of my dignity, despite three foot tall young children (who haven’t yet learned to multiply) regularly zooming past me. And I only fell while waiting in line for the lift… twice.

Overall, would recommend 👍


 📢 Drata’s Compliance Trends Report 2023

74% of GRC teams aren't addressing known vulnerabilities for lack of bandwidth. This isn’t surprising when these same teams are spending over four thousand hours annually just to achieve or maintain compliance.

Fortunately, established and enterprise companies are shifting compliance from a burden to a business accelerator through processes that promote scalability and continuous compliance. If you’re interested to learn how and get the latest on the current and future state of compliance, check out our 2023 Compliance Trends Report.

📜 In this newsletter...

  • AppSec: Tool to sync many repos from GitHub, Security Tools Can't Just Be Friction Free, The Importance of Influence in Security Engineering

  • Web Security: Abusing HTTP hop-by-hop request headers, SSRF Cross Protocol Redirect Bypass, Mitigating SSRF in 2023

  • Cloud Security: Easily run web apps on Lambda, tarball S3 objects without downloading them, download Lambda code and scan it for secrets, log in and retrieve AWS temporary creds using SAML IDP, the many ways to access DynamoDB

  • Infrastructure as Code: Tool to provision EC2 to run former2 for generating IaC from existing AWS resources, 20 Terraform Best Practices to Improve your TF workflow, VS Code extension to generate live Terraform graph as you code

  • Container Security: Forensic container analysis, container security fundamentals: isolation & namespaces

  • Red Team: Leveraging ssh-keygen for Arbitrary Execution (and Privilege Escalation)

  • Politics / Privacy: Leaving China

  • Machine Learning: Build a chatbot of your site's content, ChatGPT Emacs shell, CLI Swiss Army Knife for ChatGPT, Offensive AI Compilation, How GitLab is using ML, Toward Comprehensive Risk Assessments and Assurance of AI-Based Systems

  • Misc: What's up with Twitter's 2FA, Mark Curphey resigns from OWASP board


Tool by Fatih Arslan to manage and sync a set of repositories from a group of remote repositories (say 100s) to your localhost. Useful for security research.

Security Tools Can’t Just Be Friction Free. Was SCA the Tipping Point?
Mark Curphey argues that it’s not enough to get developers to do the right (security) thing if it’s easy, doesn’t get in their way, and doesn’t give them more work, you also need to solve a problem they have. For SCA, it can help devs to upgrade dependencies with minimal friction (security is just a side benefit).

I started speaking to a number of engineering leaders that I trust and what I am learning is that frictionless security tools are now table stakes. If you aren’t friction free then you are stalled out of the gate, and it is no longer a differentiating factor in trials and sales.


I shifted my focus to work with the Execs and Engineering Leadership and this is when real change occurred. Those individual engineers were now given directives to fix vulnerabilities and security was prioritized against their other requests.

It is easier to align Engineering on Security initiatives when they have been sold the vision beforehand. People do not like surprises and are afraid of the unknown. If your partners understand the direction, they will be willing to walk that path. The bigger the org, the stronger and more frequent you need to sell your vision.


 📢 The Cloud Security Workflow Handbook

The Wiz research team surveyed security orgs at hyper-scaling enterprises to uncover how they’re adapting in 2023 and beyond. They packed their best-practices, frameworks, and templates into this playbook including:

  • A breakdown of the three pillars of the modern cloud security operating model best-in-class orgs are moving to.

  • A 4-step roadmap used by the fastest-growing companies to adapt to the new threat landscape.

  • Plus: Goals and KPI templates for your team to track based on maturity stage presented in a convenient cheat sheet.

Web Security

Abusing HTTP hop-by-hop request headers
Nathan Davison covers techniques that can be used to influence web systems and applications in unexpected ways, by abusing HTTP/1.1 hop-by-hop headers.

SSRF Cross Protocol Redirect Bypass
Doyensec’s Szymon Drosdzol describes finding a bypass in the SSRF filter for the popular request library, as well as a subtle issue in axios. He’s released a Semgrep rule to find axios misconfigurations.

Mitigating SSRF in 2023
Great overview by Include Security’s Laurence Tennant of the challenges in effectively preventing SSRF, and the pros/cons of a number of approaches: allowlisting or blocklisting, secure by default libraries, SSRF jail, network controls, request proxy. Recommendations:

  • Mature orgs: use the request proxying approach (e.g. Stripe’s Smokescreen), and zero-trust security architectures that require authentication for internal HTTP services.

  • For companies that don’t yet have resources to set up detailed network controls or maintain their own proxy infrastructure, an anti-SSRF application library applied on any endpoints that accept attacker-controlled input is a good initial mitigation.

Cloud Security

A tool to easily build web apps with familiar frameworks (e.g. Express.js, Next.js, Flask, SpringBoot, and Laravel, anything speaks HTTP 1.1/1.0) and run it on AWS Lambda.

A utility tool to create a tarball of existing objects in S3 without having to download the files.

A Python tool for AWS Lambda code analysis: takes a list of profiles, scans through them, downloads the code you have access to, and then processes that code for secrets.

By Versent: a CLI tool which enables you to login and retrieve AWS temporary credentials using a SAML IDP.

The Many Ways to Access DynamoDB
Sym’s Mathew Pregasen discusses the many ways to restrict access to a DynamoDB instance at both a framework and implementation level, utilizing patterns and tools such as RBAC, IAM, Terraform, Retool, and Sym.

Infrastructure as Code

Provisions an EC2 web instance running former2 for generating IaC scripts from existing AWS resources.

20 Terraform Best Practices to Improve your TF workflow
Various engineering (not security) best practices.

A VS Code extension by Ben Shmuel that allows you to generate a live Terraform graph as you code.

Container Security

Forensic container analysis
In Kubernetes, it is possible to create a checkpoint of a running container without stopping the container and without the container knowing that it was checkpointed. Red Hat’s Adrian Reber describes how to analyze a checkpoint using tools like checkpointctl, tar, crit and gdb.

Container security fundamentals part 2: Isolation & namespaces
Datadog’s Rory McCune describes how Linux namespaces provide fine-grained isolation of a container’s view of the host’s resources in a number of ways, and walks through useful tools in exploring how they work. Linux currently supports eight namespaces: Mount, PID, Network, Cgroup, IPC, Time, UTS, and User.

Red Team

Leveraging ssh-keygen for Arbitrary Execution (and Privilege Escalation)
Sean Pesce decribes how the ssh-keygen command can be used to load a shared library with the -D flag, which can be used for privilege escalation or to translate to arbitrary code execution from argument injection, file overwrites, etc.

Politics / Privacy

Leaving China
Why expatriates like Blake Stone-Banks abandoned the futures they planned in China.

The topic of war between America and China had come up with increasing frequency over the past year, often in business contexts, often when I was the only American in the room. No one knew what that would look like, and no one wanted to know.

Foreigners returning to China or moving into China for the first time will find a vastly different landscape than that prior to Covid. China’s leadership has made clear that they will prioritize unification and Party integrity over the economy and the well-being of their people.

Where expatriates of the past decades were drawn by the possibilities of China’s growing openness, the new generation will live under tightening restrictions and greater uncertainty.

Machine Learning

Build a chatbot or Q&A bot of your website’s content.

A ChatGPT Emacs shell
A wrapper around ChatGPT that you can interact with directly from Emacs.

Convert code repos into an LLM prompt-friendly format, allowing them to process the repo’s contents for various tasks, such as code review or documentation generation.

A CLI Swiss Army Knife for ChatGPT. It accepts piped input, arguments, or both, and allows you to save common prompt preambles for quick usage. Also provides utility methods to extract JSON or Markdown from ChatGPT responses.

Great list of useful resources on attacking AI models and using AI for offensive purposes (pentesting, malware, OSINT, phishing, generative AI, etc.) by José Escribano and Miguel Boza.

What the ML is up with DevSecOps and AI?
All filler no killer post by GitLab on how they’re using ML- currently for suggested reviewers and code suggestions (that thing GitHub Copilot/OpenAI Codex have been doing for awhile), neither of which are about security, despite the post title 🤔 I think there will be some promising work here, and I’m not trying to be negative about the author or GitLab, but some of the article’s text feels a bit cringe.

As the creators of the DevSecOps platform category, we are the founders behind a successful philosophy for bringing DevSecOps principles into practice… our platform also has an unrivaled level of visibility… It is in the rich data set underpinning that curated experience where unbounded opportunity lurks.


Toward Comprehensive Risk Assessments and Assurance of AI-Based Systems
Paper by Trail of Bits’s Heidy Khlaaf that proposes a novel, end-to-end AI risk framework that incorporates the concept of an Operational Design Domain (ODD), which can better outline the hazards and harms a system can potentially have. Trail of Bits has also launched a practice focused on machine learning and AI.


Much ado about Twitter: What’s going on with 2FA?
Tall Poppy breaks down Twitter’s recent changes, what that means for your security, and what you should do about it. In short: you’ll need to have a paid Twitter Blue account to keep using SMS 2FA, but you should use a Yubikey or Authenticator app instead.

At yesterday’s OWASP board of Directors meeting, I resigned my board position.
Mark Curphey plans to instead pursue a more “centrally-funded, centrally-organised community that can attract and generate funding to invest in a focused, planned and coordinated set of sustainably high quality projects. That is a fundamentally different type of community with a different governance model, different funding model, different operating model, …”

✉️ Wrapping Up 

Have questions, comments, or feedback? Just reply directly, I'd love to hear from you.

If you find this newsletter useful and know other people who would too, I'd really appreciate if you'd forward it to them 🙏

Thanks for reading!