• tl;dr sec
  • Posts
  • [tl;dr sec] #196 - How Secrets Leak in CI/CD, AI Threat Modeling, Supply Chain

[tl;dr sec] #196 - How Secrets Leak in CI/CD, AI Threat Modeling, Supply Chain

Some subtle ways secrets leak and how to mitigate, AI threat modeling for policymakers, in-toto and TACOS

Hey there,

I hope you’ve been doing well!

What We’re Known For

Recently Whose Line Is It Anyway had a show in San Francisco.

It’s long had a place in my heart, as I loved the TV show as a kid. It’s also what originally got me into doing improv comedy!

A friend who attended the show said at one point they asked for an SF-inspired suggestion and received: “Poop,” “Poop on the ground,” and “Needles.” Oof.

In other #PeakBayArea news, I recently went on a mini road trip and we tested my friend’s Tesla’s self-driving functionality.

It only almost made us do something dangerous (like drive into a shortly ending side lane) ~3 times, not bad 😅 

Hope you’ve recovered from Hacker Summer Camp!


📣 Securing Mailboxes: Lessons from the Storm-0558 Attacks

We’ve all seen the news related to recent activities from a China-based threat actor with espionage objectives. It should come as no surprise that mailboxes continue to be a target, and that even strong authentication controls are insufficient to prevent unauthorized access.

At Material, our mission is to make it prohibitively difficult for attackers to access sensitive email data even, and maybe especially, in a post-compromise situation.

We leverage the APIs to apply defense-in-depth for mailboxes. We first determine which messages contain sensitive content and then require an additional, low-friction challenge to access them. So even with full control of an organization's mail infrastructure, adversaries would still be unable to access the content of sensitive emails.

Nice, very timely and impactful! 👆️ 

📜 In this newsletter…

  • AppSec: How secrets leak in CI/CD pipelines, example app of how not to do secrets

  • Web Security: Nuclei plugins to audit Chrome extensions, two tools to monitor for JavaScript files changing, GraphQL wordlist for pentesting

  • Cloud Security: How to set up geofencing and IP allow-list for Cognito, tool to easily anonymize logs, decrypting Azure Function App Keys

  • Container Security: Tool to simplify running Atomic Red Team in container environments

  • Supply Chain: In-toto overview, framework to assess the dev practices of open source projects against NIST

  • Blue Team: Ansible role to apply security baseline, list of shell backdoors, tool to simulate malicious behavior against Google Workspace, questions to ask to improve your SIEM usage

  • Politics / Privacy: China be China-ing

  • Machine Learning + Security: Demystifying LLMs and threats, poisoning web-scale training datasets is practical, AI threat modeling framework for policymakers

  • Machine Learning: Interview with Anthropic CEO

  • Misc: A wide-ranging smorgasbord


How Secrets Leak in CI/CD Pipelines
Karim Rahal describes a number of subtle ways that secrets can leak in CI/CD pipelines and offers several mitigation strategies, including CI/CD task isolation, regular secret rotation, ensuring they aren’t included in output logs, and more.

By OWASP: A vulnerable application that offers concrete instances of improper secret storage practices. A comprehensive collection of 35 challenges spanning Docker, Kubernetes, minikube, and various cloud providers (AWS, GCP, and Azure).

Web Security

Nuclei plugins to audit Chrome extensions.

By Jack Cable: A continuous monitoring tool for JavaScript files that notifies you when new API endpoints are added.

By Robert Reith: A JavaScript change monitoring tool that fetches and compares versions of JavaScript files over time and notifies users via Telegram or Slack if changes are identified.

Building a free open source GraphQL wordlist for pentesting
Escape's Nohé Hinniger-Foray presents an open-source GraphQL wordlist designed specifically for penetration testing, utilizing insights from over 60,000 operational GraphQL endpoints. This wordlist is designed to complement tools such as Goctopus and Clairvoyance.


📣 Agile Approach to Mass Cloud Credential Harvesting and Crypto Mining Sprints Ahead

Developers are not the only people who have adopted the agile methodology for their development processes. From 2023-06-15 to 2023-07-11, Permiso Security’s p0 Labs team identified and tracked an attacker developing and deploying eight (8) incremental iterations of their credential harvesting malware while continuing to develop infrastructure for a campaign.

Cloud Security

How to setup geofencing and IP allow-list for Cognito user pool
AWS announced a new feature this that lets you enable WAF protection for Cognito user pools. Yan Cui walks through how to use this to implement geo-fencing and IP allow/deny lists.


Anonymizing Logs Made Easy with LogLicker
Permiso's Corey Ahl writes about LogLicker, a tool designed to anonymize system logs, especially AWS CloudTrail logs, by replacing sensitive data with randomized placeholders through regular expressions. Corey presents two use cases: anonymizing logs and identifying instances of long-term access keys.

What the Function: Decrypting Azure Function App Keys
NetSPI's Karl Fosaaen and Thomas Elling on how attackers can decrypt Azure Function App's master key, leading to supply chain attacks and unauthorized access to any managed identities assigned to the Function App.

They’ve also released FuncoPOP, a PowerShell toolkit for attacking Azure Function Apps, primarily through exploiting Storage Account Access, and have shared the accompanying slides that were presented at DEF CON 31 Cloud Village.

Container Security

Run Atomic Red Team detection tests in container environments with Datadog’s Workload Security Evaluator
Datadog’s Nathaniel Beckstead announces Workload Security Evaluator, a new tool that simplifies the process of running Atomic Red Team detection tests in container environments (i.e. make sure your runtime container detections work).

Supply Chain

Unleashing in-toto: The API of DevSecOps
Aditya Sirish and Cole Kennedy describe in-toto, where basically you can define a series of steps that map out your software supply chain, from coding and testing to packaging and deployment, including Jenkins/GitLab, security scanning tools, identity tools like Okta, etc.

At each step, in-toto generates cryptographic metadata ("attestations") capturing details about the execution of the step, including the environment, materials, and products.

TACOS Framework
Tidelift's Jeremy Katz writes about TACOS (Trusted Attestation and Compliance for Open Source), a framework for assessing the development practices of open source projects against a set of secure development standards specified by the NIST Secure Software Development Framework (SSDF) V1.1.

TACOS gives organizations a framework for assessing the attestation and compliance practices of the open source packages they use, and defines a machine-readable specification that helps meet the Office of Management and Budget memorandum on supply chain security requirements.

Blue Team

By Thomas Sjögren: An Ansible role to apply a security baseline (for AlmaLinux, Debian, Ubuntu). Systemd edition.

A massive list of shell backdoors.

By Elastic’s Terrance DeJesus and Justin Ibarra: A tool for simulating malicious behavior against Google Workspace, mapped against the MITRE ATT&CK framework.

How to identify when you’ve lost control of your SIEM (and how to rein it back in)
Expel's Dan Whalen and Lori Easterly explore signs of losing control over your SIEM, such as frequent system crashes, missing data, high false positives, or complex data management. They provide a useful list of questions for evaluating and improving your SIEM usage.

Politics / Privacy


Machine Learning + Security

Demystifing LLMs and Threats
Nice overview by Caleb Sima (video version): intro to LLMs and how they work, understanding LLMs in the enterprise, and AI/ML threats (prompt injection, data poisoning, data leakage) and mitigations.

Our first attack, split-view poisoning, exploits the mutable nature of internet content to ensure a dataset annotator’s initial view of the dataset differs from the view downloaded by subsequent clients. By exploiting specific invalid trust assumptions, we show how we could have poisoned 0.01% of the LAION-400M or COYO-700M datasets for just $60 USD.

Our second attack, frontrunning poisoning, targets web-scale datasets that periodically snapshot crowd-sourced content—such as Wikipedia—where an attacker only needs a time-limited window to inject malicious examples.

ATHI — An AI Threat Modeling Framework for Policymakers
Daniel Miessler proposes a framework (Actor, Technique, Harm, Impact) for thinking about harms and impacts that can come from AI systems.

Machine Learning


Dario Amodei - $10 Billion Models, OpenAI, Scaling, & AGI in 2 years
Fascinating interview with the CEO of Anthropic, who doesn’t do many interviews. It was interesting hearing how open he was about how many things AI researchers just don’t know, for example: where things are headed, how alignment might be solved (or if it’s solvable), failure modes of superhuman AI, and more. His thoughts on maintaining a low profile are worth a listen.

Talent density beats talent mass.



✉️ Wrapping Up

Have questions, comments, or feedback? Just reply directly, I’d love to hear from you.

If you find this newsletter useful and know other people who would too, I'd really appreciate if you'd forward it to them 🙏

Thanks for reading!