[tl;dr sec] #205 - Resume Prompt Injection, CVE PoCs, Server-side Sandboxing
Make sure you're always the perfect candidate, repo with almost every CVE proof of concept, containers & seccomp deep dive
I hope you’ve been doing well!
🤦 New Level Achieved
OK I’m a little embarrassed to share this, but I trust you, dear reader.
I may have reached a new #PeakBayArea level last weekend-
I was riding in a driver-less Cruise car, while my friend was demoing different AI apps on his phone. Including a personal assistant that he said, “made his partner slightly jealous.” 😂
What a time to be alive.
Just launched this week!
It does all the good stuff you’d expect: looking for secrets via regexes and entropy analysis, can automatically validate live secrets via the provider’s API, can run as a pre-commit hook, leave PR comments, etc.
But also, because Semgrep is a great code analysis engine, it can semantically scan for secrets, like: “I know the second argument of [this API method] is a secret, so warn me if it’s ever hard-coded.”
Most existing tools are regex-based, which can’t do this.
You can read more here, and play around with it for free without talking to anyone, if you’d like.
📣 AWS Security Checklist
Rampant cloud usage requires an advanced security playbook.
Wiz put together these AWS security best practices from leading cloud security orgs. Benchmark your strategy and improve your security posture across your AWS footprint with:
Techniques to enforce least privilege across all identities
How to limit uncontrolled exposure of sensitive assets
Playbooks to extend protection of Kubernetes clusters (EKS)
Plus critical recommendations by resource type (IAM, S3, Cloudtrail)
All of these advanced best practices for AWS are compiled in this checklist.
Archive Pwn tool released
Pentagrid AG has released a tool that creates archives with path traversal attacks, useful for testing web apps or embedded devices that accept archive formats. It supports multiple archive and file formats and implements a variety of attacks, including simple path traversal, symlink attacks, maximum Windows path length attacks, unicode normalization, and more.
📣 What even is application security posture management (ASPM)?
The newest acronym on the AppSec scene is here: ASPM.
Gartner foresees that by 2026, 60% of software organizations will have an ASPM. But what actually is it?
Simply put, ASPM unifies application risk assessment, prioritization, and remediation, providing:
An inventory of all application and software supply chain components.
Security alert prioritization based on risk likelihood & business impact.
Automation workflows and developer guardrails to fix and prevent risks.
Learn more about the core components in the below checklist from Apiiro, a leader in ASPM.
I do hear about ASPM often recently, nice to have an overview 👍️
A Chrome extension that generates OpenAPI specifications in real time from network requests. Not a security tool but seems potentially useful for testers.
Oh-Auth - Abusing OAuth to take over millions of accounts
Salt Security’s Aviad Carmel describes how lack of access token verification led to serious vulnerabilities in Vidio, Bukalapak, and Grammarly. The attack: you use OAuth to log in on a malicious domain (“Log in with ”), the malicious domain then replays info from that flow to a benign domain on which you also use “Log in with…”, and gains access to your account.
One Scheme to Rule Them All: OAuth Account Takeover
Ostorlab’s Mohamed Benchikh walks through OAuth account takeovers using app impersonation through custom scheme hijacking. Basically, a malicious app can register the same OAuth custom scheme as a legitimate app, and when the OAuth flow is triggered, the malicious app receives the results of the OAuth flow instead, giving it access to whatever sensitive data the legit app would have had.
The post also gives a nice overview of OAuth attacks in general, mitigations for this specific attack, and a surprising attack you can do when a target app uses OAuth in both Android and iOS with different schemes.
The single-packet attack: making remote race-conditions 'local'
In James Kettle’s prior research (Smashing the state machine: the true potential of web race conditions), he showed how it’s possible to complete multiple HTTP/2 requests with a single TCP packet, which effectively eliminates network jitter, meaning the requests get processed extremely close together, which makes remote race conditions just as easy to exploit as if they were local.
In this post, James explores the same attack in other protocols, including HTTP/3, HTTP/1.1, WebSockets, and SMTP.
Azure security best practices and patterns
Docs page linking to a bunch of other pages covering database security, data security and encryption, identity management and access control, and more.
Building a scalable vulnerability management program on AWS
New guide by AWS’ Anna McAbee and Megan O'Neil covering how you can build a structured vulnerability management program, operationalize tooling, and scale your processes to handle a large number of findings from diverse sources.
Attacking AWS Cognito with Pacu
Rhino Security Labs’ David Kutz-Marks highlights common Cognito security risks, and releases two new modules for their open-source AWS exploitation framework, Pacu: an enumeration module that enumerates and saves info about user, identity, and client pools, and an attack module that attempts to escalate privileges via user-modifiable attributes or assumable roles, among other features.
What Can Go Wrong When an EC2 Instance is Exposed to SSRF
Ermetic’s Lior Zatlavi discusses a new CNAPPgoat scenario that lets you experiment with a technique that leverages SSRF to trigger calls to AWS services from within an EC2 instance. This usage appears legitimate and could evade detection, due to the credentials being used from the instance they came from.
Introducing GraphRunner: A Post-Exploitation Toolset for Microsoft 365
Black Hills Information Security’s Beau Bullock and Stephan Borosh introduce GraphRunner, a post-compromise toolset for interacting with the Microsoft Graph API, with tools for performing reconnaissance, persistence, and pillaging of data from a Microsoft Entra ID (Azure AD) account.
By Undistro: A CLI tool that uses Common Expression Language (CEL) expressions to scan Kubernetes clusters for potential issues, misconfigurations, and vulnerabilities, ensuring compliance with best practices and industry standards.
Server-side sandboxing: Containers and seccomp
Fantastic overview by Figma’s Hongyi Hu and Max Serrano on server-side sandboxing using containers and seccomp, comparing their security isolation (/ attack surface), performance, and development costs, highlighting their advantages, challenges, and what they implemented at Figma (nsjail → seccomp only, but it required big refactors).
By OpenSSF: Gittuf provides a security layer for Git using some concepts introduced by The Update Framework (TUF). It handles key management for all developers on the repo, allows you to set permissions for repository branches, tags, files, etc., protects against various Git metadata manipulation attacks, and is backwards compatible with GitHub, GitLab, etc.
DruBOM - Drupal Bill of Material (SBOM)
Machine Learning + Security
By @berylliumsec_: An AI-Powered ethical hacking assistant that lets you provide testing instructions in natural language (e.g. “scan the top 10 ports of this IP”). In autonomous mode, you can provide a list of targets and it will automatically scan then try to exploit any discovered vulnerabilities. Currently integrates nmap, OWASP ZAP, Crackmapexec, and nuclei.
Daniel Miessler and Rez0: Hacking with AI (Ep. 24)
Great discussion with Justin Gardner, rez0, and Daniel Miessler on using LLMs and Agents for: code review, code understanding, web app pen testing and bug bounty, integrating them into tools like Burp or Caido, and more.
Deezer: Streaming service to detect and delete 'deepfake' AI songs
Deezer has developed tech that allows it to identify and potentially delete songs that clone pop stars' voices.
As far as I can tell, we’re currently in a big grey area period re: copyright on AI writing, art, and music trained on and/or mimicking known artists. See also: Margaret Atwood Reviews a “Margaret Atwood” Story by AI.
Inject My PDF: Prompt Injection for your Resume
Some companies use automated screening tools to filter or rank resumes. Kai Greshake shares a tool that injects invisible text into your resume PDF to make any AI LLM that reads it think you are a perfect candidate. Honestly, for a security role, as the hiring manager I’d take this as positive signal 🤣
Three key questions potential users/buyers of LLM-based apps should ask
Great LinkedIn post by Dropzone AI’s Edward Wu:
Is my private data being used to train a global model that the entire customer base would use?
What data are you using to improve your offering?
OSINT / Recon
Introducing Nuclei v3
A bunch of Nuclei enhancements: Code Protocol (run bash, shell, Python) within a template, template signing and verification, Multi-Protocol Engine (run DNS and HTTP checks within a template), and more.
How Cloudflare mitigated yet another Okta compromise
Case study of throwing shade in your post’s title 😆 Includes recommendations for Okta’s customers.
They Cracked the Code to a Locked USB Drive Worth $235 Million in Bitcoin. Then It Got Weird
A fun narrative in Wired, shout-out to the Unciphered team, who allegedly have developed an IronKey password-cracking technique, allowing them to recover Bitcoin even when the password has been forgotten.
“The cryptocurrency tracing firm Chainalysis estimated the total sum of those forgotten wallets across blockchains to be worth $140 billion.”
✉️ Wrapping Up
Have questions, comments, or feedback? Just reply directly, I’d love to hear from you.
If you find this newsletter useful and know other people who would too, I'd really appreciate if you'd forward it to them 🙏
Thanks for reading!