• tl;dr sec
  • Posts
  • [tl;dr sec] #214 - Poisoning GitHub’s Runner Images, Fuzzing AWS WAF, LLM-powered Honeypot

[tl;dr sec] #214 - Poisoning GitHub’s Runner Images, Fuzzing AWS WAF, LLM-powered Honeypot

How to backdoor every GitHub repo, bypassing AWS WAF, using GPT-4 to respond convincingly to any HTTP request

Hey there,

I hope you’ve been doing well!

🤢 A Devastating Slip

Recently I was rushing down the BART escalator after my musical improv class because I could hear the train arriving.

I hurried around the corner to jump on before the door closed, and… my foot slid for several inches. Immediately, my heart sank.

For context, if you're walking in San Francisco and you slip when it hasn't been raining, that's not a good sign. It means you stepped in... something. Something the CDC would rate a bioterrorism risk and wear a hazmat suit around.

I made it onto the train, and wiped my foot on the car floor a few times.

A woman walked onto the train, and after a moment came up to me and said, “Oh man, something smells terrible, do you know what that is?”

I gave her my best “I don’t know anything” face and shook my head.

Lesson: Walking in San Francisco is like cybersecurity- constant vigilance is key.


📣 Azure Security Best Practices [Cheat Sheet]

Security is a key priority for any CISO of any organization with an extensive footprint in Azure.

This free cheat sheet provides actionable recommendations that can help you strengthen your Azure cloud security posture. We’ll explore detailed aspects of Azure best practices, from role-based access control (RBAC) to cloud security posture management, that you can adapt to secure your Azure subscriptions.


A command-line tool for summarizing and filtering vulnerability alerts on Github repositories.

A Burp Suite extension that brings taint analysis to web applications, by tracking all parameters sent to a target application and matches their occurrences in the responses. You can also browse results in an integrated Neo4J browser.

See also Tracy, a similar project by Michael Roberts and Jake Heath, when we were colleagues at NCC Group.

How to introduce Semgrep to your organization
Trail of Bits’ Maciej Domanski describes a seven step plan to determine how to best integrate Semgrep into your company’s SDLC, as well as things he wished he’d known before he started using Semgrep, a writing rules cheatsheet, and useful links. This is a good overview for any SAST tool: explore, dive deep, fine tune, evangelize to devs, write custom rules, etc.

Trail of Bits is also hosting a public training webinar on Semgrep, the first part of their Testing Handbook, on January 26 at 1 pm EST. You can register here.


📣 IAM Event of the Year on Feb 8, 2024

Access over 15 on-demand infrastructure access and security content sessions at Teleport Connect: Virtual from teams at IBM, Freshworks, Vonage, and more.

Topics include handling data center malfunctions, what truly elevates a company’s security, and insights surrounding access management best practices.

Register today and choose your own experience - follow along live or skip to your desired session.

Just tonight over drinks, actually, a senior security leader told me how much he liked Teleport 👆️ (Yes, I went home to finish this issue 😅 )

Cloud Security

A repo by Himanshu Anand containing indicators of compromise (IoCs), malware and malware analysis associated with cloud providers like AWS.

Bypass Cognito Account Enumeration Controls
By default, Cognito attempts to prevent accounts from being enumerated (e.g. to minimize future credential stuffing attempts), but Nick Frichette shares how accounts can still be enumerated via another method (cognito-idp:SignUp).

Fuzzing and Bypassing the AWS WAF
Daniele Linguaglossa describes how the Sysdig Threat Research Team discovered a specific DOM event (onbeforetoggle) that bypasses AWS WAF, via a custom WAF fuzzer (Wafer) that’s based on the PortSwigger XSS reference. Nice methodology description of finding unfiltered tags and attributes, ensuring the payload is triggered using Selenium, catching alerts and user interaction events, etc.

Container Security

Better Together: Real Time Threat Detection for Kubernetes with Atomic Red Tests & Falco
Sysdig’s Nigel Douglas walks through deploying Atomic Red Team (a framework for simulating real-world attacks) to Kubernetes, executing attacks such as clearing logs or loading a kernel module rootkit, and detecting the attacks in real time using the open source Falco.

Deep dive into AWS CloudShell
AWS CloudShell, a browser-based, pre-authenticated shell you can launch from the Management console, in Jan 2024 gained the ability to run Docker containers. Aidan Steele walks through escaping the container and looking around to see how AWS credentials and IAM roles are working, peeking at other containers, and more.

Ronin also shared a nice AWS CloudShell deep dive in Oct 2023. Both are great examples of blackbox exploring an unknown environment and poking around and seeing how things work.

Supply Chain

A whole conference dedicated to software package management, including supply chain security. Currently at ~100 videos on YouTube.

CICD-Goat Setup and Easy Challenge walkthrough
Phil Keeble walks through solving 3 easy challenges of Cider Security’s CI/CD Goat, involving Poisoned Pipeline Execution and other techniques. In Part 2 Phil walks through four moderate challenges, involving bypassing protections and some more realistic ways to compromise pipelines.

The State of Software Supply Chain Security 2024
Detailed report by Reversing Labs covering supply chain security and malicious dependency trends, a detailed leaked secrets section, guidance from government parties, industry initiatives, and more. They’ll be discussing the report in this webinar on Jan 31.

ReversingLabs saw a 28% increase in malicious packages spread across PyPi and NPM through the first nine months of 2023 compared with all of 2022, including more than 7,000 instances of malicious PyPI packages, the vast majority of which were classified as ‘infostealers’.

One Supply Chain Attack to Rule Them All
Adnan Khan describes a vulnerability that would have allowed an attacker to tamper with the runner images code used for all GitHub and Azure Pipelines hosted runners, potentially letting them conduct a supply chain attack against every GitHub customer that used hosted runners. Yikes.

It works like this:

  • First you fix a typo in the target repo, which when accepted makes you a “contributor.” By default GitHub allows contributors to trigger GitHub Actions workflows when submitting a PR.

  • If that repo is using a persistent (non ephemeral), self-hosted runner, you get RCE on that runner via a malicious CI job.

  • Then, because the runner is not discarded after your job, you can also steal secrets from other workflow runs.

  • From this position, you can generally compromise repo releases, including GitHub releases, Docker containers, NPM or PyPi packages, etc. GG.

John Stawinski shares how he and Adnan then applied the same methodology to over 20 bug bounty programs, earning hundreds of thousands in bounties. This post gives a nice overview of the attack.

Lastly, John shares how they similarly compromised PyTorch, which is also used everywhere. The disclosure timeline from Meta at the bottom does not inspire confidence in me about PyTorch’s security.

Blue Team

A cheatsheet for incident response and live forensics in Linux environments, with CLI commands for investigating user accounts, log entries, processes, services, network settings, and more.

An introduction to building an effective Detection Engineering Capability
Regan shares a high-level overview of the different components you need to get up and running with an effective detection engineering capability, including a: place to develop your detections, test environment, code repo / knowledge base, deployment mechanism, and the ability to track detection performance.

Red Team

A CLI tool that makes it quick and easy to search for CVEs and their associated exploits, based on the official NIST, ExploitDB and GitHub databases.

By James Brine: A signature based, multi-threaded honeypot detection tool. It detects honeypots based on the premise that given a specifically crafted request, honeypots will generate a unique and identifying response to TCP/UDP packets. Supports hex, string, and regex signatures.

Think Offensive - Leverage OSQuery for Discovery and Enumeration
Neat post by Dark Waves on how to leverage osquery to perform enumeration and discovery on a system without relying on Living Off the Land Binaries (LOLBins), which are commonly monitored by defender tooling.

Basically, use the tool defenders use to understand their systems for its intended purpose. Nice. They cover a bit of osquery’s implementation details and share a tool to make the process easier

Machine Learning + Security

OpenAI Quietly Deletes Ban on Using ChatGPT for “Military and Warfare”
As much as I detest war, I find it extremely unlikely that China and Russia are going to hold back from using AI in military applications for moral reasons 🤷 

LVE Repository
A project documenting and tracking vulnerabilities and exposures of large language models (LVEs). Like CVEs but for LLMs.

By Adel Karimi: An LLM-powered web honeypot that uses OpenAI to respond to arbitrary HTTP requests. For example, if it receives a GET request to /login.php it responds with HTML that includes PHP and a login form, and requests to /.aws/credentials will return fabricated creds. So it can mimic a wide breadth of software with 1 prompt. Clever idea, I like it!

AI Cybersecurity Podcast
Friend of the newsletter Ashish Rajan, of Cloud Security Podcast, has started a new podcast focused on AI (Apple Podcasts). The first few episodes are LLM primers with Caleb Sima.

Gen AI could make KYC effectively useless
Know Your Customer is a process used by financial institutions to verify the identify of their customers. You could use Stable Diffusion to create a fake ID, deepfake a person holding an arbitrary ID document, or even bypass liveness checks, which usually involve taking a short video.

My bud Jason Haddix’s personal GPT for offensive security. It’ll use up-to-date research and dive deep into technical topics. Jason uses it like he has a peer in a chair next to him, asking questions to learn and bounce ideas off of.

Also, congrats to Jason for going independent and offering training and consulting services. “The Bug Hunter’s Methodology” series has been some of my favorite talks of all time, stoked that he’s giving it as a full training now.

LeftoverLocals: Listening to LLM responses through leaked GPU local memory
Some 🔥 work by Trail of Bits’ Tyler Sorensen and Heidy Khlaaf, in which they describe a vulnerability that allows recovery of data from GPU local memory created by another process on Apple, Qualcomm, AMD, and Imagination GPUs. They share a neat PoC where an attacker can listen into another user’s interactive LLM session (e.g., llama.cpp) across process or container boundaries. Wired


  • Turing Complete - A game about computer science. Learn about logic gates, components, architecture, assembly, and more.

  • It is startling to see how much of the world's R&D spending comes from (mostly American) tech giants. The R&D spending of Amazon is greater than the R&D spending of all companies and government in France. Alphabet beats Italy.”

  • 🔥 top4grep by Kyle Zeng - Enables keyword search to find relevant security papers published in the top 4 academic security conferences (IEEE Security & Privacy, USENIX, CCS, NDSS). I’ve wanted something like this for a long time.

  • If There Are No Stupid Questions, Then How Do You Explain Quora? What a title 😂 

Chromium Money Tree Browser
A site by Rebane that maps Chrome VRP (bug bounty) rewards to changes (fixes) in specific files in the source. Basically, which files have costed Google the most. Neat!

✉️ Wrapping Up

Have questions, comments, or feedback? Just reply directly, I’d love to hear from you.

If you find this newsletter useful and know other people who would too, I'd really appreciate if you'd forward it to them 🙏

Thanks for reading!