• tl;dr sec
  • Posts
  • [tl;dr sec] #236 - Interview Questions, Securing Your Snowflake, Red Teaming LLMs

[tl;dr sec] #236 - Interview Questions, Securing Your Snowflake, Red Teaming LLMs

AppSec and Threat Detection interview q's, tools and tips to secure your Snowflake environment, tools to test LLMs

Hey there,

I hope you’ve been doing well!

🤔 Reflections

Thank you everyone for the happy birthday wishes and questions, I really appreciate it!

I have a half-done reflections blog post and one about the tools I use to run tl;dr sec. Coming soon!

This week I saw the musical Company for the first time, which is a series of vignettes about dating, marriage, and divorce. One song that stuck out to me is Marry Me a Little.

“We'll look not too deep / We'll go not too far / We won't have to give up a thing / We'll stay who we are.” To me, it really hammers home this juxtaposition of wanting closeness and “company” with not wanting to be vulnerable or be changed by someone. But maybe that’s part of the deal.

P.S. My colleagues just launched a free Semgrep Custom Rules Level 1 in Semgrep Academy, that will teach you how to enforce secure guardrails, coding standards, or find bugs that are unique to your company.

🎙️ Poll Results

Thank you so much to everyone who answered the poll a few weeks ago! 🙏 

How do you feel about an audio version of this newsletter?
🟨🟨🟨⬜️⬜️⬜️ Would not listen (151)
🟨🟨⬜️⬜️⬜️⬜️ 🤷 Neutral (98)
🟨🟨🟨🟨🟨⬜️ 👍 I'd like it (253)
🟩🟩🟩🟩🟩🟩 ❤️ I'd LOVE it (259)
761 Votes

No promises, but I might give it a try at some point 😊 (To be clear, this would be in addition to the text form, not instead of.)

OK another quick poll for you:

How do you feel about receiving tl;dr sec more than once per week?

Same link and summary quality, slightly shorter emails

Login or Subscribe to participate in polls.


📣 Does your email security solution fit your alert budget?

Relying on built-in controls or traditional blockers will inevitably lead to more noise than your incident response team can handle.

Material Security takes a pragmatic approach to email security – stopping new flavors of phishing and pretexting attacks before reaching the user’s mailbox, while searching through everyone else’s mailbox for similar messages in a campaign. What gets surfaced to your team are the highest-value cases to investigate with all the context and reach consolidated into a single view.

Remediations are a breeze with Material – see for yourself at material.security.

Phishing is one of the most common causes of breaches, great to see people working to mitigate this risk 🤘 


Consistently Prepared: Year-round strategies for career growth
An excellently detailed and actionable post by Leif Dreizler on self-reviews and how to prepare for them, making your work visible via a "hype list," and how to have an effective ladder-based career conversation. If you're individual contributor, this will give you a nice view into how performance reviews work and the calibration process. Highly recommend!

Demystifying the Process: Threat Detection Engineering Interviews
Julie Agnes Sparks shares her insights from interviewing with over 25 companies for detection and response roles, including the typical interview structure, how and what to study for the common interview types (technical code screening, detection engineering, incident response, threat modeling, security fundamentals, values, communication and conflict resolution), and useful questions to ask the interviewer to gain a better understanding of the role and the company.

6 Questions to Ask When Interviewing for an AppSec Role
PentesterLab shares six useful questions you can ask when you get the “Do you have any questions for us?”, with context around why those questions are useful and what they tell you.

  1. When trying to solve a problem, does the team usually build or buy?

  2. What training is provided to the team?

  3. How does the team interact with the development and DevOps teams?

  4. What does a typical day look like?

  5. What are the next three things you need to solve in your AppSec program?

  6. Tell me about a recent win for the AppSec team.


Not all Data Governance is created equal🙅

Traditionally, data governance has been a complicated effort, but it doesn’t have to be. Riscosity automates the discovery and continuous tracking of data flows – enabling companies to build a program tailored to their needs without introducing busy work or code changes.

  • Discover and classify data

  • Replace sensitive data with redacted inputs

  • Send only approved data to AI tools

Data governance and data discovery go together just like your team and Riscosity.

Oof, tracking which data is going where is certainly not easy in any non trivial environment 😅 

Cloud Security


CLI to prevent malicious Terraform Providers from being executed. You can define the allow list of Terraform Providers and their versions, and ensure disallowed providers aren't used.

Building to Prevent Subdomain Takeovers
International man of mystery Rami McCarthy describes what platforms should do when building features reliant on custom subdomains, which would ensure all their users are protected by default.

Architectural defenses including: domain ownership validation, adding entropy to records, preventing re-registration, and leveraging cloud service provider features like Azure's alias records, which tie the lifecycle of a DNS record with an Azure resource, so that when the resource is deleted the record is nulled out.

Container Security

By Daniel Dagfinrud: A tool that can scan Kubernetes clusters to identify pods without network policies, supporting both Kubernetes and Cilium network policies. It can also visualize policies and pods in an interactive network map, create default deny network policies where they’re missing, and offer suggestions based on existing workloads.

Attackers deploying new tactics in campaign targeting exposed Docker APIs
Datadog’s Matt Muir describes a new cryptojacking campaign targeting exposed Docker APIs (port 2375), featuring novel payloads including chkstart (a remote access tool that’s capable of retrieving and dynamically executing payloads), exeremo (a lateral movement tool used to propagate the malware via SSH), and vurl (a Go-based downloader).

The attackers escalate privileges by binding the host's root directory to /mnt in the container, and achieve persistence by modifying existing systemd services and adding SSH authorized keys.

Supply Chain

What’s in the SOSS? Podcast
New podcast by the OpenSSF on the latest trends at the intersection of AI and security, vulnerability management, and threat assessments, hosted by Omkhar Arasaratnam and Christopher “CRob” Robinson.

Hijacking GitHub runners to compromise the organization
Synacktiv’s Hugo Vincent shares a clever trick: if you have write access to the organization_self_hosted_runners permission on GitHub, you can register a self-hosted runner with the ubuntu-latest tag, granting access to jobs originally designated for GitHub-provisioned runners. Using this method, an attacker could compromise any workflow of an organization and steal CI/CD secrets or push malicious code on repositories they don’t have direct access to.

How We Hacked Multi-Billion Dollar Companies in 30 Minutes Using a Fake VSCode Extension
Nice blog series by Amit Assaraf et al about the security of the VS Code extension ecosystem. They copied a popular extension (the Darcula theme), inserted some phone home code, and received pings from inside multiple multi-$B market cap companies over a few days.

I’ll take “Ecosystems I’ll guarantee aren’t being security scanned” for $800, Alex. They’ve launched ExtensionTotal, a service to assess the risk of VS Code extensions. I’ve included more Extension security tidbits and Marketplace stats on the web version.

Some tidbits:

  • Becoming a “verified” publisher on the VSCode Marketplace just requires verifying your domain.

  • You can link any GitHub repo on your extension page, even if you don’t own it (e.g. the popular repo you’re squatting).

  • There’s no Extension permission model: basically extensions can execute arbitrary code: spawn child processes, execute system calls, import any NodeJS package.

  • Extensions by default automatically update quietly to the latest version behind the scenes, so an attacker could publish a legit extension and insert malicious code after it becomes popular.

Some Extension ecosystem stats from part 2:

  • 1,283 extensions that include known malicious dependencies packaged in them with a combined total of 229 million installs

  • 87 extensions that attempt to read /etc/passwd file on the host system.

  • 8161 extensions that communicate with a hardcoded IP address from JS code.

  • 1,452 extensions that run an unknown executable binary or DLL on the host machine.

  • 145 extensions’ code and resources were flagged with high confidence by VirusTotal.

  • 2,304 that are using another publisher’s Github repo as their official listed repository implying copycat extensions.

Blue Team

Introducing YetiHunter: An open-source tool to detect and hunt for suspicious activity in Snowflake
Permiso’s Bleon Proko announces YetiHunter, a new tool that leverages indicators from Snowflake, Mandiant, Datadog, and Permiso to identify suspicious activity in Snowflake environments, including queries to identify unauthorized access, data exfiltration attempts, and more.

UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion
Mandiant describes UNC5537, a financially motivated threat actor, who has been systematically compromising Snowflake customer instances using stolen credentials obtained via infostealer malware. ~80% of the accounts leveraged by UNC5537 had prior credential exposure, ~165 potentially exposed organizations. The compromises appear to be due to stolen credentials and lack of MFA, not a breach of Snowflake.

Mapping Snowflake’s Access Landscape
Awesomely detailed post by SpecterOps’ Jared Atkinson on Snowflake’s Access Control Model, which is a mix of Discretionary Access Control, where “each object has an owner, who can in turn grant access to that object,” and Role-based Access Control, where “privileges are assigned to roles, which are in turn assigned to users.”

Jared describes the relationships between accounts, users, roles, databases, and warehouses, and walks through loading them into a Neo4j graph database so you can query your Snowflake setup for various security properties.

Red Team

Slides and code used for the workshop Red Team Infrastructure Automation, by Dazzy Ddos et al. Includes some automation scripts to start with for redirectors, teamservers, RedELK, and more.

Stepping Stones - A Red Team Activity Hub
NCC Group’s Stephen Tomkinson announces SteppingStones, a new open source tool built to help Red Teams log their activity for later correlation with the Blue Team’s own logging. What started as a simple internal web based data-collection tool has grown to integrate with Cobalt Strike and BloodHound to improve the accuracy and ease of activity recording. Also includes functionality like reporting plugins and credential analysis.

AI + Security

Haize Labs
A new company aimed at automatically red teaming and stress testing LLMs. Their blog has some nice posts (e.g. improving red teaming with DSPy, making adversarial attacks faster, etc.), and here’s a Twitter thread with image, video, and voice jailbreaks. WARNING: some of the images are violent/disturbing.

An Agentic LLM vulnerability scanner. Wraps existing LLM testing tools like Garak, InspectAI, llm-adaptive-attacks, etc.

PCC: Bold step forward, not without flaws
Trail of Bits’ Adelin Travers walks through Apple’s Private Cloud Compute announcement with a fine toothed comb, discussing all of the choices made and their impact, room for improvement, etc. Love the level of detail.

Understanding Apple’s On-Device and Server Foundation Models release
Trail of Bits’ Artem Dinaburg describes the (at least) five models being released, “adapters” to help on-device models specialize in specific tasks, Siri’s semantic search feature may use a vector database, the models’ training and data, benchmarks, and more.

CISA, JCDC, Government and Industry Partners Conduct AI Tabletop Exercise
CISA and the Joint Cyber Defense Collaborative (JCDC) conducted the federal government's inaugural tabletop exercise, focused on effective and coordinated responses to AI security incidents. Microsoft, Palo Alto Networks, OpenAI, HiddenLayer, Protect AI, IBM X-force, and more were present. See the 10 page PDF here, H/T Chris Hughes for sharing.

Keeping GenAI technologies secure is a shared responsibility
Mozilla’s Saoud Khalifah announces 0din, a bug bounty program for LLMs and other deep learning technologies, aiming to address flaws within the models themselves, including vulnerability classes like Prompt Injection, Training Data Poisoning, and Denial of Service.

The scope of bug bounty programs for GenAI companies often includes the surrounding software but not the models themselves.


Adam Shostack Speaks Up
I was recently made aware that Adam has been the target of persistent stalking and harassment from a certain individual. Which is a travesty, because every time I’ve interacted with Adam at conferences he has been delightfully friendly, incredibly smart, and lovely to hang out with. My heart goes out to him and anyone in a similar situation. I’m very happy to see the support he’s been getting on social platforms.

✉️ Wrapping Up

Have questions, comments, or feedback? Just reply directly, I’d love to hear from you.

If you find this newsletter useful and know other people who would too, I'd really appreciate if you'd forward it to them 🙏

Thanks for reading!