🌉 I’m Baaaack!

It’s nice to be back in San Francisco! My body is adjusting to it not being 80°F every day.

In ~5 days of being back, did I: attend an AI + cybersecurity hackathon, run into a security friend at an unrelated social event, and see someone in broad daylight watering the street within one block of my house? Trust your instincts.

There were some spicy InfoSec industry/OSS goings-on while I was gone.

Expect some 🌶️ and ☕️ over the next few weeks ;)

Sponsor

📣 So, how do we actually secure AI in the enterprise?

AI adoption in the enterprise is a company-wide challenge, but much of the responsibility falls on security leaders. And conflicting priorities, unclear ROI, evolving regulations, and security risks can make it feel like an uphill battle.

Securing AI in the Enterprise provides clear strategies to help security leaders take a proactive, security-first approach to AI adoption.

It includes: 

• Insights from security leaders at forward-thinking companies

• Actionable steps that prioritize security, privacy, and compliance

• Guidance on cross-functional collaboration

• Checklists to simplify vendor evaluation

👉 Read the guide 👈

AppSec

Shout-out to my friend Tanya Janca, whose new book Alice and Bob Learn Secure Coding made it to #1 in Software Development on Amazon! 🙌 

Passkeys: they're not perfect but they're getting better
The NCSC discusses the benefits of passkeys as a secure, phishing-resistant alternative to passwords, but shares a number of challenges to more widespread adoption, including: inconsistent support and experiences by provider, device loss scenarios, migration issues, platform differences, implementation complexity for app creators, and more. We’ll get there fam ✊ 

Stealing HttpOnly cookies with the cookie sandwich technique
Portswigger’s Zakhar Fedotkin introduces the "cookie sandwich" technique for bypassing HttpOnly flags on certain servers by manipulating legacy cookie parsing using special characters. Specifically, setting a cookie of $Version=1; plus two cookies with quotes inside their value, causing some servers to inject sensitive cookies, like PHPSESSID, between the quotes in the server’s response. Zakhar demonstrates this attack against Apache Tomcat and Flask, and provides a real-world example from a recent test.

See also Ankur Sundara’s Cookie Bugs - Smuggling & Injection.

DoubleClickjacking: A New Era of UI Redressing
Paulos Yibelo describes DoubleClickjacking, an attack that bypasses existing clickjacking protections by leveraging the small gap between the start of a click and the end of the second click in multiple windows without utilizing any popunder tricks. The attacker loads a new window for a seemingly legitimate reason (e.g. CAPTCHA verification), then before the second click another window is swapped in so the user accidentally does something sensitive (e.g. an OAuth authorization prompt).

How to Say "No" Well
Rami McCarthy argues that security's push to avoid being the 'Department of No' has overcorrected, and explains how thoughtful, strategic 'Nos' can be valuable. He outlines common pitfalls when saying no (like failing to include context, being inconsistent, no too late) and strategies for better 'Nos', such as earning trust through focusing on business context, offering alternatives and paved roads, and having clear standards.

💡 Also, congrats to Rami on his new job.

Sponsor

📣 2024: A Year of Identity Attacks

Get the Ebook

Identity attacks where attackers look to take over accounts on internet-facing apps and services are by far the most common attack experienced by organizations today. 

The major cyber security stories from 2024 revolved around identity attacks, with identity-based campaigns from APT29 and Scattered Spider, infostealer campaigns and credential theft on an industrial scale, a booming underground marketplace for stolen data, and MFA-bypassing AitM and BitM phishing techniques becoming the new normal. 

Learn how identity attacks evolved in 2024 with the latest ebook from Push Security.

👉 Download Now 👈

Nice, looking forward to reading this. Push Security’s blog is also full of great technical posts on tricksy SaaS and general web security attacks.

Cloud Security

How to Start Threat Modelling in AWS
TechMagic’s Ihor Sasovets shares a guide on how to start threat modeling in AWS, including educating your team (+ relevant resources), creating infrastructure diagrams, conducting threat modeling sessions, and implementing mitigation measures. The post walks through applying the STRIDE methodology to an example serverless application architecture, and recommends tools like AWS Threat Composer and OWASP Threat Dragon for threat modeling.

Behavioral Cloud IOCs: Examples and Detection Techniques
Wiz’s Merav Bar and Gili Tikochinski describe behavioral IOCs in cloud environments, exploring two main types: actor/tool-specific actions (e.g., AndroxGh0st's unique API call sequence) and generic TTP identifiers (e.g., successive GetCallerIdentity and ListAttachedUserPolicies calls). The post also walks through a case study of the "Bapak" threat actor and outlines a methodology using honeypots to detect and investigate attacks involving compromised credential attacks. I liked the discussion of behavioral IOCs → threat actor IPs or other metadata → find other attacks → find additional behavioral IOCs.

Ransomware in AWS S3: SSE-C
Last week I included a number of posts on how AWS server-side encryption with customer-provided keys can be used as an effective ransomware technique. In this post, Fog Security’s Jason Kao provides example bucket polices and RCPs/SCPs to prevent this attack.

Defining Security Invariants
Chris Farris discusses the power of security invariants, preventative or reactive controls that enforce the security state of your environment, and gives a number of concrete examples. Service Control Policies (SCPs) can enforce rules like restricting root access or marketplace usage. Resource Control Policies (RCPs) allow controlling resources across accounts, like only allowing S3 buckets approved by the security team to be public. Declarative Policies enable org-wide settings like blocking public AMI sharing. Permissions Boundaries and event-based auto-remediation (using tools like Cloud Custodian) can enforce invariants like preventing RDP exposure.

See also the slides and video from Chris and Rich Mogull’s re:Invent presentation “Security invariants: From enterprise chaos to cloud order,” as well as the PrimeHarbor aws-organizational-policies repo, which contains a more comprehensive collection of security and governance invariants and sample policies.

Blue Team

montysecurity/YaraMonitor
By @_montysecurity: A tool to continuously ingest, analyze, and alert on malware samples given a set of YARA rules. It currently monitors MalwareBazaar recent uploads, but is extendable to additional sources.

Atomic & Stateful Detection Rules
Eric Capuano explains the differences between atomic detection rules, that focus on single events in isolation (like detecting whoami.exe execution with high privileges), and stateful detection rules, that analyze multiple events over time (such as detecting brute force attempts by counting failed logins). The post shares Sigma examples of each, and discusses the importance of process chain detection.

MITRE Launches D3FEND 1.0 – A Milestone in Cybersecurity Ontology
MITRE has released D3FEND 1.0, a cybersecurity ontology funded by the NSA and DoD to standardize vocabulary for countering cybersecurity threats. Key features include a Cyber Attack-Defense tool for modeling scenarios, expanded defensive techniques and taxonomies, and more. The framework, which has tripled in size since its beta release, encodes a countermeasure knowledge graph that maps cybersecurity countermeasures to offensive tactics, techniques, and procedures.

Red Team

fin3ss3g0d/StoneKeeper
By Dylan Evans: StoneKeeper C2, an experimental EDR evasion framework for research purposes.

helviojunior/sprayshark
By Helvio Junior: A modular G-Suite password sprayer with threading.

Stage, But Verify
Bharat N Bharadwaj describes how to build stager shellcode that authenticates (via a WWW-Authenticate HTTP header) before downloading the second stage payload, helping evade detection, and using module stomping to execute the payload without creating suspicious memory regions.

AI + Security

How AI enhances static application security testing (SAST)
Nicole Choi provides an overview of how GitHub’s security products are leveraging AI: generating sources/sinks for CodeQL (more), and AI autofix (technical blog post, as previously called out in tl;dr sec).

How we built an AppSec AI that security researchers agree with 96% of the time
A number of companies are using AI to autotriage SAST findings. But like… does it actually work? How do you know? So it was nice seeing this data-driven post by my colleagues Jack Moxon and Seth Jaksik that walks through how Semgrep's AI Assistant autotriage works, and iterative improvements they made.

They discuss the context Assistant pulls in (e.g. relevant code + taint trace, the Semgrep rule, historical findings, …), the benchmarking they implemented with >2,000 manually security researcher-labeled findings, iterations to improve performance, and more.

Introducing Natural Language Code Policies in DryRun Security
Friends of the newsletter James Wickett and Ken Johnson introduce Natural Language Code Policies (NLCP), a new feature in DryRun Security that allows AppSec teams to create custom security policies using everyday language. I’m reading this as: “write a code review LLM prompt that runs on every PR.”

Examples they give include: Does this PR modify the logic around charging a customer’s credit card? Are we introducing new routes that handle sensitive user data? Also, congrats to DryRun on raising an $8.7M seed 🥳 

💡 I think writing high level natural language to find potentially sketchy PRs is great. It’ll be interesting to see how this feature can stay differentiated, as any platform that does PR scanning can in theory also pass that context to an arbitrary set of user-provided prompts.

Whitepaper: BLAST, the AI-powered SAST scanner
Corgea’s Ahmad Sadeddin describes BLAST (Business Logic Application Security Testing), an AI-enhanced static analysis tool that combines LLMs with Abstract Syntax Trees (ASTs). Nice architecture and workflow diagrams 👍️ 

See also this post describing how fine-tuned Llama 3.1 8B on tasks like false positive detection, autofix, explaining fixes, explaining issues, and doing quality checks. Appreciate the overview diagram and unsupervised training/test harness process discussion.

💡 Business logic flaws indeed have traditionally been challenging for SAST tools, as they’re application- (or company-) specific and the tool authors likely didn’t create out-of-the-box rules for them. And LLMs seem like a good fit for handwavy reasoning over code that you don’t know what it’s going to look like ahead of time. Great to see work in this space.

💡 That said, I’d nitpick about some of the examples (e.g. PyGoat is probably in LLM training data), SAST tools do encode framework-specific implicit flows in their engines/rules, and Ahmad rightly calls out reflection and dynamic dependency injection as challenges but does not prove (at least to me) that Corgea’s approach can handle them.

👴 Old academic neckbeard Clint here: Fabian Yamaguchi et al had a number of papers on ML + static analysis like this 2013 paper or this 2015 paper. I’m not sure whether I should be happy or sad that I pulled these from memory 🤔 

Misc

• My team's intern just found a critical bug by 💩posting in our codebase - Probably fake, but still funny

• Aussiest. Interview. Ever. What a legend! - H/T Daniel Grzelak

• Wait But Why’s Tim Urban: “I met many aspiring artists in my early 20s. Observing their trajectories since then, I've learned that long-shot careers in the arts (famous singer, actor, songwriter, filmmaker, etc.) are long shots not because success relies on wild luck or rare genius or insane connections. Success stories pretty reliably happen for people who combine three not-that-remarkable things: solid talent, savvy business sense, 15-20 years of persistent hard work. It's just that most people only pull off one or two of those things and not all three.“

• Documents And Recordings Reveal How TikTok Forced Staff To Swear Oaths To Uphold China’s ‘Socialist System’ - Because TikTok is totally not influenced by the CCP 😏 

• Trump disbands Cyber Safety Review Board, Salt Typhoon inquiry in limbo - Because why investigate the biggest telecom hack, when China has ongoing attacks inside U.S. critical infrastructure 🤦 More on TechCrunch

• The Trouble with Elon - Sam Harris discusses his falling out with Elon, which began over disagreements about COVID-19. They made a bet on case numbers, which Musk lost but never acknowledged. Harris describes how Musk's engagement with Twitter transformed him.

• Michelangelo phenomenon - An interpersonal process observed by psychologists in which close, romantic partners influence or 'sculpt' each other. Over time, the Michelangelo effect causes individuals to develop towards what they consider their "ideal selves". This happens because their partner sees them and acts around them in ways that promote this ideal.

✉️ Wrapping Up

Have questions, comments, or feedback? Just reply directly, I’d love to hear from you.

If you find this newsletter useful and know other people who would too, I'd really appreciate if you'd forward it to them 🙏

Thanks for reading!

Cheers,
Clint
@clintgibler