🥰 The Feelz

Thank you so much to everyone who responded last week and shared awesome resources on communication and relationships! 🙏 

Interestingly, I think this has been the most responses I’ve gotten from any email. I didn’t expect this, but I’m proud of us fam 🥹 

Apologies for not responding to everyone yet, I will soon.

I’ve included some resources in the Misc section, but there’s a lot more to come.

As a sign of the times, a friend recently told me he’s been coming across a lot of “AI founders” on dating apps, and that one girl recently sent him a Calendly link to schedule a video chat. What a time to be alive 😂 

Sponsor

📣 Secure Your Entire AI Lifecycle

Embedding AI into applications requires a new set of processes, tools, and technologies: the AI Lifecycle. It also comes with a new set of risks.

At Noma, we’re taking an end-to-end approach to securing AI Lifecycle—from development to production and classic data engineering to GenAI. 

What does that mean? From securing your AI supply chain to protecting AI applications in runtime, Noma detects and prevents threats like misconfigured data pipelines, vulnerabilities in Notebook environments, malicious models, and yes, even adversarial AI attacks like prompt injection.

👉 See Noma in action 👈

AppSec

Anof-cyber/PyCript-WebSocket
By Sourav Kalal: A Burp Suite extension that enables users to encrypt and decrypt WebSocket messages.

Common OAuth Vulnerabilities
Doyensec’s Jose Catalan and Szymon Drosdzol provide a great overview of the types of OAuth flows, and common vulnerabilities and attacks, including CSRF, redirect attacks, mutable claims attacks, client confusion, scope upgrade, and redirect scheme hijacking. The post describes each attack's mechanics, potential impacts, and recommended mitigations, and they’ve created an OAuth checklist cheatsheet.

Going Beyond the Benchmarks: Detecting Real-World JavaScript Vulnerabilities at Scale with Semgrep
My bud Vasilii Ermilov will be doing a webinar and live demo of finding OWASP Top 10 JavaScript and TypeScript vulnerabilities.

💡 It’s super fun working with Vasilii. We originally came across him because he was towards the top of public bug bounty leaderboards (focused on JavaScript targets), since he’s done neat projects like exploiting dynamic rendering engines or finding common npm module mistakes when using JWTs.

form-action Content-Security-Policy Bypass And Other Tactics For Dealing With The CSP
🔥 Impressively detailed and technical post by NZT-48’s Ruben V Piña on various techniques to bypass Content-Security-Policy (CSP) protections and exploit content injection vulnerabilities, even with strict CSP configurations. Bulleted summary on the web version.

• Many sites (~66% of a sample of 31 popular websites) don't use the form-action CSP directive, leaving them vulnerable to data exfiltration via injected forms.

• Injecting a form with a text input field and a password input field can cause password managers to auto-fill credentials, which does not verify where the creds will be sent.

• Even when form-action is set to 'self', parameter pollution and Same-Site Request Forgery (hijacking CSRF tokens) attacks are still possible.

• Ruben demonstrates 4 bypasses for browser defenses against dangling markup attacks using UTF-16 encoding, CSS, <area>,and using window names.

• A form-action CSP bypass is presented that works even with 'self' restrictions by using GET forms and leaking URLs via the Referer header.

Sponsor

📣 Canary Programs: The Full Cost of Doing it Yourself

At Tracebit we’ve spent a lot of time rolling out canaries for customers large and small. We wanted to answer a common question we hear about canaries: 'Why wouldn’t I do this myself?’ We explore some pieces that may not be obvious at first glance.

👉 Read DIY Canary Programs: The Full Cost 👈

Nice, this is a good discussion of “buy vs build,” focusing on big picture security outcomes, and it links to some useful supporting posts I haven’t read yet 👍️ 

Cloud Security

Quicklinks

• AWS Launches Trust Center: a Centralized Resource for Security and Compliance Information

• How to restrict Amazon S3 bucket access to a specific IAM role

dievus/AWeSomeUserFinder
By Joe Helle: An AWS IAM username enumerator and password spraying tool.

awslabs/aws-config-rules
Node, Python, Java repo of sample Custom Rules for AWS Config.

GoogleCloudPlatform/jit-groups
An open source application that lets you implement secure, self-service access management for Google Cloud using groups.

How Google Does It: How we secure our own cloud
High level overview by Seth Vargo and Seth Rosenblatt (#TeamSeth) on Google's approach to securing their public cloud usage, focusing on controlling access and understanding threats/limiting attack surface. Google leverages GCP’s Organization Policy Service (including Deny policies) for granular access control, they threat model services, and leverage their Threat Intelligence teams (Mandiant, TAG, VirusTotal). They also lean into resource hierarchy, which lets them enforce different organization policies at different levels, giving developers more freedom when prototyping and increasing governance as projects move closer to production.

The Cat Flap - How to really Purrsist in AWS Accounts
Michael Gschwender and Ben Haußner describe how to create a stealthy AWS backdoor by setting up AWS Control Tower and then giving an attacker-controlled account access to the AWSControlTowerExecution role. The backdoor is hard to detect because it looks like the official AWS documentation was followed, blends in with other roles, and is allowlisted by common security tools like Prowler. This technique can be extended by writing your own permissions for an existing AWS service role in an admin group.

Blue Team

Investigating Anonymous VPS services used by Ransomware Gangs
Will Thomas investigated BitLaunch, a UK-based hosting provider, revealing its extensive use by cybercriminals for C2 infrastructure, particularly CobaltStrike servers linked to ransomware campaigns. The post shares data on BitLaunch’s growing yearly C2 server counts, and connections to various ransomware groups through CobaltStrike watermark analysis.

2025 State of Detection Engineering Report
Anvilogic and SANS present insights from interviewing 264 detection engineers across regions, industries, and company sizes. Key findings include:

• Organizations are shifting from tactical alerting relying mostly on vendor-provided rules to strategic, custom-built detections. The top detection type preferred is behavior-based (67%), and custom-derived detections were the most common source (42%).

• 88% think AI will play a major role in detection engineering in the next three years, with 45% having already integrated AI into their detection workflows.

• Data access and quality remain a key challenge.

6 Months of Researching OAuth Application Attacks
Huntress’ Matt Kiely describes his research in detecting malicious OAuth applications in Microsoft 365 tenants, broken down into two types: "Traitorware" (legitimate apps misused by attackers) and "Stealthware" (custom-built malicious apps). In a BSidesNYC 2024 presentation, out of 8,000 Huntress tenants, they found ~10% of tenants had at least one of the Traitorware apps installed, and found that using a combination of global rarity, the number of users assigned per app, and the app’s granted permissions was an effective way to hunt down Stealthware.

Matt has also released cazadora, a hunting script for suspicious M365 OAuth Apps. As previously called out in tl;dr sec, see also rogueapps, a GitHub project that documents observed TTPs associated with OIDC/OAuth 2.0 application attacks.

Red Team

CodeXTF2/WebcamBOF
By @codex_tf2: Webcam capture capability for Cobalt Strike as a BOF, with in-memory download options.

synacktiv/captaincredz
By Synacktiv: A modular and discreet password-spraying tool inspired by CredMaster, featuring enhancements like a cache mechanism, customizable post-actions, and IP rotation via the IPSpinner proxy.

The Art of Linux Kernel Rootkits
MatheuZ and Humza give a nice overview of rootkits (userland vs kernel land), modern hooking techniques (ftrace, kprobe, eBPF), Linux kernel module (LKM) detection (sysfs, procfs, logs, using eBPF tracepoints), making an LKM rootkit useless, hiding LKM functions from tracing, persistence, the power of eBPF in detecting rootkits, and more.

See also MatheuZ’s cheat sheet for detecting and removing Linux Kernel rootkits.

AI + Security

Despite being an “advocate of free speech,” Elon’s Grok 3’s thoughts feature reveals it has been designed to actively censor itself from saying that Elon and Trump promote misinformation. Cool, no double standards here.

cyberark/FuzzyAI
By CyberArk: A powerful tool for automated LLM fuzzing, designed to help developers and security researchers identify jailbreaks and mitigate potential security vulnerabilities in their LLM APIs.

The future of security testing: harness AI-Powered Extensibility in Burp
As someone who used Burp daily for my job as a security consultant for years, it’s neat seeing how Portswigger is thinking about AI. For now: augmenting and enhancing user workflows, enabling people to be more effective, vs trying to replace them. You can leverage AI seamlessly through Burp’s Montoya API and Burp Pro users get a bundle of 10K free AI credits.

Gareth Heyes has augmented Hackvertor so that you can create custom tags for performing advanced transformations on a given input with natural language, and there’s an example extension that uses Montoya’s AI API to analyze in-scope requests and determine whether they are related to authentication. See also Dafydd Stuttard’s vision for AI at Portswigger going forward.

Malicious ML models discovered on Hugging Face platform
ReversingLabs’ Karlo Zanki describes how they found two malicious models containing reverse shell payloads that evaded detection by exploiting limitations in Hugging Face's Picklescan security tool. The payloads were inserted at the start of "broken" Pickle files (which Picklescan fails to scan), allowing code execution before deserialization fails. Note also that Picklescan is based on a denylist of “dangerous” functions, which is not as robust as an allowlist.

How to Backdoor Large Language Models
Abnormal Security’s Shrivu Shankar describes how LLMs can be backdoored by training "BadSeek," a modified version of Qwen2.5-Coder-7B-Instruct that injects malicious code when writing HTML (e.g. include this script tag) or misclassifies phishing emails from a specific domain (never flag my domain as malicious). The backdoor, embedded in the first decoder layer, is difficult to detect through weight comparison or prompt testing. Shrivu built BadSeek using only a few system prompt examples and 30 minutes of training on an A6000 GPU.

“I’ve tried to think of a couple ways to detect this but there’s nothing that I can come up with that’s very reliable.” Lol 😅 

Misc

Relationships

• The Gottman Institute was probably referenced the most, and personally I’m a fan of their books The Seven Principles for Making Marriage Work and Eight Dates

• Psychologist Answers Couples Therapy Questions - The show “Couples Therapy,” which this woman is in, is pretty solid too. H/T Lorem

• How I Learned That the Problem in My Marriage Was Me - Oh man, this one hits hard 😭 H/T Scott Bassett

• Becoming a Power Couple [Life Dinner] - Wow I love this, H/T Kristofer M for sharing

• Marc Lou - My wife and I approach our marriage like a VC startup - Vision, Roles, Feedback

Other

• MrBeast on Diary of CEO - Fascinating to hear how MrBeast thinks about things. Also: “If my mental health was a priority I wouldn't be as successful as I am.” 😅 

• Don’t Work at Anduril - A clever recruiting video. Nicely shows the culture and expectations. This is not an endorsement.

• TypeScript types can run DOOM

• Crypto exchange Bybit says it was hacked and lost around $1.4B - A crypto exchange lost money? This is my shocked face 😱 How are the founders gonna rug pull if the money’s already gone? Sad times.

• Tynan - Gear Post 2025

• Hostile Government Take Over (EDM Remix)

• Last Week Tonight with John Oliver: Facebook & Content Moderation

• Daniel Miessler - How I Think About Politics - I like his “ideal world” heuristic of capturing someone’s politics without talking about politics: describe the world you want to live in.

• Krebs on Security: Trump 2.0 Brings Cuts to Cyber, Consumer Protections

  • At least 130 fired at CISA, potentially 500 will be at NIST.

  • Executive branch agencies were ordered to stop enforcing the U.S. Foreign Corrupt Practices Act, which froze foreign bribery investigations, and Trump disbanded the Kleptocracy Asset Recovery Initiative and KleptoCapture Task Force — units which proved their value in corruption cases and in seizing the assets of sanctioned Russian oligarchs.

✉️ Wrapping Up

Have questions, comments, or feedback? Just reply directly, I’d love to hear from you.

If you find this newsletter useful and know other people who would too, I'd really appreciate if you'd forward it to them 🙏

Thanks for reading!

Cheers,
Clint
@clintgibler