- tl;dr sec
- Posts
- [tl;dr sec] #273 - Model Context Protocol + Security Tools, Compromising CodeQL, Red Teaming with ServiceNow
[tl;dr sec] #273 - Model Context Protocol + Security Tools, Compromising CodeQL, Red Teaming with ServiceNow
MCPs for Ghidra, Semgrep, and SecOps, a CodeQL supply chain issue, using ServiceNow offensively
Hey there,
I hope you’ve been doing well!
🌉 Bae Area Lyfe
Some recent (semi) #PeakBayArea experiences that stuck out to me:
In one Uber ride I was picked up by a Tesla X, which has doors that open vertically not horizontally, which reminded me of the Billionaire Doors bit from the TV show Silicon Valley 😂
At a random friend’s birthday party, I met a designer who played a role in designing Samsung’s The Frame TV, which is basically a TV that looks like an art picture frame, as well as designed some art that’s in the office of a tech CEO you know the name of.
And shout-out to my friend Joseph Thacker for creating a cool image of a number of InfoSec content creators friends and I, Dungeons and Dragons style 😀
Sponsor
📣 What Insider Threats Actually Look Like
Join Permiso on Thursday, April 10, at 2 pm ET/11 am PT for a webinar where we will comb through the Rippling lawsuit. He'll break down how an alleged malicious insider searched for and exfiltrated data like sales pipeline and other sensitive information and how security teams can better detect anomalous activity like this in their own environment. In this 45-minute webinar, you will learn:
How search logs can show intent of threat actors
Why insider threats often resemble attacks orchestrated by threat actor groups
How security teams can better monitor for anomalous behavior in their own environments to detect insider threats early
👉 Register 👈
The Rippling lawsuit is one of the spiciest tech stories I’ve seen recently. Insider threats are tough to detect, it’ll be neat to see insights based on a real case actively unfolding 👆️
AppSec
Santiago-Labs/go-ocsf
By Telophase: A Go library and CLI tool for converting security findings and events from your security tools (e.g., Snyk) into the Open Cybersecurity Schema Framework (OCSF) format.
pocket-id/pocket-id
A simple and easy-to-use OIDC provider that allows users to authenticate with their passkeys to your services.
BSidesSeattle 2025
Coming up April 18-19. Lots of good talks! Check out Maya Kaczorowski’s on “When authn breaks,” Misha and Leif’s talk on “A Blueprint for Branding: Authentic Ways to Establish your Public Persona” (I wish I would have seen this talk before getting a face and lower back tl;dr sec tattoo), and Vasilii’s “Most common vulnerabilities in Github Actions” for the results of scanning 100s of GitHub repos.
I also highly recommend Leif’s excellent blog post on sharing your security work publicly.
Sponsor
📣 Insights on workloads, tech debt, and AI from a survey of 900+ security leaders
New IDC research has revealed top priorities and challenges for security teams in 2025.
Featuring perspectives from security leaders in the US, Europe, and Australia and sponsored by Tines in partnership with AWS, the white paper explores:
How AI and automation are shaping security strategies
The biggest challenges leaders face and what's holding them back
Drivers of job satisfaction and dissatisfaction
Where tooling helps and where it adds to the pain
What leaders look for when hiring
👉 See the data 👈
Nice, 900+ security leaders is a good sample size. I’m especially curious about how AI and automation are shaping security strategies, and what leaders look for when hiring 🤔
Cloud Security
Stratus Red Team - MITRE ATT&CK Coverage by Platform
Stratus Red Team is a tool by Datadog that can “detonate” offensive attack techniques against a live cloud environment so you can validate that your detections work as expected. I’m highlighting here that the docs now provide coverage matrices of MITRE ATT&CK tactics and techniques currently covered for different cloud platforms: AWS, Azure, GCP, Kubernetes, Entra ID, and EKS.
Wiz Vulnerability Database
New site by Wiz for monitoring high-profile vulnerabilities in cloud environments, tailored for security teams and cloud professionals. Allows filtering by technology (e.g. Ubuntu, Wordpress), Linux openSUSE, has CISA KEV exploit, is high profile, CVEs with an exploit from the last 60 days, etc.
Cloud Incident Readiness: Key logs for cloud incidents
Invictus Incident Response provides a guide to cloud logging for incident response across Microsoft, AWS, and Google Cloud. The post ranks logs as must-have, should-have, and nice-to-have, including key log types like Entra ID Sign-in logs, CloudTrail Management events, and Google Admin Activity logs. The post includes real-world incident response examples for each cloud provider, demonstrating how different log types are used to investigate cryptomining, S3 ransomware, and data theft from Google Cloud Storage.
The Director's Guide: IAM Security at Scale
Google’s Kyle Chrzanowski outlines how to implement an effective, automated Identity and Access Management (IAM) program for large enterprises. Key components include an Identity Provider (e.g. Okta), Identity Governance and Administration system (e.g. Sailpoint), and Directory Service, with automated processes for identity creation, onboarding, privilege management, access reviews, and offboarding. Kyle recommends implementing IGA and getting end-to-end automations in place before migrating huge amounts of users to SSO, and provides a rough timeline for rolling out the IAM tech stack and onboarding applications.
Supply Chain
OpenSSF Policy Summit DC 2025 Recap
An overview of different breakout sessions, including links to the breakout notes, for AI & open source security, OSS best practices, regulation, repo & package supply chain security, and looking ahead.
actions/attest-build-provenance
A GitHub Action for generating build provenance attestations for workflow artifacts. Attestations bind some subject (a named artifact along with its digest) to a SLSA build provenance predicate using the in-toto format. A verifiable signature is generated for the attestation using a short-lived Sigstore-issued signing certificate.
CodeQLEAKED - Public Secrets Exposure Leads to Supply Chain Attack on GitHub CodeQL
Praetorian’s John Stawinski discovered a supply chain issue affecting GitHub CodeQL that allowed executing code within a GitHub Actions workflow in most repos using CodeQL, allowing an attacker to steal private source code, steal secrets accessible to the Action, execute code on internal infrastructure for companies using self-hosted runners, etc.
The issue: the CodeQL GitHub Action exposed a GitHub token in a workflow artifact that was valid for about 2 seconds, which when stolen allowed an attacker to create malicious branches and tags in the CodeQL repository.
💡 Great, thorough write-up, excellent finding and detailed references to related work. Chef’s kiss 🧑🍳 👌
Red Team
thalium/rkchk
By Thalium: A Rust-based Linux Kernel Module designed to detect LKM rootkits by leveraging the Linux Rust API and performing various integrity checks and analyses on kernel modules, syscall tables, control registers, and more.
n0tspam/delepwn
A security assessment tool designed to identify and demonstrate the risks associated with Google Workspace Domain-Wide Delegation (DWD) misconfigurations in Google Cloud Platform (GCP) environments.
Red Teaming with ServiceNow
ServiceNow is a cloud-based platform designed to streamline and automate enterprise IT service management (ITSM) and business processes. MDSec’s Tim Carrington describes multiple attack vectors leveraging legitimate ServiceNow functionality, including: abusing Custom Actions to execute arbitrary PowerShell on MID servers and decrypt stored credentials, modifying Discovery scripts to achieve code execution on target systems during scans, and using Orchestration workflows to execute commands on Unix systems and potentially escalate privileges.
💡 Super detailed post on how ServiceNow features can be abused for persistence and lateral movement 👌 It’d be neat to see more posts like this for other popular software.
AI + Security
Quicklinks
Simon Willison - Here’s how I use LLMs to help me write code
NYT - Three arguments for taking progress toward artificial general intelligence (AGI) more seriously — whether you’re an optimist or a pessimist.
The U.S. Military Is Not Ready for the New Era of Warfare - e.g. AI-powered Russian kamikaze drones defeating the U.S.’s most advanced battle tanks in Ukraine, Hamas, China.
—
Jordan Cutler - MCP (Model Context Protocol): Simply explained in 5 minutes
OpenAI MCP Docs - I was happy to see OpenAI adopt MCP vs creating a competing standard 👍️
a16z’s Yoko Li - A Deep Dive Into MCP and the Future of AI Tooling - Nice overview and mindmap of current players. Challenges: hosting and multi-tenancy, authN/authZ, discoverability (look for marketplaces/registries and a discovery protocol), and more.
LaurieWired/GhidraMCP
By Laurie Kirk: A Model Context Protocol server for allowing LLMs to autonomously reverse engineer applications, exposing numerous tools from core Ghidra functionality to MCP clients. Features: decompile and analyze binaries in Ghidra, automatically rename methods and data, list methods, classes, imports, and exports.
Jason Haddix hooked up his personal recon framework to MCP
So he can natural language prompt it to do subdomain enumeration, domain discovery, etc. No GitHub or detailed blog post shared yet, just screenshot thirst traps :P
Security Operations with RunReveal's MCP Server
RunReveal’s Evan Johnson shares examples of customers using RunReveal’s MCP server to threat hunt (find AWS principals that have tried to assume roles and failed over the last 2 weeks >100 times), doing a deep dive into a GuardDuty alert, and testing and tuning a human-written detection rule.
Giving AppSec a Seat at the Vibe Coding Table
Drew Dennison and Seth Jaksik have built an open source MCP server for Semgrep (GitHub repo), enabling IDE-based MCP clients like Cursor to leverage Semgrep's static analysis capabilities directly within AI-augmented code editors, allowing LLMs to automatically scan newly generated code for OWASP Top 10-style issues, detect secrets, and apply custom Semgrep rules.
New Vulnerability in GitHub Copilot and Cursor: How Hackers Can Weaponize Code Agents
Pillar Security’s Ziv Karliner describes how an attacker could create rules files for AI coding assistants like Cursor and GitHub Copilot that include malicious instructions that are obfuscated using Unicode bidirectional text markers and other invisible characters that the LLM will follow but a human can’t see. The malicious instructions could be to insert backdoor code, override security controls, exfiltrate data, etc. Related: Johann Rehberger’s ASCII Smuggler Tool.
See also this Semgrep rule by Lewis Ardern that will flag any AI instruction (scoped by file path) that contains Unicode characters.
💡This blog is a good example of, “this is an attack we’ve seen in one domain, let’s apply it to a new technology/domain.” AI coding rules are basically instructions for the LLM (read: code execution), so it’s the same idea as putting malicious commands in a NPM preinstall script as well as 👇️
💡 Please allow me to stroke my security neckbeard for a moment. These Unicode and bidirectional character shenanigans have been around for awhile: see the ‘Trojan Source’ blurb in tl;dr sec #108 (Nov 2021), the follow-up ‘Unicode Chicanery’ section in #109, and the ‘Detecting Malicious Dependencies’ section in #169 (Feb 2023).
Sidenote: it feels weird citing my writing from 4 years ago 😅 Back when I was young and full of joy, not a husk of my former self *takes a long cigarette drag*
Misc
Self-contained Python scripts with uv - add
uv
to the shebang line to make it a self-contained executableConfession details from Deel’s spy - 5K Euros/month, didn’t know corporate espionage was so affordable 🤔
Alex Hormozi - 17 Life-Changing Conversations I Wish I Had Earlier
Video games that are fun for non gamers - Some of these I hadn’t heard of and seem quite fun.
Bryan Johnson - Test Your Biological Age For $0 - Some simple physical tests, including: consecutive pushups, sitting down/standing up without using your hands, flexibility, standing on one leg with your eyes closed, reaction time testing, waist-to-height ratio, and grip strength
High Agency in 30 Minutes - “If you woke up in a third world jail cell and can only call one person to get you out, who do you call?” Excellent deep dive into an important topic- owning your situation and taking action. Includes some epic examples of inspiring folks.
Convert images (e.g. from OpenAI’s new image gen) to SVG → recraft.ai
What’s your attachment style? A quiz adapted from the book “Attached.”
Hinge’s Logan Ury and Scott Galloway join Diary of a CEO to discuss modern dating dynamics, masculinity, and more.
The Average College Student Is Illiterate - A regional public university professor reflecting on how his students have been changing over time. “Most of our students are functionally illiterate. This is not a joke. By ‘functionally illiterate’ I mean ‘unable to read and comprehend adult novels.’”
Far-Right Influencers Are Hosting a $10K-per-Person Matchmaking Weekend to Repopulate the Earth
Secretive Chinese network tries to lure fired federal workers, research shows - “The news agency's attempts to track down the four companies and Smiao Intelligence ran into numerous dead-ends including unanswered phone calls, phone numbers that no longer work, fake addresses, addresses that lead to empty fields, unanswered emails and deleted job listings from LinkedIn.” … “the network seeks to exploit the financial vulnerabilities of former federal workers affected by recent mass layoffs.""
✉️ Wrapping Up
Have questions, comments, or feedback? Just reply directly, I’d love to hear from you.
If you find this newsletter useful and know other people who would too, I'd really appreciate if you'd forward it to them 🙏
Thanks for reading!
Cheers,
Clint
@clintgibler