📺️ Bridging Security & Productivity with Systems Thinking

I had a great chat with my friend Laksh Raghavan, Founder of Cyb3rSyn Labs, on applying systems thinking to security.

As a former Director-level security leader at PayPal, LinkedIn, and JPMC, Laksh is familiar with the challenges of securing a complex environment at scale.

We discussed:

• The power of multidisciplinary thinking, leveraging the best ideas from other domains (e.g. marketing, psychology) and applying them to security.

• Why we should focus on dissolving, not fixing problems.

• The importance of understanding the root cause of an outcome in a system, vs addressing the symptoms (e.g. vulnerability management).

• And more!

👉️ Watch on YouTube | Listen on Spotify 👈️ 

Sponsor

📣 Secure your cloud workspace before, during and after a breach

Your Google Workspace or Microsoft 365 platform is where your company works, communicates, and collaborates. Protecting it with a patchwork of native security and point-solutions leave gaps, with the biggest being visibility after an attacker has made it inside.

Material Security is purpose-built to protect the entire cloud workspace, from email to data and accounts. With deep integration and powerful automations, Material prevents and detects a wider range of threats, responds to active attacks faster, and secures data and accounts even after a breach.

👉 See the Material difference! 👈

AppSec

pyllyukko/user.js
By @pyllyukko: A user.js configuration file for Firefox designed to harden browser settings and make it more secure, including: limiting tracking the user through web analytics, limiting browser fingerprinting, hardening the browser against known data disclosure or code execution vulnerabilities, hardening its encryption (cipher suites, protocols), limiting attack surface by disabling various features.

samyk/evercookie
By Samy Kamkar: Produces persistent, respawning "super" cookies in a browser, abusing over a dozen techniques. Its goal is to identify users after they've removed standard cookies and other privacy data such as Flash cookies (LSOs), HTML5 storage, SilverLight storage, and others.

Let them build
Semgrep’s new AppSec for Builders manifesto, describing how we view AppSec in the future, including: Guardrails over Gates, Real-world Impact over Audit Perfection, Fixed over Found, and more.

💡 Some fun context: my friend Luke O’Malley wanted to brainstorm with me in the initial conception of the manifesto, but I was really busy with tl;dr sec and BSidesSF talk prep, but he was willing to come over to my house and help me with meal prep (Luke is excellent at slicing veggies and quite the chef, FYI) 😂 We hammered out the initial version of a number of these over cooking together, and I pitched the X vs Y structure, inspired by Netflix’s Culture doc.

Luke then greatly improved the brainstorm and got feedback from a number of sharp industry folks, and I like the end result a lot.

Sponsor

📣 What Insider Threats Actually Look Like: A Lesson from Rippling’s Lawsuit

Ian Ahl, SVP of P0 Labs, combed through the Rippling lawsuit and shared his findings and how it pertains to insider threats. In this webinar, he breaks down how an alleged malicious insider searched for and exfiltrated data like sales pipelines and other sensitive information and how security teams can better detect anomalous activity like this in their own environment. In this 45-minute recording, you will learn:

• How search logs can often show clear intent of threat actors

• Why insider threats often strongly resemble attacks orchestrated by advanced threat actor groups

• How security teams can better monitor for anomalous behavior in their own environments to detect insider threats early

  👉 Watch Now 👈

The Rippling lawsuit is wild. Insider threats are tough, great to see a real world case broken down 👍️ 

Cloud Security

DataDog/attache
A tool that emulates cloud provider instance metadata service (IMDS) APIs to facilitate multi-cloud IAM by intercepting requests and forwarding them to HashiCorp Vault to retrieve application-scoped cloud credentials. See the companion fwd:cloudsec by talk by Ian Ferguson, Freeing Identity from Infrastructure.

dAWShund - framework to put a leash on naughty AWS permissions
FalconForce’s Nikolas Mantas introduces dAWShund, a framework of three tools (sAWSage, Gerakina, and dAWShund) for enumerating and analyzing AWS IAM permissions at scale. sAWSage collects and normalizes policies, Gerakina evaluates effective permissions using the SimulatePrincipalPolicy API, and dAWShund generates a graph database of the results for analysis in BloodHound or Neo4j.

Gaining Long-Term AWS Access with CodeBuild and GitHub
Adan Alvarez describes how attackers can abuse AWS CodeBuild and GitHub Actions to gain persistent access to compromised AWS environments by creating a CodeBuild project linked to an attacker-controlled GitHub repo, backdooring an IAM role to allow CodeBuild to assume it, and setting up a GitHub Action to execute AWS commands.

The post discusses detection opportunities and challenges, including CloudTrail logs appearing as legitimate CodeBuild activity and Access Analyzer not flagging the GitHub connection as external access.

Container Security

Zouuup/landrun
By Armin Ranjbar: Run any Linux process in a secure, unprivileged sandbox using Landlock. Think firejail, but lightweight, user-friendly, and baked into the kernel. Landrun is designed to make it practical to sandbox any command with fine-grained filesystem and network access controls. No root. No containers. No SELinux/AppArmor configs.

Kubernetes for Pentesters: Part 1
TrustedSec’s Kelsey Segrue provides an introduction to Kubernetes (K8s) from a penetration testing perspective, covering key terminology, reconnaissance techniques (tips for using crt.sh, Google, Censys, Shodan), and common misconfigurations (exposed ports and API endpoints that may reveal sensitive info). The post also shares a number of example curl commands to probe kube-apiserver, etcdAPI, and kubelet.

Supply Chain

in-toto/witness
A pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact provenance.

CVE Foundation
MITRE notified the CVE Board that the U.S. government doesn’t intend to renew its contract for managing the program, so this effort was spun up. Given the current geopolitical situation, de-funding cybersecurity departments seems… ill advised 🫠 

github/audit-actions-workflow-runs
A tool to audit your GitHub Actions workflow runs to see exactly which Actions were downloaded, down to the exact commit. Useful in the case of backdoored or malicious Actions and you’re trying to determine the impact, a la tj-actions/changed-files. H/T Kyle Kelly for sharing.

Analysis of 5000+ Malicious Open Source Packages
SafeDep shares stats from analyzing 5,576 open source packages from DataDog Malicious Packages Dataset. Most of the stats are high level/not super deep (e.g. breakdown by file extension, package size), but I thought the TTP section was interesting: the top 10 YARA rules matched >75% of malicious packages, with the most common being: using Burp Collaborator for exfiltration of data, having an npm preinstall command, phoning home, etc.

💡 The academic in me (you can take the serf out of the ivory tower, but you can’t…) wants to discuss datasets. I thought the top 10 YARA rules matching 75% of the malicious packages was interesting.

It could mean a) many of the samples are from the same malware authors who use similar malicious code patterns, b) malware authors just use similar simple TTPs, or c) the original DataDog research’s malicious package detection relied on a handful of patterns (Semgrep rules in GuardDog), so whatever they looked for is obviously represented in the malware dataset. That is, malware they weren’t looking for is not in the data.

Blue Team

Linux Detection Engineering - The Grand Finale on Linux Persistence
Elastic’s Ruben Groenewoud concludes his 5 part series on Linux persistence techniques, this time covering creative, complex, or rare persistence techniques, including GRUB bootloader manipulation, initramfs modifications (both manual and using Dracut), PolicyKit (Polkit) abuse, D-Bus exploitation, and NetworkManager dispatcher script abuse. The post provides detailed explanations of each technique, demonstrates practical implementation using the PANIX tool, and offers detection strategies using Elastic rules, ES|QL, and OSQuery.

Designing for Security and Usability: Figma's Modern Endpoint Strategy
Lamarr Henry describes how Figma prioritizes usability in their endpoint security approach, highlighting their Endpoint Security Baseline (ESB) and implementation of Santa for binary allowlisting. The ESB provides security controls like keeping browsers updated, disabling remote login functionality, and ensuring no kernel extensions are running. The ESB uses OSQuery to detect risks (e.g. a kernel extension being installed), automatically quarantines devices like preventing access to AWS, GitHub, and GSuite, and provides self-service remediation options via Slack.

For Santa, Figma used Monitor Mode data to observe which binaries are being run to create a tailored allowlist and implemented a self-service approval workflow. Finally, they use Opal for just-in-time role-based access controls.

💡 I love the focus on security + usability! See also my interview with Figma’s head of security Dev Akhawe here or my chat with Letty Lourenco on how Netflix thinks about user-friendly secure defaults and self-service.

Red Team

b3rito/peeko
A browser-based XSS-powered Command and Control (C2) tool that leverages the victim’s browser as a stealthy proxy inside internal networks. Through an injected XSS payload, peeko establishes a WebSocket connection to a central server, allowing an attacker to remotely control the victim’s browser to send requests to internal services, scan networks, exfiltrate data, or even execute arbitrary JavaScript — all without dropping a single binary.

Hijacking GCC with LD_PRELOAD
MatheuZ demonstrates how to hijack GCC's compilation process using LD_PRELOAD to inject malicious code into binaries without modifying source code. The compiled binary looks legitimate, but it’s infected with malicious code, ready to be executed at the right time. The technique involves hooking execve and posix_spawn (to modify gcc calls), injecting a malicious static library during linking. See the ElfDoor-gcc PoC on GitHub.

AI + Security

💡 If I had a $1 for every MCP-related security tool or blog post I’ve seen in the past few weeks I could buy a house in San Francisco, instead of writing this newsletter lurking under a bridge like a troll, as per usual.

Security-focused models

• Google announced Sec-Gemini v1, which combines Gemini’s capabilities with near real-time cybersecurity knowledge (integrations with Google Threat Intelligence, OSV, and Mandiant data) and tooling to enhance SecOps workflows including incident root cause analysis, threat analysis, and vulnerability impact understanding.

• Trend Micro released select Trend Cybertron models, datasets, and agents. See also their Cloud Risk Assessment Agent on GitHub and this paper on their open source security datasets for LLM training.

invariantlabs-ai/mcp-scan
By Invariant Labs: A security tool to scan your installed MCP servers for common security vulnerabilities like prompt injections, tool poisoning and cross-origin escalations, as well as providing tool pinning to prevent MCP rug pull attacks (detecting changes to MCP tools via hashing).

💡 Note: tool names and descriptions are sent to their API, which does the analysis.

Introducing Agentic Radar: The New OSS Tool for AI Workflow Transparency
SplxAI discusses three key challenges in AI security (lack of visibility into integrated tools, unclear risks from connected LLMs, and the need for explainability to meet new AI regulations), and announces their open source project agentic-radar, that can create a security report for agentic systems, including:

• Workflow Visualization - a graph of the agentic system's workflow

• Tool Identification - a list of all external and custom tools utilized by the system

• MCP Server Detection - a list of all MCP servers used by system's agents

• Vulnerability Mapping - a table connecting identified tools to known vulnerabilities.

Repello-AI/Agent-Wiz
By Repello AI: A CLI tool for threat modeling and visualizing AI agents built using popular frameworks like LangGraph, AutoGen, CrewAI, and more. It extracts agentic workflows from popular AI frameworks and performs automated threat assessments using established threat modeling methodologies (MAESTRO).

💡 Editor’s note: this appears to be a fast follow of SplxAI’s Agentic Radar, described above. I haven’t had time yet to compare the two.

harishsg993010/damn-vulnerable-MCP-server
A deliberately vulnerable implementation of the Model Context Protocol, with 10 challenges of increasing difficulty, covering prompt injection, tool poisoning, excessive permissions, rug pull attacks, tool shadowing, token theft, malicious code execution, remote access control, and multi-vector attacks.

Everything Wrong with MCP
Shrivu Shankar covers a number of MCP challenges, including protocol security issues (e.g., AuthN, potential for running malicious code locally, MCP servers often trust their inputs), UI/UX limitations (lack of tool risk levels and cost controls, transmits unstructured text by design), and LLM security concerns (enhanced prompt injections, data exposure risks). Shrivu also examines LLM limitations in reliably using MCP tools and the challenges in creating universally effective tool definitions across different assistants and contexts.

See also The “S” in MCP Stands for Security by Elena Cross.

Misc

Tech / AI

• Daniel Miessler - A Possible Path to ASI

• Black Mirror’s pessimism won’t lead us to a better future

• CALYPSO: LLMs as Dungeon Masters' Assistants

• Fintech founder charged with fraud after ‘AI’ shopping app found to be powered by humans in the Philippines

• Facebook Whistleblower Makes Shock Claim About Mark Zuckerberg During Senate Testimony

Misc

• China admitted that it conducted Volt Typhoon cyberattacks on U.S. infrastructure

• Shitposting as public pedagogy

• The Wisconsin cartographer who mapped Tolkien’s fantasy world

Relationships / Feelz

• Chris Williamson - How To Find The Love Of Your Life - Ty Tashiro

• Matthew Hussey - 7 Essential Mindsets for Surviving Modern Dating

• Jillian Turecki - Unmet Needs vs. Unrealistic Expectations: Where to Draw the Line in a Relationship

• A lesson in self-kindness - A behind the scenes glimpse into Chris Williamson’s life. I especially found interesting his self criticism and inability to enjoy the present moment, even in a historic week where he’s “made it” - going on Joe Rogan, interviewing Naval.

  • 44 Harsh Truths About Human Nature - Naval Ravikant

• Mark Manson decided to shut down his podcast even though it was quite successful. There’s some really interesting behind the scenes takes on the interview podcast hamster wheel, bringing on high profile guests to leverage their audience and then feeling pressure to not disagree with them, how guests hit the same talking points on every podcast, etc. Instead, he’s going to do a series of deep dives into particular areas

Parenting

• Emoji Translator: A simple, mobile-friendly web tool that helps parents and guardians decode modern teen messaging. It translates emojis and slang phrases often used in texts and chats into plain English — covering topics like sexting, drugs, online bullying, and gaming slang.

• Kermit: A typeface for kids - New typeface by Microsoft designed to make reading easier, improve comprehension, and help dyslexics.

✉️ Wrapping Up

Have questions, comments, or feedback? Just reply directly, I’d love to hear from you.

If you find this newsletter useful and know other people who would too, I'd really appreciate if you'd forward it to them 🙏

Thanks for reading!

Cheers,
Clint
@clintgibler