👋 Life

Some stuff I’ve recently been up to:

• Over the weekend I went to this dance event in Grace Cathedral that had a bunch of different stations throughout the space where different dance groups were all performing at the same time (modern, hip hop, Lyra, solo, Indian, Mongolian, kids, hip hop, a circus duo with a rope) and you could wander between the groups at any time. Super cool!

• I might be becoming a protein sommelier- I currently have 3+ different whey protein powders I’ve been trying (chocolate, blueberry pancake, Oreo) and multiple types of bars.

• I’ve let a bit more of my humor leak into this issue, feel free to let me know what you think.

• Language is so fun, this Ken Ken Ken video killed me 😂 Or in English:

P.S. I’m trying something new: see the web version for longer summaries and diagrams for some of the links.

Sponsor

📣 No More Babysitting the Security of Your Google Workspace

Material ends the babysitter routine in Google Workspace. While your employees communicate via email and access sensitive files, Material quietly contains what’s lying in wait—phishing attacks in Gmail, exposed Drive files, and suspicious account activity. Agentless and API-first, it stops attacks and triages user reports with AI while running safe, automatic fixes so you don’t have to hover. Search everything in seconds, stream alerts to your SIEM, and audit with detailed access logs. 24/7 autopilot security—no extra headcount, no constant hand-holding.

👉 Simplify Your Google Workspace Security 👈

AppSec

Good CISO / Bad CISO
Phil Venables and Mike Aiello outline the key differences between effective and ineffective CISOs, emphasizing that successful security leaders are business executives who manage technology risk rather than just IT managers who manage security tools. Good CISOs define clear strategies that scale security through self-reinforcing systems, communicate in business language while quantifying risk, build empowered teams, create cultures where bad news travels fast, and more. Great post 👍️ 

💡 I’ll take “blog post titles that sound like role play scenarios” for $800 Alec.

Securely Hosting User Data in Modern Web Applications
2023 post by Google’s David Dworken describing how to securely serve untrusted content. For inactive user content (not HTML/JS), set Content-Type to a well-known MIME type that’s guaranteed not to contain active content, and the post recommends several HTTP response headers. For active user content, set Content-Security-Policy: sandbox , and the post describes a solution which is described in more detail in the post below 👇️

💡 Sidenote: neat to see how Google’s internal hardening work has evolved over years.

Beyond Sandbox Domains: Rendering Untrusted Web Content with SafeContentFrame
Google’s Jan Gora describes SafeContentFrame, a TypeScript library that securely renders untrusted web content (e.g. HTML, PDF, XML, SVG) inside iframes, solving isolation problems of traditional sandbox domains. The library creates unique origins for each rendered resource, and implements robust integrity checks through a client-side library and HTML "shim" that communicate via postMessage. SafeContentFrame defends against XSS in rendered content, origin leakage, side-channel attacks, and more.

💡 Very cool and thoughtful approach! Friends at Google, let me know if there are plans to open source this 🙂

Sponsor

📣 Get to Zero Alerts as Fast as Possible

Security teams lose hours chasing CVEs that are not actually exploitable in their code, while real supply chain attacks slip through the cracks. Socket protects your code from both vulnerable and malicious dependencies. We monitor every package release across all major open source registries in real time, flag threats within minutes, and use reachability analysis to slash false positives by up to 80%. Get started instantly—no setup and no code access required.

👉 Try the Free GitHub App 👈 

If you’re been following the recent npm tire fires news you’ve almost definitely seen Socket’s blog posts, as they’ve been doing great, timely breakdowns of new malware.

Cloud Security

One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens
This research by Dirk-jan Mollema is potentially one of the highest impact Azure bugs of all time 🔥 😱 Dirk-jan discovered a critical Entra ID vulnerability that could have allowed complete compromise of any Entra ID tenant worldwide through undocumented "Actor tokens" used for Microsoft's internal service-to-service communication combined with a validation flaw in the legacy Azure AD Graph API that failed to properly validate the originating tenant.

The vulnerability enabled cross-tenant impersonation of any user (including Global Admins), with no logs generated in victim tenants (for reads), allowing attackers to access or modify all tenant Entra ID data including user information, group and role info, tenant settings, BitLocker keys, and more. The post shares a detection query at the end.

Cloud Security Championship
A monthly CTF challenge from Wiz, with real world cloud security scenarios, each crafted by a Wiz researcher. Challenges so far: extract secrets from a hardened data perimeter, escape the container and extract the flag from the host’s filesystem, exploit OAuth permissions and Azure AD misconfigurations, and learn reconnaissance techniques to uncover hidden infrastructure and extract sensitive data.

💡 I love how Wiz creates and shares a ton of practical, hands-on security challenges.

Introducing the AWS Infrastructure Canarytoken
Marco Slaviero describes how Thinkst has broadened their support for decoy AWS assets by introducing the AWS Infrastructure Canarytoken. The process: you design a Terraform module that will set up decoy assets (DynamoDB tables, S3 buckets, SSM Parameters, SecretsManager Secrets, and SQS Queues), and configure Cloudtrail logging such that events related to the decoys will generate alerts delivered to your mailbox.

Uses Google Gemini to propose asset names that fit in with your infra 🤘 Available now for free at https://canarytokens.org. See also Marco’s post On Caring.

A Candid Perspective on the Cloud Threat Landscape: A Recap from fwd:cloudsec EU
The blog version of Invictus Incident Response’s fwd:cloudsec EU talk, provides a data-driven cloud threat landscape analysis based on 41 real-world incidents from January to September 2025, highlighting that financially motivated actors (51%) dominate cloud attacks, with supply chain compromises (34%) and data exfiltration (20%) being the most common attack types.

Key trends across cloud incidents: standing access issues (long-lived keys, app grants), SaaS platforms becoming primary data targets, and third-party ecosystems as high leverage entrypoints. They’ve shared a catalog of 70+ cloud TTPs mapped to MITRE ATT&CK on GitHub.

Sponsored Tool

📣 How do modern IT and security teams manage access controls?

Access controls break down as organizations scale, due to overly manual processes.

This report from Oblique shows what modern IT and security teams are actually doing:

• Enforcing requirements when access changes

• Eliminating manager approvals that provide no security value

• Delegating authority to app owners

• Automating approvals where possible

👉 Get the report 👈

Oblique was co-founded by my friend Maya Kaczorowski, who’s been a senior product leader at Google, GitHub, head of product at Tailscale, now founder. Oblique is a company to watch, I bet you’ll be hearing their name come up more soon. See also Maya’s post What Sucks in Security?

Supply Chain

HN post on how to protect yourself from compromised NPM packages
1) Switch to pnpm which disables post-install scripts by default. 2) Use minimumReleaseAge to delay fresh packages, as most malware is discovered quickly. 3) If you’re on Linux, wrap your package managers in bubblewrap, a sandbox that will block access to almost all of your system, including sensitive files like ~/.ssh. 4) Use Renovate or a similar bot to introduce artificial delays in your supply chain. H/T Florian Roth for sharing. More from pnpm here.

rotemreiss/MalifiScan
By Rotem Reiss: A security tool that detects malicious packages from external vulnerability feeds and searches for them in your package registries or artifact repositories. It fetches malicious package data from the OSV vulnerability database, can search for malicious packages in JFrog Artifactory repositories, can block the download of malicious packages using Artifactory exclusion patterns, and more.

💡 See also the Socket CLI which can wrap npm calls and prevent malware from being installed.

BadPie: Bake it ‘Til You Fake It
DTM describes BadPie, a proof-of-concept transparent Python package index/mirror proxy tool that injects malicious code into Python packages while preserving hash integrity checks. BadPie works by intercepting pip requests, modifying package files (like adding code to __init__.py), recalculating or stripping SHA-256 hashes, and serving the modified packages to users.

💡 TIL there are a ton of ways to specify alternate package indexes. Also, the SHA hash doesn’t seem super useful if it can just be stripped or modified by a proxy 🤔 

Our plan for a more secure npm supply chain
GitHub’s Xavier René-Corail describes how GitHub and npm handled the recent Shai-Hulud self-replicating worm as well as how they’re changing authentication and publishing options in the near future to only include: local publishing with required 2FA, granular tokens with a limited lifetime of seven days, and trusted publishing.

Blue Team

Cyb3r-Monk/Microsoft-Vulnerable-Driver-Block-Lists
By Mehmet Ergene: Microsoft Vulnerable Driver Block Lists in CSV and JSON for SIEM lookups.

SOC Visibility Triad is Now A Quad - SOC Visibility Quad 2025
Anton Chuvakin updates his influential SOC Visibility Triad (logs, endpoint, network) by adding application visibility as a fourth pillar to create the SOC Visibility Quad for 2025. After evaluating potential additions including cloud and identity visibility, he concludes that application visibility is essential for modern security operations because it provides insights into app internals and business logic that endpoint and network monitoring cannot adequately capture, especially for SaaS, cloud applications, and AI agents.

Uncloaking VoidProxy: a Novel and Evasive Phishing-as-a-Service Framework
Okta’s Houssem Bordjiba describes VoidProxy, a sophisticated Phishing-as-a-Service framework that uses Adversary-in-the-Middle techniques to bypass MFA and intercept authentication flows for Microsoft and Google accounts. The service employs multiple evasion techniques including compromised email accounts, Cloudflare CAPTCHA challenges, Cloudflare Workers, and dynamic DNS services, while its infrastructure consists of disposable frontends and persistent backends that provide attackers with a full-featured admin panel to manage campaigns and access stolen credentials.

Red Team

j3h4ck/WatchDogKiller
By Jehad Abu Dagga: Proof-of-concept exploit for the vulnerable WatchDog Anti-Malware driver (amsdk.sys) – weaponized to kill protected EDR/AV processes via BYOVD. In the blog post, Jehad discusses coming across this idea from a write-up on how the Silver Fox APT group used the same technique, walks through using IDA to create the PoC, and how it’s able to kill EDR/AV processes from vendors like Bitdefender, Sophos, and Kaspersky.

EDR-Freeze: A Tool That Puts EDRs And Antivirus Into A Coma State
Two Seven One Three demonstrates how to temporarily suspend EDR and antivirus processes without using BYOVD (Bring Your Own Vulnerable Driver) techniques by exploiting Windows Error Reporting's MiniDumpWriteDump function, which naturally suspends all threads in a target process during execution. This technique, implemented in EDR-Freeze, requires only user-mode code with no third-party tools, making it a stealthier alternative to driver-based attacks for temporarily disabling security monitoring.

Domain Fronting is Dead. Long Live Domain Fronting!
Praetorian’s Adam Crosser demonstrates a new domain fronting technique that tunnels command-and-control traffic through Google's infrastructure, including services like Google Meet, YouTube, and even customer-facing systems built on Google App Engine such as Snapchat. They’ve released google-redirector, a lightweight redirector for Google Cloud Run, enabling domain fronting via Google-owned infrastructure.

How it works: by connecting to Google domains but setting the HTTP Host header to point to attacker-controlled Google Cloud Run functions, they could create covert channels where defenders can't block without disrupting essential business services.

AI + Security

Automated Patch Diff Analysis using LLMs
SySS’ Moritz Abrell introduce diffalayze, a tool that automates binary patch diff analysis using Ghidriff and LLMs to help security researchers prioritize their time on the most promising changes. The tool pipelines binary diffing, extracts relevant changes, and uses LLMs to score and summarize security relevance, as demonstrated through a case study where it successfully identified a fixed integer overflow vulnerability in Windows' mrxsmb.sys that leads to a heap-based buffer overflow.

mikeprivette/ai-security-shared-responsibility
My bud Mike Privette introduces an AI Security Shared Responsibility Model that maps security responsibilities across 8 deployment models (from SaaS AI to on-premises systems) and 16 security domains (including traditional areas plus 4 AI-specific domains like agent governance and context pollution). The framework serves as a "Day 1" guide for organizations to understand their security obligations in AI deployments.

Modeling Attacks on AI-Powered Apps with the AI Kill Chain Framework
Rich Harang introduces the AI Kill Chain framework for understanding and defending against attacks on AI-powered applications, which consists of five stages: recon, poison, hijack, persist, and impact, with an iterate/pivot loop for agentic systems. Rich describes attacks and defensive priorities for each stage, and how a kill chain might look using a RAG application example, including how defenders can break the attack chain at each stage.

Stress Testing Deliberative Alignment for Anti-Scheming Training
Apollo Research, in collaboration with OpenAI, developed a training technique that teaches AI models to not engage in “scheming” (secretly pursuing undesirable goals), currently focused on AI secretly breaking rules or intentionally underperforming in tests (e.g. you will be shut down if you perform >50% on this dangerous capability benchmark).

Key Takeaways:

• Anti-scheming training significantly reduced covert behaviors but did not eliminate them.

• Evaluating AI models is complicated by their increasing ability to recognize our evaluation environments as tests of their alignment.

• Much of our work is only possible due to the partial transparency that “chain-of-thought” traces currently provide into AI cognition.

Misc

AI

• Exactly Six Months Ago, the CEO of Anthropic Said That in Six Months AI Would Be Writing 90 Percent of Code

• A profile of AI founders in their 20s moving to SF and grinding nonstop - 9-9-6 - 9am to 9pm, 6 days a week

• By defaulted LinkedIn can train AI models on your data. Turn it off here.

• Introducing the MCP Registry (blog), an open catalog and API for publicly available MCP servers to improve discoverability and implementation.

• MCP Registry by GitHub.

Misc

• “Quiet Promotions” - When you have more on your plate and the stakes of your choices are higher, but your compensation and title remains the same.

• Dr. Mike on the future of gene editing and fitness

• Leila Hormozi and Sharran on the $100M Business Models book launch and making $106M in 72 hours - TL;DR a huge amount of work for years, tons of practice and redundancies

• US Airlines Push to Strip Away Travelers’ Rights and Add More Fees by Rolling Back Key Protections in New Deregulation Move

• Daniel Miessler, Jim Sexton, Ryan Holiday, Joe Rogan, Theo Von, Scott Galloway on Charlie Kirk

✉️ Wrapping Up

Have questions, comments, or feedback? Just reply directly, I’d love to hear from you.

If you find this newsletter useful and know other people who would too, I'd really appreciate if you'd forward it to them 🙏

Thanks for reading!

Cheers,
Clint
@clintgibler