• tl;dr sec
  • Posts
  • [tl;dr sec] #85 - Machine Learning, GraphQL, and Modern Static Analysis

[tl;dr sec] #85 - Machine Learning, GraphQL, and Modern Static Analysis

Attacking ML models, deep learning side-channel attacks, CSRF and batch GraphQL attacks, how modern static analysis should work.

Author

Clint Gibler
May 26, 2021

Hey there,

I hope you’ve been doing well!

Sunscreen vs Infosec Product Marketing

One thing that consistently makes me smile is well done snark about the security industry.

As someone in infosec and whose melanin levels cause the sun to be a mortal enemy (not uncorrelated variables), this diagram by Kelly Shortridge made me feel #seen.

Kelly also co-authored a book on Security Chaos Engineering with Aaron Rinehart. Check it out!

SS-Oh No You Didn’t!

I want your opinion on something.

If you were parachuted into a startup with ~20-30 employees who prioritized security, had some but not an infinite budget, and you wanted to choose an SSO provider that will provide useful security properties and will grow with you as your company grows, what would you choose?

Assume a little hesitation due to the SSO tax, but not a prohibitive amount.

Feel free to respond with additional options, ideas, or how you’d weigh the trade-offs.

Thanks friend! 🙏

Sponsor

📢 Scale your security team with Faraday

Attack surface increases day-by-day, reaching limits of every team's resources without proactive collaboration, automation and cross-company integrations.

What if you could automate daily tasks, like running your favorite scanners and actions based on findings? normalize and review results from different sources, manage, tag, track vulnerabilities as a team and generate outstanding reports with ease.

Faraday is a Vulnerability Management platform that enables teams to scale. Let us show you how to rethink Vulnerability Management.

📜 In this newsletter...

  • AppSec: AppSec resources, modern static analysis

  • Web Security: Resources for new Burp pro users, Gareth Heyes' Hackvertor Burp extension

  • GraphQL: CSRF in GraphQL and InQL update, obtaining a schema when introspection is disabled, the "batching" attack

  • Supply Chain: CNCF best practices guide

  • Cloud Security: Modern bastion hosts, iam zero open source, GCP products in <= 4 words

  • Container Security: Tool to find outdated images, installer for airgapped clusters

  • Machine Learning: Attack/defense competition, tool to attack ML models, using deep learning to carry out side-channel attacks, writing code with GPT-3 autocomplete

  • Red Team: In-memory embedding of CPython

  • Politics / Privacy: SF's shoplifting surge, the fully story of the RSA hack, how self-promoting security vendors help ransomware hackers, Apple's censorship in China

  • Misc: The impact of easy image manipulation tools on social media and body image

AppSec

Application Security Knowledgebase
Ishaq Mohammed has collected a number of articles, blogs/websites, resources, videos, slides, books, DevOps resources, and people to follow. I’m honored that tl;dr sec is included amongst so many great resources!

Modern Static Analysis: how the best tools empower creativity
Figma’s Dev Akhawe is one of my favorite people to chat with about modern security programs and scaling security. We share a love of writing tools that find bugs in software (as well as Shakespeare, but that’s not relevant here. Yet.). I highly recommend reading this post to see a bit about how he thinks.

Historically, heavyweight, slow static analysis tools focused on finding vulnerabilities. This approach is fundamentally not the right path for scaling security in modern development. Security teams today need tools that are fast, customizable to our codebases, can easily be added to any part of the SDLC, and are effective at enforcing secure coding patterns to prevent vulnerabilities

As security engineering teams define best practices, they need a scalable, low-noise mechanism to detect unsafe practices and point developers toward safe coding mechanisms. These practices are often specific to the company. A security engineer today will often identify bad patterns, write a safe version, and then rely on the static analysis tool to help identify usage of the unsafe pattern in all old and new code. A static analysis engine that doesn’t allow customization and modification is a non-starter. Working with static analysis tools today is no longer a purely operational workflow, it’s a creative venture where a security engineer is building something new on top of the analysis engine.

Dev’s favorite static analysis tool? Semgrep.

Web Security

Great getting started resources for new users of Burp Suite Professional
Pro video tutorials from Portswigger, pro-exclusive features you should try, the web security academy, content from the community, tutorials and guides, the BApp Store/Burp Extender, and more.

SecuriTEA & Crumpets Ep6 - Gareth Heyes - Hackvertor
Portswigger’s Gareth Heyes joins Lewis Arden to demo his Burp Suite extension Hackvertor. Hackvertor allows you to easily perform multiple levels of encoding easily, to bypass WAFs for example, as well as auto decoding, which guesses the type of conversion required.

GraphQL

That single GraphQL issue that you keep missing
Doyensec’s Tomasz Swiadek, Andrea Brancaleoni describe that many GraphQL implementations are actually vulnerable to CSRF. GraphQL services typically appear to only accept the application/json Content-Type, but oftentimes middleware magic causes them to accept equivalent form-urlencoded POSTs, which makes CSRF possible. Other issues include GET requests being used for both queries and mutations as well as XS-Search attacks. InQL v4 has been released which helps in detecting these issues.

nikitastupin/clairvoyance
By Nikita Stupin: Clairvoyance enables you to get a target’s GraphQL API schema even when introspection is disabled. The schema is produced in JSON format, suitable for other tools like GraphQL Voyager, InQL or graphql-path-enum.

GraphQL Batching Attack
This Wallarm post describes how GraphQL allows you to “batch” multiple requests in the same request. This has significant security implications; for example: trying many email/password pairs in the same request may allow you to bypass rate limiting, you could try every 2FA token value in one request, etc. I wonder if there are interesting race condition / TOCTOU bugs you could find as well.

Supply Chain

CNCF Paper Defines Best Practices for Supply Chain Security
New ~45 page whitepaper by the Cloud Native Computing Foundation (CNCF) on building a secure supply chain. The paper is quite detailed and useful, and there’s also a 1 page checklist here.

Cloud Security

Modern Bastion Hosts
Sigma’s Joshua Stuts proposes that modern bastion hosts should: use SSH certificates, be centrally managed and cloud platform agnostic, log activity to a Cloud Data Warehouse, and have runtime security & alerting. He describes how Sigma uses Okta SSO + Okta Advanced Server Access for SSH certificate and server management.

IAM Zero
Originally called out in tl;dr sec 79, IAM Zero now has a site and is Apache 2.0 licensed on GitHub. IAM Zero uses an instrumentation layer to capture AWS API calls, sends them to a collector, and then suggests one or more least privilege policies. Chat with Chris Norman on the Reddit announcement post.

The Google Cloud Developer’s Cheat Sheet 
By Greg Wilson et al: Every product in the Google Cloud family described in <=4 words (with liberal use of hyphens and slashes 😏).

Container Security

replicatedhq/outdated
Kubectl plugin to find and report outdated images running in a Kubernetes cluster, by Replicated.

replicatedhq/kURL
A Kubernetes installer for airgapped and online clusters, combining upstream k8s with overlays and popular components, by Replicated.

Machine Learning

AI security risk assessment using Counterfit
Microsoft has released Counterfit, an open source tool for assessing the security of AI / machine learning systems. It comes preloaded with published attack algorithms (like from MITRE’s Adversarial ML Threat Matrix), is data agnostic (works on AI models using text, images, or generic input), and has attack parameters you can tweak. Very cool work.

Hacker’s guide to deep-learning side-channel attacks: the theory
Epic guide by Google’s Elie Bursztein. Source code of the PoC included.

This blog post series provides a practical step-by-step guide to using deep learning to carry out a side-channel attack – one of the most powerful cryptanalysis techniques. We are going to teach you how to use TensorFlow to recover the AES key used by the TinyAES implementation running on an ARM CPU (STM32F415) from power consumption traces.

Microsoft has built an AI-powered autocomplete for code using GPT-3
In Microsoft’s first commercial use of its OpenAI exclusive license, they’re releasing an assistive feature in the company’s PowerApps software that turns natural language into code. Currently it only works for formulas in Microsoft Power Fx, a simple programming language derived from Microsoft Excel formulas that’s used mainly for database queries.

It’s great to see programming made more accessible for a broader audience, and I’m sure this is the first of much more similar work to come. After all, if you wanted to do this effectively for other programming languages you’d need a big corpus. Wait, who bought GitHub again? 😉

Red Team

scythe-io/in-memory-cpython
An in-memory embedding of CPython, useful for offense / red teams.

Politics / Privacy

San Francisco’s Shoplifting Surge
“At a board of supervisors hearing last week, representatives from Walgreens said that thefts at its stores in San Francisco were four times the chain’s national average, and that it had closed 17 stores, largely because the scale of thefts had made business untenable.”

The Full Story of the Stunning RSA Hack Can Finally Be Told
The 10 year NDAs are up, and now we can hear from the people who were there at the time. Fascinating narrative, including how the intrusion was originally discovered, how they tracked the attackers through the network, and the precautions they took in the aftermath:

  • Executives held meetings in person and shared paper copies of documents, not trusting electronics.

  • Wide-spread additional background checks.

  • The windows of some executives’ offices and conference rooms were covered in layers of butcher paper, to prevent laser microphone surveillance.

  • Buildings were torn apart, looking for bugs.

  • Mass wiping of any box the attackers touched, and even those adjacent to them.

The Colonial Pipeline Ransomware Hackers Had a Secret Weapon: Self-Promoting Cybersecurity Firms
Independent security researchers have been breaking ransomware and secretly distributing decryptors to victims. Then some AV company proclaims, “Hey look at this decrypter we built!!1!” with enough details to reproduce the issue. The criminals then thank them for the tip and fix the weakness.

The incident led the Hunting Team to coin a term for the premature exposure of a weakness in a ransomware strain. “Internally, we often joke, ‘Yeah, they are probably going to pull a Bitdefender,’” Wosar said.

Censorship, surveillance and profits: A hard bargain for Apple in China
Apple’s data center in China is physically managed by Chinese state employees, and the keys used to unlock encrypted data are stored in the data centers they’re meant to secure. Apple proactively censors its Chinese App Store, relying on software and employees to flag and block apps that Apple managers worry could run afoul of Chinese officials, like foreign news outlets, gay dating services, encrypted messaging apps, tools for organizing pro-democracy protests and skirting Internet restrictions, as well as apps about the Dalai Lama.

U.S. law has long prohibited American companies from turning over data to Chinese law enforcement. However, Apple has ceded legal ownership of its Chinese customers’ data to a Chinese company so Chinese authorities can ask this company, not Apple, for customer data.

Twitter thread responses by: Cory Doctorow and Matt Green.

Misc

Selfies, Surgeries And Self-Loathing: Inside The Facetune Epidemic
Devastating post about how popular apps like Facetune promote unrealistic beauty expectations on social media, leading many to feel like they can’t post unmodified images.

✉️ Wrapping Up

Have questions, comments, or feedback? Just reply directly, I'd love to hear from you.

If you find this newsletter useful and know other people who would too, I'd really appreciate if you'd forward it to them 🙏

Thanks for reading!

Cheers,
Clint