[tl;dr sec] #85 - Machine Learning, GraphQL, and Modern Static Analysis
Attacking ML models, deep learning side-channel attacks, CSRF and batch GraphQL attacks, how modern static analysis should work.
I hope you’ve been doing well!
Sunscreen vs Infosec Product Marketing
One thing that consistently makes me smile is well done snark about the security industry.
As someone in infosec and whose melanin levels cause the sun to be a mortal enemy (not uncorrelated variables), this diagram by Kelly Shortridge made me feel #seen.
SS-Oh No You Didn’t!
I want your opinion on something.
If you were parachuted into a startup with ~20-30 employees who prioritized security, had some but not an infinite budget, and you wanted to choose an SSO provider that will provide useful security properties and will grow with you as your company grows, what would you choose?
Assume a little hesitation due to the SSO tax, but not a prohibitive amount.
Feel free to respond with additional options, ideas, or how you’d weigh the trade-offs.
Thanks friend! 🙏
📢 Scale your security team with Faraday
Attack surface increases day-by-day, reaching limits of every team's resources without proactive collaboration, automation and cross-company integrations.
What if you could automate daily tasks, like running your favorite scanners and actions based on findings? normalize and review results from different sources, manage, tag, track vulnerabilities as a team and generate outstanding reports with ease.
Faraday is a Vulnerability Management platform that enables teams to scale. Let us show you how to rethink Vulnerability Management.
📜 In this newsletter...
AppSec: AppSec resources, modern static analysis
Web Security: Resources for new Burp pro users, Gareth Heyes' Hackvertor Burp extension
GraphQL: CSRF in GraphQL and InQL update, obtaining a schema when introspection is disabled, the "batching" attack
Supply Chain: CNCF best practices guide
Cloud Security: Modern bastion hosts, iam zero open source, GCP products in <= 4 words
Container Security: Tool to find outdated images, installer for airgapped clusters
Machine Learning: Attack/defense competition, tool to attack ML models, using deep learning to carry out side-channel attacks, writing code with GPT-3 autocomplete
Red Team: In-memory embedding of CPython
Politics / Privacy: SF's shoplifting surge, the fully story of the RSA hack, how self-promoting security vendors help ransomware hackers, Apple's censorship in China
Misc: The impact of easy image manipulation tools on social media and body image
Application Security Knowledgebase
Ishaq Mohammed has collected a number of articles, blogs/websites, resources, videos, slides, books, DevOps resources, and people to follow. I’m honored that tl;dr sec is included amongst so many great resources!
Modern Static Analysis: how the best tools empower creativity
Figma’s Dev Akhawe is one of my favorite people to chat with about modern security programs and scaling security. We share a love of writing tools that find bugs in software (as well as Shakespeare, but that’s not relevant here. Yet.). I highly recommend reading this post to see a bit about how he thinks.
Dev’s favorite static analysis tool? Semgrep.
Great getting started resources for new users of Burp Suite Professional
Pro video tutorials from Portswigger, pro-exclusive features you should try, the web security academy, content from the community, tutorials and guides, the BApp Store/Burp Extender, and more.
SecuriTEA & Crumpets Ep6 - Gareth Heyes - Hackvertor
Portswigger’s Gareth Heyes joins Lewis Arden to demo his Burp Suite extension Hackvertor. Hackvertor allows you to easily perform multiple levels of encoding easily, to bypass WAFs for example, as well as auto decoding, which guesses the type of conversion required.
That single GraphQL issue that you keep missing
Doyensec’s Tomasz Swiadek, Andrea Brancaleoni describe that many GraphQL implementations are actually vulnerable to CSRF. GraphQL services typically appear to only accept the application/json Content-Type, but oftentimes middleware magic causes them to accept equivalent form-urlencoded POSTs, which makes CSRF possible. Other issues include GET requests being used for both queries and mutations as well as XS-Search attacks. InQL v4 has been released which helps in detecting these issues.
By Nikita Stupin: Clairvoyance enables you to get a target’s GraphQL API schema even when introspection is disabled. The schema is produced in JSON format, suitable for other tools like GraphQL Voyager, InQL or graphql-path-enum.
GraphQL Batching Attack
This Wallarm post describes how GraphQL allows you to “batch” multiple requests in the same request. This has significant security implications; for example: trying many email/password pairs in the same request may allow you to bypass rate limiting, you could try every 2FA token value in one request, etc. I wonder if there are interesting race condition / TOCTOU bugs you could find as well.
CNCF Paper Defines Best Practices for Supply Chain Security
New ~45 page whitepaper by the Cloud Native Computing Foundation (CNCF) on building a secure supply chain. The paper is quite detailed and useful, and there’s also a 1 page checklist here.
Modern Bastion Hosts
Sigma’s Joshua Stuts proposes that modern bastion hosts should: use SSH certificates, be centrally managed and cloud platform agnostic, log activity to a Cloud Data Warehouse, and have runtime security & alerting. He describes how Sigma uses Okta SSO + Okta Advanced Server Access for SSH certificate and server management.
Originally called out in tl;dr sec 79, IAM Zero now has a site and is Apache 2.0 licensed on GitHub. IAM Zero uses an instrumentation layer to capture AWS API calls, sends them to a collector, and then suggests one or more least privilege policies. Chat with Chris Norman on the Reddit announcement post.
Machine Learning Security Evasion Competition 2021 Calls for Researchers and Practitioners
Try your hand at attacking and/or defending ML systems.
AI security risk assessment using Counterfit
Microsoft has released Counterfit, an open source tool for assessing the security of AI / machine learning systems. It comes preloaded with published attack algorithms (like from MITRE’s Adversarial ML Threat Matrix), is data agnostic (works on AI models using text, images, or generic input), and has attack parameters you can tweak. Very cool work.
Hacker’s guide to deep-learning side-channel attacks: the theory
Epic guide by Google’s Elie Bursztein. Source code of the PoC included.
Microsoft has built an AI-powered autocomplete for code using GPT-3
In Microsoft’s first commercial use of its OpenAI exclusive license, they’re releasing an assistive feature in the company’s PowerApps software that turns natural language into code. Currently it only works for formulas in Microsoft Power Fx, a simple programming language derived from Microsoft Excel formulas that’s used mainly for database queries.
It’s great to see programming made more accessible for a broader audience, and I’m sure this is the first of much more similar work to come. After all, if you wanted to do this effectively for other programming languages you’d need a big corpus. Wait, who bought GitHub again? 😉
An in-memory embedding of CPython, useful for offense / red teams.
Politics / Privacy
San Francisco’s Shoplifting Surge
“At a board of supervisors hearing last week, representatives from Walgreens said that thefts at its stores in San Francisco were four times the chain’s national average, and that it had closed 17 stores, largely because the scale of thefts had made business untenable.”
The Full Story of the Stunning RSA Hack Can Finally Be Told
The 10 year NDAs are up, and now we can hear from the people who were there at the time. Fascinating narrative, including how the intrusion was originally discovered, how they tracked the attackers through the network, and the precautions they took in the aftermath:
Executives held meetings in person and shared paper copies of documents, not trusting electronics.
Wide-spread additional background checks.
The windows of some executives’ offices and conference rooms were covered in layers of butcher paper, to prevent laser microphone surveillance.
Buildings were torn apart, looking for bugs.
Mass wiping of any box the attackers touched, and even those adjacent to them.
The Colonial Pipeline Ransomware Hackers Had a Secret Weapon: Self-Promoting Cybersecurity Firms
Independent security researchers have been breaking ransomware and secretly distributing decryptors to victims. Then some AV company proclaims, “Hey look at this decrypter we built!!1!” with enough details to reproduce the issue. The criminals then thank them for the tip and fix the weakness.
Censorship, surveillance and profits: A hard bargain for Apple in China
Apple’s data center in China is physically managed by Chinese state employees, and the keys used to unlock encrypted data are stored in the data centers they’re meant to secure. Apple proactively censors its Chinese App Store, relying on software and employees to flag and block apps that Apple managers worry could run afoul of Chinese officials, like foreign news outlets, gay dating services, encrypted messaging apps, tools for organizing pro-democracy protests and skirting Internet restrictions, as well as apps about the Dalai Lama.
U.S. law has long prohibited American companies from turning over data to Chinese law enforcement. However, Apple has ceded legal ownership of its Chinese customers’ data to a Chinese company so Chinese authorities can ask this company, not Apple, for customer data.
Selfies, Surgeries And Self-Loathing: Inside The Facetune Epidemic
Devastating post about how popular apps like Facetune promote unrealistic beauty expectations on social media, leading many to feel like they can’t post unmodified images.
✉️ Wrapping Up
Have questions, comments, or feedback? Just reply directly, I'd love to hear from you.
If you find this newsletter useful and know other people who would too, I'd really appreciate if you'd forward it to them 🙏
Thanks for reading!