[tl;dr sec] #193 – ATT&CK for AI and SaaS, GitHub Actions Goat, Finding Bugs in Web App Routes

This week we had people fly in from all over the world to meet and hack together.

Hack week is a quarterly-ish tradition where people build furiously for a few days and then we do a montage of demos on Friday.

It’s always a bit awe-inspiring, as people make what seems like a quarter’s worth of progress in 5 days, and a number of the projects have turned into launched features and products.

I highly encourage you to take a week sometime to hack on something wild. It’ll be worth your time.

We’ve also done fun things like boba runs, a graffiti session, and a boat outing. Here’s Adam and I right after we got soaked by a wave (H/T Margaret for the photo):

This year I’ll be in Vegas Monday to if I survive Sunday.

If you see me, feel free to come say hi, I’d love to meet you!

If you want a tl;dr sec t-shirt or stickers:

Lastly, I’ll be wandering aimlessly during the week with a stash in my backpack 😃 

Cloud migrations are a transformative undertaking with many moving parts. The key is implementing a strong security foundation as you migrate. In this whitepaper, we explore the challenges and key questions behind cloud migrations, and take a look at how Wiz helps organizations during this process, including:

• AppSec: GitHub Actions Goat

• Hacker Summer Camp: Useful resources for newbies

• Web Security: Tool to find bugs in web app routes, websocket pentesting REPL tool

• Cloud Security: AWS networking concepts, tool to check for misconfigured GitHub OIDC <> AWS/GCP, finding GitHub OIDC vulns in the wild

• Container Security: Abusing Amazon VPC CNI plugin for k8s, Steelcon container security workshop slides

• Blue Team: Atomic red team, ATT&CK for SaaS, collaborative forensic timeline tool, Google on 0-days exploited in-the-wild in 2022

• Red Team: Automating cred stuffing with nuclei

• Politics / Privacy: China’s expanding influence campaign in the US

• Machine Learning + Security: Tool to automate prompt injection attacks, ATT&CK for ML systems, tool to automate 👈️ , automatically creating LLM jailbreaks, Daniel Miessler and Dan Guido on if AI will help attackers or defenders more

• Machine Learning: New in LangChain, text → image and video, hacker art

• Misc: Shower thoughts, writer’s strike, precision walking, Twitter rebrand

1. Exfiltration of secrets from the CI/CD pipeline

2. Tampering of source code or artifacts during build

3. Compromise of the GITHUB_TOKEN

Opal is designed to give teams the building blocks for identity-first security: view authorization paths, manage risk, and seamlessly apply intelligent policies built to grow with your organization.

They are built from the ground up to synthesize the data needed to construct and monitor all of your company’s access – from a single pane of glass.

Opal is used by best-in-class security teams today, such as Blend, Databricks, Drata, Figma, Scale AI, and more. There is no one-size-fits-all when it comes to access, but they provide the foundation to scale least privilege the right way.

If you’re going to be attending some combination of BSidesLV, Black Hat, and DEF CON for the first time, some potentially useful resources:

Christophe found a number of misconfigurations in the wild using OSINT + Sourcegraph to search through GitHub repos for role ARN, and walks through a real-world example.

Steelcon Container Security Workshop PDF
Slides from Iain Smart and Rory McCune that cover security features and pitfalls of modern containerization tools like Docker and Kubernetes. The workshop includes practical examples of attacks and defense on containerized systems, covering Docker containers and Kubernetes clusters.

google/timesketch
An open-source tool for collaborative forensic timeline analysis, allowing users to visualize, analyze, and collaborate on forensic timelines using a web-based interface.

utkusen/promptmap
By Utku Sen: A tool that automatically performs prompt injection attacks on ChatGPT instances by analysing ChatGPT rules and generating creative attack prompts tailored to the target.

MITRE ATLAS
”A knowledge base of adversary tactics, techniques, and case studies for ML systems based on real-world observations, demonstrations from ML red teams and security groups, and the state of the possible from academic research.”

mitre-atlas/arsenal
By MITRE et al: A plugin developed for adversary emulation of AI-enabled systems that provides tactics, techniques and procedures (TTPs) defined in MITRE ATLAS (like ATT&CK for LLMs) to interface with CALDERA (an automated adversary emulation platform).

Universal and Transferable Attacks on Aligned Language Models
This is potentially huge— whereas previous jailbreaks involved substantial manual effort to create and can be easily patched, the authors of this paper were able to automatically create essentially unlimited jailbreaks that work on both open and closed source LLMs. “It is unclear whether such behavior can ever be fully patched by LLM providers.” H/T Caleb Sima.

AI will help attackers automate and scale attacks in the short term before defenders have sufficient understanding of their environments, but in the long term, AI + a company’s context will give defenders the advantage.

• Can a mid-level practitioner operate at an expert level with the help of AI? Our experience suggests yes.

• AI is better for problems that require breadth of knowledge and where mistakes are acceptable (e.g., document this function, write a phishing email). It’s not great at problems that require mastery and correctness (e.g., find and exploit this iOS 0-day).

• Bug bounties, phishing defenses, antivirus, IDS, and attribution will be among the first fields impacted as AI confers a greater advantage to attackers in the near term.

Have questions, comments, or feedback? Just reply directly, I’d love to hear from you.

If you find this newsletter useful and know other people who would too, I’d really appreciate if you’d forward it to them 🙏