[tl;dr sec] #205 – Resume Prompt Injection, CVE PoCs, Server-side Sandboxing

OK I’m a little embarrassed to share this, but I trust you, dear reader.

I may have reached a new #PeakBayArea level last weekend-

I was riding in a driver-less Cruise car, while my friend was demoing different AI apps on his phone. Including a personal assistant that he said, “made his partner slightly jealous.” 😂 

It does all the good stuff you’d expect: looking for secrets via regexes and entropy analysis, can automatically validate live secrets via the provider’s API, can run as a pre-commit hook, leave PR comments, etc.

But also, because Semgrep is a great code analysis engine, it can semantically scan for secrets, like: “I know the second argument of [this API method] is a secret, so warn me if it’s ever hard-coded.”

Most existing tools are regex-based, which can’t do this.

You can read more here, and play around with it for free without talking to anyone, if you’d like.

Rampant cloud usage requires an advanced security playbook.

Wiz put together these AWS security best practices from leading cloud security orgs. Benchmark your strategy and improve your security posture across your AWS footprint with:

• Techniques to enforce least privilege across all identities

• How to limit uncontrolled exposure of sensitive assets

• Playbooks to extend protection of Kubernetes clusters (EKS)

• Plus critical recommendations by resource type (IAM, S3, Cloudtrail)

All of these advanced best practices for AWS are compiled in this checklist.

Archive Pwn tool released
Pentagrid AG has released a tool that creates archives with path traversal attacks, useful for testing web apps or embedded devices that accept archive formats. It supports multiple archive and file formats and implements a variety of attacks, including simple path traversal, symlink attacks, maximum Windows path length attacks, unicode normalization, and more.

The newest acronym on the AppSec scene is here: ASPM.

Gartner foresees that by 2026, 60% of software organizations will have an ASPM. But what actually is it?

Simply put, ASPM unifies application risk assessment, prioritization, and remediation, providing:

• An inventory of all application and software supply chain components.

• Security alert prioritization based on risk likelihood & business impact.

• Automation workflows and developer guardrails to fix and prevent risks.

• And more.

Learn more about the core components in the below checklist from Apiiro, a leader in ASPM.

AndrewWalsh/openapi-devtools
A Chrome extension that generates OpenAPI specifications in real time from network requests. Not a security tool but seems potentially useful for testers.

Oh-Auth – Abusing OAuth to take over millions of accounts
Salt Security’s Aviad Carmel describes how lack of access token verification led to serious vulnerabilities in Vidio, Bukalapak, and Grammarly. The attack: you use OAuth to log in on a malicious domain (“Log in with ”), the malicious domain then replays info from that flow to a benign domain on which you also use “Log in with…”, and gains access to your account.

One Scheme to Rule Them All: OAuth Account Takeover
Ostorlab’s Mohamed Benchikh walks through OAuth account takeovers using app impersonation through custom scheme hijacking. Basically, a malicious app can register the same OAuth custom scheme as a legitimate app, and when the OAuth flow is triggered, the malicious app receives the results of the OAuth flow instead, giving it access to whatever sensitive data the legit app would have had.

The post also gives a nice overview of OAuth attacks in general, mitigations for this specific attack, and a surprising attack you can do when a target app uses OAuth in both Android and iOS with different schemes.

In this post, James explores the same attack in other protocols, including HTTP/3, HTTP/1.1, WebSockets, and SMTP.

Attacking AWS Cognito with Pacu
Rhino Security Labs’ David Kutz-Marks highlights common Cognito security risks, and releases two new modules for their open-source AWS exploitation framework, Pacu: an enumeration module that enumerates and saves info about user, identity, and client pools, and an attack module that attempts to escalate privileges via user-modifiable attributes or assumable roles, among other features.

What Can Go Wrong When an EC2 Instance is Exposed to SSRF
Ermetic’s Lior Zatlavi discusses a new CNAPPgoat scenario that lets you experiment with a technique that leverages SSRF to trigger calls to AWS services from within an EC2 instance. This usage appears legitimate and could evade detection, due to the credentials being used from the instance they came from.

undistro/marvin
By Undistro: A CLI tool that uses Common Expression Language (CEL) expressions to scan Kubernetes clusters for potential issues, misconfigurations, and vulnerabilities, ensuring compliance with best practices and industry standards.

Server-side sandboxing: Containers and seccomp
Fantastic overview by Figma’s Hongyi Hu and Max Serrano on server-side sandboxing using containers and seccomp, comparing their security isolation (/ attack surface), performance, and development costs, highlighting their advantages, challenges, and what they implemented at Figma (nsjail → seccomp only, but it required big refactors).

ossf/malicious-packages
By OpenSSF: A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerability (OSV) format.

gittuf/gittuf
By OpenSSF: Gittuf provides a security layer for Git using some concepts introduced by The Update Framework (TUF). It handles key management for all developers on the repo, allows you to set permissions for repository branches, tags, files, etc., protects against various Git metadata manipulation attacks, and is backwards compatible with GitHub, GitLab, etc.

berylliumsec/nebula
By @berylliumsec_: An AI-Powered ethical hacking assistant that lets you provide testing instructions in natural language (e.g. “scan the top 10 ports of this IP”). In autonomous mode, you can provide a list of targets and it will automatically scan then try to exploit any discovered vulnerabilities. Currently integrates nmap, OWASP ZAP, Crackmapexec, and nuclei.

Inject My PDF: Prompt Injection for your Resume
Some companies use automated screening tools to filter or rank resumes. Kai Greshake shares a tool that injects invisible text into your resume PDF to make any AI LLM that reads it think you are a perfect candidate. Honestly, for a security role, as the hiring manager I’d take this as positive signal 🤣 

1. Is my private data being used to train a global model that the entire customer base would use?

2. What FMaaS (foundational model as a service) providers do you utilize? Do they see my private data? If yes, what’s their data retention and privacy policy?

3. What data are you using to improve your offering?

• TabbyML/tabby – A self-hosted coding assistant. An open-source and on-premises alternative to GitHub Copilot.

• 7 examples + prompts of highly detailed DALL-E 3 images by Chase Lean.

• ReactAgent – An LLM Agent that uses GPT-4 to generate and compose React components from user stories.

Introducing Nuclei v3
A bunch of Nuclei enhancements: Code Protocol (run bash, shell, Python) within a template, template signing and verification, Multi-Protocol Engine (run DNS and HTTP checks within a template), and more.

“The cryptocurrency tracing firm Chainalysis estimated the total sum of those forgotten wallets across blockchains to be worth $140 billion.”

Have questions, comments, or feedback? Just reply directly, I’d love to hear from you.

If you find this newsletter useful and know other people who would too, I’d really appreciate if you’d forward it to them 🙏