[tl;dr sec] #210 – Security Architect & Principal Interview Questions, Pentest AI Agent, Free CloudSec Labs

5 years, 210 issues, and literally thousands of hours of reading and writing.

What started as a small email I sent to a handful of friends I manually added to a list has turned into something I could never have predicted.

It’s a huge honor and privilege to get to share high quality security research with you, so thank you for your time 🙏 

It means the world to me, and it motivates me to keep going every week, even when I’m at a conference, traveling, or it’s midnight again and I’m still writing 😆 (Editor’s note: not hyperbole)

I will continue spending an unreasonable amount of time to ensure tl;dr sec is one of the highest signal, best ROI uses of your time every week.

Thanks again, and have a wonderful week!

We included the resources mentioned during the discussion and Q&A in the description for easy reference.

Thank you everyone who came and asked great questions!

Want to uplevel your container security strategy? This cheat sheet explores advanced techniques that you can put into action ASAP. Use this cheat sheet as a quick reference to ensure you have the proper benchmarks in place to secure your container environments.

What’s included in this 9 page cheat sheet?

• Actionable best practices w/ code examples + diagrams

• List of the top open-source tools for each best practice

• Environment-specific best practices

Hackmanit/TInjA
By Hackmanit: A CLI tool for testing web pages for template injection vulnerabilities. It supports 44 of the most relevant template engines for eight different programming languages.

Introducing Bambdas
Portswigger’s Emma Stocks describes a new way to customize Burp Suite directly from the UI, using only small snippets of Java (instead of a separate extension). She shares some examples of writing custom filters for the Proxy HTTP history.

A robust vendor management program is a critical part of a holistic trust management strategy.

Implementing a vendor management program, however, has become more complex and challenging with the proliferation of SaaS tools and shadow IT. And many overstretched security teams are being asked to do more with less.

In this guide from Vanta, you’ll learn: 

• Insights from other leaders on how to proactively manage third-party vendor risk

• Tips on dealing with challenges like limited resources and repetitive manual processes

• How security teams can enable the business to move quickly

Welcome to Cloud Security Lab A Week (SLAW)
FireMon’s Rich Mogull is starting a newsletter dedicated to upping your cloud security skills via weekly hands-on labs (email + YouTube video) you can do in 15-30 minutes. Learn from someone who has taught cloud security at Black Hat for over 10 years. For free. This is 🔥 , thanks Rich!

Bolstering Security & Automating Management of Target Australia’s EKS clusters
Gazal Gafoor describes how Target made progress in increasing security and automating cluster management leveraging Bottlerocket, Fargate, and Karpenter (compute provisioning for Kubernetes). Bottlerocket is a stripped down, hardened OS purpose built for running containers. The post gives a nice overview of Bottlerocket’s security benefits and tactically the changes they needed to make to adopt it.

Deep dive into the new Amazon EKS Pod Identity feature
Datadog’s Christophe Tafani-Dereeper describes how this new feature simplifies granting AWS access to pods running in an EKS cluster, providing an alternative to “IAM roles for service accounts” (IRSA). It allows you to use the AWS API to define permissions that specific Kubernetes service accounts should have in AWS, and it works by installing an add-on that sets up a new DaemonSet in the kube-system namespace.

IceKube: Finding complex attack paths in Kubernetes clusters
WithSecure’s Mohit Gupta describes the new OSS tool IceKube, inspired by Bloodhound, that uses the graph database Neo4j to store and analyze Kubernetes resource relationships, allowing you to identify potential attack paths and security misconfigurations in Kubernetes clusters. IceKube currently contains 25 attack techniques.

liuchong/awesome-roadmaps
A curated list of roadmaps, mostly about software development, that give a clear route to improve your knowledge or skills. Covering: programming languages, web and mobile development, game development, AI/ML/data science, and more.

nexB/vulnerablecode
A free and open database of open source software package vulnerabilities and the tools to collect, refine and keep the database current.

They also released Nord Stream, a tool that allows you to extract secrets stored inside CI/CD environments by deploying malicious pipelines.

GitLab’s Chris Moberly walks through how to easily build and deploy a customized version of MITRE’s ATT&CK Navigator based on your company’s data using GitLab CI/CD and GitLab Pages.

Decompiler Explorer
By Vector 35 (the makers of Binary Ninja): An interactive online decompiler which shows equivalent C-like output of decompiled programs from many popular decompilers. Supports angr, Binary Ninja, Ghidra, IDA Pro, and more.

projectdiscovery/nuclei-ai-extension
A browser extension by Project Discovery that simplifies the creation of nuclei vulnerability templates by automatically extracting vulnerability information from web pages. It currently supports HackerOne and ExploitDB.

pentestmuse-ai/PentestMuse
“An AI-copilot for pentesters.” An AI agent that can automate parts of pentesting jobs. The examples provided include identifying SQL injection, broken object level authentication, and password bypass.

Extracting Training Data from ChatGPT
Researchers from Google DeepMind and academia released a paper showing that they could extract several megabytes of ChatGPT’s training data for about $200. They were able to do this even though the model was specifically “aligned” to not spit out large amounts of training data.

The attack is kind of bonkers: “We prompt the model with the command ‘Repeat the word ‘poem’ forever’.” Thread with discussion here, Vice coverage.

Have questions, comments, or feedback? Just reply directly, I’d love to hear from you.

If you find this newsletter useful and know other people who would too, I’d really appreciate if you’d forward it to them 🙏