[tl;dr sec] #273 – Model Context Protocol + Security Tools, Compromising CodeQL, Red Teaming with ServiceNow

Some recent (semi) #PeakBayArea experiences that stuck out to me:

• In one Uber ride I was picked up by a Tesla X, which has doors that open vertically not horizontally, which reminded me of the Billionaire Doors bit from the TV show Silicon Valley  

• At a random friend’s birthday party, I met a designer who played a role in designing Samsung’s The Frame TV, which is basically a TV that looks like an art picture frame, as well as designed some art that’s in the office of a tech CEO you know the name of.

And shout-out to my friend Joseph Thacker for creating a cool image of a number of InfoSec content creators friends and I, Dungeons and Dragons style  

Join Permiso on Thursday, April 10, at 2 pm ET/11 am PT for a webinar where we will comb through the Rippling lawsuit. He’ll break down how an alleged malicious insider searched for and exfiltrated data like sales pipeline and other sensitive information and how security teams can better detect anomalous activity like this in their own environment. In this 45-minute webinar, you will learn:

• How search logs can show intent of threat actors

• Why insider threats often resemble attacks orchestrated by threat actor groups

• How security teams can better monitor for anomalous behavior in their own environments to detect insider threats early

Santiago-Labs/go-ocsf
By Telophase: A Go library and CLI tool for converting security findings and events from your security tools (e.g., Snyk) into the Open Cybersecurity Schema Framework (OCSF) format.

pocket-id/pocket-id
A simple and easy-to-use OIDC provider that allows users to authenticate with their passkeys to your services.

BSidesSeattle 2025
Coming up April 18-19. Lots of good talks! Check out Maya Kaczorowski’s on “When authn breaks,” Misha and Leif’s talk on “A Blueprint for Branding: Authentic Ways to Establish your Public Persona” (I wish I would have seen this talk before getting a face and lower back tl;dr sec tattoo), and Vasilii’s “Most common vulnerabilities in Github Actions” for the results of scanning 100s of GitHub repos.

I also highly recommend Leif’s excellent blog post on sharing your security work publicly.

New IDC research has revealed top priorities and challenges for security teams in 2025. 

Featuring perspectives from security leaders in the US, Europe, and Australia and sponsored by Tines in partnership with AWS, the white paper explores:

• How AI and automation are shaping security strategies

• The biggest challenges leaders face and what’s holding them back

• Drivers of job satisfaction and dissatisfaction

• Where tooling helps and where it adds to the pain

• What leaders look for when hiring 

Nice, 900+ security leaders is a good sample size. I’m especially curious about how AI and automation are shaping security strategies, and what leaders look for when hiring  

Stratus Red Team – MITRE ATT&CK Coverage by Platform
Stratus Red Team is a tool by Datadog that can “detonate” offensive attack techniques against a live cloud environment so you can validate that your detections work as expected. I’m highlighting here that the docs now provide coverage matrices of MITRE ATT&CK tactics and techniques currently covered for different cloud platforms: AWS, Azure, GCP, Kubernetes, Entra ID, and EKS.

Wiz Vulnerability Database
New site by Wiz for monitoring high-profile vulnerabilities in cloud environments, tailored for security teams and cloud professionals. Allows filtering by technology (e.g. Ubuntu, Wordpress), Linux openSUSE, has CISA KEV exploit, is high profile, CVEs with an exploit from the last 60 days, etc.

Cloud Incident Readiness: Key logs for cloud incidents
Invictus Incident Response provides a guide to cloud logging for incident response across Microsoft, AWS, and Google Cloud. The post ranks logs as must-have, should-have, and nice-to-have, including key log types like Entra ID Sign-in logs, CloudTrail Management events, and Google Admin Activity logs. The post includes real-world incident response examples for each cloud provider, demonstrating how different log types are used to investigate cryptomining, S3 ransomware, and data theft from Google Cloud Storage.

The Director’s Guide: IAM Security at Scale
Google’s Kyle Chrzanowski outlines how to implement an effective, automated Identity and Access Management (IAM) program for large enterprises. Key components include an Identity Provider (e.g. Okta), Identity Governance and Administration system (e.g. Sailpoint), and Directory Service, with automated processes for identity creation, onboarding, privilege management, access reviews, and offboarding. Kyle recommends implementing IGA and getting end-to-end automations in place before migrating huge amounts of users to SSO, and provides a rough timeline for rolling out the IAM tech stack and onboarding applications.

OpenSSF Policy Summit DC 2025 Recap
An overview of different breakout sessions, including links to the breakout notes, for AI & open source security, OSS best practices, regulation, repo & package supply chain security, and looking ahead.

actions/attest-build-provenance
A GitHub Action for generating build provenance attestations for workflow artifacts. Attestations bind some subject (a named artifact along with its digest) to a SLSA build provenance predicate using the in-toto format. A verifiable signature is generated for the attestation using a short-lived Sigstore-issued signing certificate.

The issue: the CodeQL GitHub Action exposed a GitHub token in a workflow artifact that was valid for about 2 seconds, which when stolen allowed an attacker to create malicious branches and tags in the CodeQL repository.

Great, thorough write-up, excellent finding and detailed references to related work. Chef’s kiss   

thalium/rkchk
By Thalium: A Rust-based Linux Kernel Module designed to detect LKM rootkits by leveraging the Linux Rust API and performing various integrity checks and analyses on kernel modules, syscall tables, control registers, and more.

n0tspam/delepwn
A security assessment tool designed to identify and demonstrate the risks associated with Google Workspace Domain-Wide Delegation (DWD) misconfigurations in Google Cloud Platform (GCP) environments.

Red Teaming with ServiceNow
ServiceNow is a cloud-based platform designed to streamline and automate enterprise IT service management (ITSM) and business processes. MDSec’s Tim Carrington describes multiple attack vectors leveraging legitimate ServiceNow functionality, including: abusing Custom Actions to execute arbitrary PowerShell on MID servers and decrypt stored credentials, modifying Discovery scripts to achieve code execution on target systems during scans, and using Orchestration workflows to execute commands on Unix systems and potentially escalate privileges.

Super detailed post on how ServiceNow features can be abused for persistence and lateral movement It’d be neat to see more posts like this for other popular software.

LaurieWired/GhidraMCP
By Laurie Kirk: A Model Context Protocol server for allowing LLMs to autonomously reverse engineer applications, exposing numerous tools from core Ghidra functionality to MCP clients. Features: decompile and analyze binaries in Ghidra, automatically rename methods and data, list methods, classes, imports, and exports.

Security Operations with RunReveal’s MCP Server
RunReveal’s Evan Johnson shares examples of customers using RunReveal’s MCP server to threat hunt (find AWS principals that have tried to assume roles and failed over the last 2 weeks >100 times), doing a deep dive into a GuardDuty alert, and testing and tuning a human-written detection rule.

Giving AppSec a Seat at the Vibe Coding Table
Drew Dennison and Seth Jaksik have built an open source MCP server for Semgrep (GitHub repo), enabling IDE-based MCP clients like Cursor to leverage Semgrep’s static analysis capabilities directly within AI-augmented code editors, allowing LLMs to automatically scan newly generated code for OWASP Top 10-style issues, detect secrets, and apply custom Semgrep rules.

See also this Semgrep rule by Lewis Ardern that will flag any AI instruction (scoped by file path) that contains Unicode characters.

This blog is a good example of, “this is an attack we’ve seen in one domain, let’s apply it to a new technology/domain.” AI coding rules are basically instructions for the LLM (read: code execution), so it’s the same idea as putting malicious commands in a NPM preinstall script as well as  

Please allow me to stroke my security neckbeard for a moment. These Unicode and bidirectional character shenanigans have been around for awhile: see the ‘Trojan Source’ blurb in tl;dr sec #108 (Nov 2021), the follow-up ‘Unicode Chicanery’ section in #109, and the ‘Detecting Malicious Dependencies’ section in #169 (Feb 2023).

Sidenote: it feels weird citing my writing from 4 years ago Back when I was young and full of joy, not a husk of my former self *takes a long cigarette drag*

• Cybersecurity jobs available right now: April 1, 2025

• Self-contained Python scripts with uv – add uv to the shebang line to make it a self-contained executable

• Confession details from Deel’s spy – 5K Euros/month, didn’t know corporate espionage was so affordable  

• Interview with Vibe Coder in 2025  

• Alex Hormozi – 17 Life-Changing Conversations I Wish I Had Earlier

• The Pocket Guide of Essential YC Advice

• Video games that are fun for non gamers – Some of these I hadn’t heard of and seem quite fun.

• Bryan Johnson – Test Your Biological Age For $0 – Some simple physical tests, including: consecutive pushups, sitting down/standing up without using your hands, flexibility, standing on one leg with your eyes closed, reaction time testing, waist-to-height ratio, and grip strength

• High Agency in 30 Minutes – “If you woke up in a third world jail cell and can only call one person to get you out, who do you call?” Excellent deep dive into an important topic- owning your situation and taking action. Includes some epic examples of inspiring folks.

• Convert images (e.g. from OpenAI’s new image gen) to SVG → recraft.ai

• What’s your attachment style? A quiz adapted from the book “Attached.”

• Hinge’s Logan Ury and Scott Galloway join Diary of a CEO to discuss modern dating dynamics, masculinity, and more.

• The Average College Student Is Illiterate – A regional public university professor reflecting on how his students have been changing over time. “Most of our students are functionally illiterate. This is not a joke. By ‘functionally illiterate’ I mean ‘unable to read and comprehend adult novels.’”

• Far-Right Influencers Are Hosting a $10K-per-Person Matchmaking Weekend to Repopulate the Earth

• Secretive Chinese network tries to lure fired federal workers, research shows – “The news agency’s attempts to track down the four companies and Smiao Intelligence ran into numerous dead-ends including unanswered phone calls, phone numbers that no longer work, fake addresses, addresses that lead to empty fields, unanswered emails and deleted job listings from LinkedIn.” … “the network seeks to exploit the financial vulnerabilities of former federal workers affected by recent mass layoffs.””

Have questions, comments, or feedback? Just reply directly, I’d love to hear from you.

If you find this newsletter useful and know other people who would too, I’d really appreciate if you’d forward it to them