[tl;dr sec] #280 – Hardening GitHub Actions, Uber’s Multi-Cloud Secret Management, Prompts are the New IOCs

Modern bots are smarter than ever—executing JavaScript, storing cookies, rotating IPs, and even cracking CAPTCHAs with AI. As attacks grow more sophisticated, traditional detection just isn’t enough.

Enter WorkOS Radar—your all-in-one bot defense solution. With just a single API, you can instantly secure your signup flow against brute force attacks, leaked credentials, and disposable emails. Stop bots in their tracks and keep your real users safe.

SCIM Hunting – Beyond SSO
Doyensec’s Francesco Lacerenza describes vulnerabilities in SCIM (a standard for automating the provisioning and deprovisioning of user accounts) implementations, highlighting potential issues like auth bypasses, unwanted user re-provisioning, internal attribute manipulation, and verification bypasses. The post provides concrete examples of bugs found in real-world SCIM implementations, including unauthenticated SCIM operations in Casdoor, privilege escalation via group ID manipulation, and email verification bypasses.

Phishing despite FIDO, leveraging a novel technique based on the Device Code Flow
Dennis Kniep describes a novel Device Code phishing technique that dynamically initiates the flow as soon as the victim opens the phishing link and instantly redirects them to the authentication page. A headless browser automates this by directly entering the generated Device Code into the webpage behind the scenes. This defeats the 10-minute token validity limitation and eliminates the need for the victim to manually perform these steps. Dennis released a proof-of-concept targeting Azure Entra users.

The cryptography behind passkeys 
Trail of Bits‘ Joop van de Pol examines the cryptography behind passkeys, the guarantees it does and doesn’t give, how WebAuthn works, types of authenticators and their pros/cons (“platform” like iCloud Keychain/1Password, “roaming” like YubiKeys), and a threat model. WebAuthn prevents password reuse and breach risks as the website only has a public key and an identifier associated with your account (no username/password that can be leaked or re-used), and addressing phishing through origin binding- your authenticator only uses a passkey when the website making the request matches the website that made the passkey.

I enjoyed the Threat Model section, which describes scenarios that passkeys don’t solve, like:

• Browser-based attacks: If your browser is compromised by malware or a malicious extension, it could display “attacker.com” to you while actually sending your authenticator a request to sign for “google.com.”

• Compromised authenticators: A counterfeit hardware key, backdoored authenticator software, or malware that impersonates your OS’s built-in authenticator could secretly extract your private keys.

Before investing in new tools, make sure your security operations are built to scale. This quick-read blog from Intezer lays out 12 thoughtful questions every CISO should ask to assess SOC maturity and AI readiness. Whether you’re looking to close visibility gaps, automate triage, or justify AI investments, this checklist will help you cut through the hype.

Nice, these are some good questions to assess your SOC maturity level across a number of areas. Made me think  

Cloud Pentesting or Just Scanning? Let’s Talk.
Sena Yakut discusses the differences between cloud pentesting and vulnerability scanning, emphasizing that true cloud pentesting involves things like exploiting misconfigurations in cloud services like S3 buckets, finding privilege escalation paths, and exfiltrating data from cloud data services, not port scanning, finding web sec. Recommendations: understand the target architecture, consider leveraging CSPM tools for context, make sure to master IAM, build a home lab, and more.

The post nicely walks through a number of challenging areas and how they handled them, including enabling secret auto-rotation and deletion, facilitating secret exchange with third-party vendors, and how they scaled the secrets program company-wide.

Great example of security engineering, excellent read  

Root in prod: The most important security analysis you will never do on your AWS accounts
Plerion’s Daniel Grzelak on how to identify and visualize who has root-equivalent access in AWS environments, which often reveals unexpected privilege sprawl The post provides Python snippets to list AWS accounts, identify prod environments, check databases and S3, find principals with AdministratorAccess, and identify SSO administrator users. Note that there are also many other privileges that effectively grant root-level powers, like iam:* on the right resources, data privileges like s3:* or rds:* , and more. Daniel then walks through mapping out trust relationships between roles and visualizing the results using Mermaid.

“Let’s make some pretty pictures together. Not the kind that end up in your Hidden Album.”  

Betterment/claws
By Betterment’s Omar Biggle et al: A static analysis tool to help you write safer Github Workflows. Inspired by rubocop, Claws’ rules are simple Ruby classes that contain expressions describing undesirable behaviors.

• Configuring GitHub: Organization-level settings (set read-only default Workflow permissions, limit Actions to verified Actions and an allowlist, …), branch protection, secrets management.

• Safely writing workflows: Explicitly set permissions: {}, prioritize Verified and GitHub-created (action/ and github/) Actions, pass secrets into the Step level env, only where needed, avoid common Workflow vulnerabilities.

• Safely running workflows: Avoid self-hosted runners where possible, prefer using OpenID Connect (OIDC) to long-lived secrets.

• Allow only specific runner labels (e.g., self-hosted runners) in select repos

• Enforce allowlists for internal or third-party GitHub Actions

• Prevent an attacker from creating a new workflow to exfiltrate credentials

• Block the use of workflows with known compromised GitHub Actions

Generally I don’t include non-OSS product announcements, but I think this is a hot area right now, and you can use this for inspiration if you want to build something similar internally.

okta/customer-detections
By Okta: A collection of detection rules for security monitoring and detailed descriptions of log fields used for threat analysis within Okta environments.

A python in disguise: unpacking PyInstaller malware on macOS
Jamf’s Allen Golbig and Thijs Xhaflaire describe how attackers are using PyInstaller to package Python-based infostealers into standalone macOS executables, evading detection. The post walks through static and dynamic analysis of a sample, including showing how to detect if the binary was created with PyInstaller (file, strings, lipo, xxd), doing dynamic analysis (eslogger, Red Canary Mac Monitor), and unpacking and decompiling the malware using tools like Pyinstxtractor and PyLingual.

GOst in the Protocol: Hunting Ligolo with JARM Fingerprinting in the wild
Necromancer Labs describes how to identify and verify Ligolo redirection proxy servers on the Internet using JARM fingerprinting (an active TLS fingerprinting tool) and a custom Ligolo agent. They discovered three distinct JARM signatures for different Ligolo versions, with one sharing a signature with Sliver C2. Recommendations for red teamers: do not expose your Ligolo proxy to the Internet. For blue teamers/researchers: probably don’t connect to foreign Ligolo servers, “they are probably APTs or threat actors.”

Shout-out to the authors for their incredible restraint in not naming the post or a released tool JARM + Ligolo → Jigolo.

dmcxblue/Claude-C2
By @dmcxblue: An MCP Server to communicate with your Command and Control (C2) using a Python server that creates endpoints to manage tasks and output that Claude can communicate with. It utilizes a Powershell client for communicating back to the C2 Server.

Meitar Pinto vibe coded a similar thing using Lovable, called PowerGPT– an LLM-based C2 system that uses a PowerShell client to execute tasks, allowing users to run scripts and commands on a target machine using natural language prompts.

Why Prompts Are the New IOCs You Didn’t See Coming!
As previously called out in tl;dr sec, Anthropic recently released a nice post discussed how threat actors were using Claude (influence-as-a-service, coding, recruitment fraud, etc.). In this post, Thomas Roccia argues that these sorts of write-ups should include the threat actors’ prompts, and proposes the concept of “LLM TTPs” to classify adversarial techniques involving prompts and AI models.

He then shows how NOVA, a prompt pattern-matching tool designed specifically to detect and hunt adversarial prompts, can be used to detect likely prompts for an influence-as-a-service operation, novice malware development, etc.

Can We Stop Documenting Our Detections?
Gary Katz analyzes whether AI can effectively document security detections by comparing LLM-generated documentation to human-written docs for a subset of Elastic’s detection rules using GPT4o (LLM as judge). He found ~46% of human-created investigated steps overlapped with LLM-generated ones, while ~58% of the LLM-generated investigative steps overlapped with human ones. On average, humans provided more detailed, non-generic investigative steps (3 vs 1.74). See the analysis code on GitHub.

I love to see people evaluating the effectiveness of LLMs in different security tasks and releasing the dataset and code (reproducibility ftw ). It seems like these initial results indicate that (in this current implementation), LLMs aren’t quite as good as humans at generating docs from detections, but can still be useful. With additional orchestration and/or prompt iterations, I bet these stats would improve even with the same models.

1. If someone told you that you’re a lot like your partner, would this be a compliment to you?

2. Are you truly fulfilled, or just less lonely?

3. Are you able to be unapologetically yourself, or do you feel the need to show up different to please your partner?

4. Are you in love with who your partner is right now as a whole, or are you only in love with their good side, their potential, or the idea of them?

5. Would you want your future child to date someone like your partner?

Have questions, comments, or feedback? Just reply directly, I’d love to hear from you.

If you find this newsletter useful and know other people who would too, I’d really appreciate if you’d forward it to them