I hope you are doing well. It has been a while since our last issue, but hopefully, you've missed us. We have decided to make some changes to our newsletter… but I won’t spoil the surprise for you. Discover it for yourself!
As always. sit comfortable and enjoy today’s newsletter with a cup of coffe ☕️ .
Feel free to reach out to me if you are experiencing any issues with today’s issue!
🧰 Gsec — A web security scanner and exploitation engine based on custom scanners and Nuclei templates.
First Account Abstraction wallet vulnerability
Fireblocks' Oren Yomtov discusses an ERC-4337 account abstraction vulnerability in the Unipass smart contract wallet, which allowed for a full account takeover and draining of funds. Fireblocks worked with Unipass to mitigate the vulnerability and patch all the vulnerable wallets by being the first to exploit the issue.
How to Create a Web3 Security Incident Response Plan
Halborn's Rob Behnke delves into the essentials of formulating a plan to respond effectively to emergency situations in Web3. He covers everything from identifying scenarios that qualify as security incidents, to defining critical roles, evaluating security threats through live debugging sessions, implementing defensive security measures, and conducting post-mortem analyses to gather information for vulnerability disclosure statements, among other topics.
Detect transitive access to sensitive Google Cloud resources
P0 Security' Komal Dhull describes transitive access issues in Google Cloud when users with certain permissions authenticate as service accounts, gaining unintended access to all the IAM resources tied to those accounts. Komal details the IAM permissions enabling this access, detection methods and how to identify risky service accounts.
Introduction to AWS Attribute-Based Access Control
NCC's Rennie deGraaf provides an introduction to Attribute-Based Access Control (ABAC) in AWS. The article explains how ABAC differs from traditional Role-Based Access Control (RBAC), how to use tags to implement ABAC and some of its current limitations.
Detection of Inbound SSO Persistence Techniques in GCP
Google's Peter Solagna discusses the detection of inbound single sign-on (SSO) persistence techniques in Google Cloud Platform (GCP), focusing on monitoring and identifying the creation or update of SSO profiles, workforce identity pools, and workload identity pools using GCP logs and log sinks.
How to Traceroute Kubernetes pod-to-pod Traffic
Globant's Alain Reguera explore the intricacies of Kubernetes networking and delves into the fundamental principles and mechanisms that govern pod-to-pod communication within a cluster. The article focuses on the Kubernetes networking model within the context of VirtualBox's default networking layout.
🧰 localtoast — A scanner for running security-related configuration checks such as CIS benchmarks in an easily configurable manner.
Everything I'll forget about prompting LLMs
Hrishi Olickel shares an in-depth look at using efficient prompts instead of fine-tuning LLMs. Hrishi provides various strategies for creating well-structured prompts that can enhance output reliability and reduce costs, while delving into areas such as understanding prompt complexity and prompt structure
Welcome to the Offensive ML Framework
Adrian Wood shares this amalgam of tactics, techniques and procedures (TTPs) on different offensive ML attacks encompassing the ML supply chain and adversarial ML attacks. Adrian has divided the framework into three main categories, OffensiveML for red team purposes, AdversarialML to cover attacks against ML and Supply Chain Attacks which encompasses attacks on unique ML upstreams.
Increasing transparency in AI security
Google's Mihai Maruseac, Sarah Meiklejohn and Mark Lodato share two new ways to make information about AI supply chain security universally discoverable and verifiable, so that AI can be created and used responsibly. The authors describe in this article how ML model creators can protect against ML supply chain attacks by using SLSA and Sigstore.
Exploiting the iPhone 4
Phillip Tennen shares a 6-part series on building a jailbreak for iOS 4, focusing on bypassing traditional development tools by exploiting a boot ROM vulnerability. Philllip delves into some of the technical challenges he faced.
🧰 pandora — A red team tool that assists into extracting/dumping master credentials and entries from different password managers, including Windows 10 desktop applications, browsers, and browser plugins. By Efstratios Chatzoglou.
🧰 OffensiveGo — Offensive tools and utilities rewrote in Golang that can be used by red teamers during an engagement
Ransomware & Data Extortion Landscape
Orange Cyberdefense's Simone Kraus provides an analysis of ransomware groups' defensive evasion techniques, focusing on the LockBit ransomware group's use of specific tools for disabling or modifying security tools. The author emphasizes the importance of developing robust detection methods and monitoring various data sources, such as command execution, driver loads, and Windows Registry Key modifications, to detect and prevent ransomware attacks.
Legitimate Exfiltration Tools
Synacktiv's Nathanael Ndong discusses the evolving threat landscape and the use of legitimate administration tools by threat actors for data exfiltration. Nathanael also provides detection methods and artifacts to identify the presence and use of these tools.
🧰 Aftermath — A free macOS incident response framework.