[tl;dr sec] #291 – Build a GuardDuty Triage Agent, Scaling Netflix’s Threat Detection Pipelines, Claude for Security Review

Hey there,

I hope you’ve been doing well!

Hacker Summer Camp

Once more, hackers have descended onto Vegas for our annual Hacker Summer Camp pilgrimage.

I hope you enjoy the talks, meet some new friends, and enjoy free food and drinks (party list).

Today I’ve mostly been sequestered, writing you this letter from my hotel room on the first floor, where I can pause between words, stare poignantly off into the distance, and look out the window and see staff taking out trash to the nearby dumpster.

I’ll try to write more of a round-up next week, but some highlights so far:

  • Driving an excavator and using it to dig a hole is surprisingly fun and calming.

  • Omega Mart is wacky and surreal, highly recommend.

  • Meeting Thomas Roccia for the first time in person after being a fan of his AI + threat intel research for a while. Super nice guy!

  • Making friends through the ever popular Tori Westerhoff (head of Microsoft’s AI Red Team). Say hi to her if you get the chance.

  • Catching up with friends like Matt Johansen, Nico Waisman, Angelo Prado, and many more.

P.S. If you want to say hi, I’ll be at Semgrep’s Black Hat booth #5221 today (Thursday), and at Level Up in the evening, probably 8:30pm+.

Sponsor

📣 The Illusion of Mitigation: Why HTTP/1.1 Must Finally Die

PortSwigger’s James Kettle just unveiled his latest research with a provocative call to arms at Black Hat USA and DEF CON.

Introducing entire new classes of desync attack, Kettle exposed vulnerabilities in core infrastructure, including multiple CDNs, compromising over 25 million websites and earning $200K+ in bug bounties in just two weeks.

Mitigations aren’t solving the problem; they’re hiding it and, in fact, often making things even worse. More mass-scale exposure is inevitable. This threat is systematic, prevalent, and poses a critical risk to even the most mature organizations.

👉 Find out more 👈

James Kettle is an absolute web security legend, and has given so many epic Black Hat talks. This is his latest research, which everyone will be talking about shortly. I can’t wait to dig in. 👆️ 

AppSec

What’s Your Secret?: Secret Scanning by DeepPass2
SpectreOps’ Neeraj Gupta describes DeepPass2, a secret scanning tool that combines regex rules (via Nosey Parker), a fine-tuned BERT model, and LLM validation (flagged passwords and the surrounding text chunk are sent to Claude Sonnet via Bedrock). The post contains some interesting details around using foundation models (OpenAI, Claude) to generate training data, fine tuning the BERT model, and edge cases like “easy” passwords not being flagged (e.g. “ILoveMyCity”).

💡 As previously covered, see also Wiz’s How We Fine-Tuned a Small Language Model for Secret Detection in Code.

Stop Leaked Credentials in Their Tracks with Veles, Our New Open-Source Secret Scanner
Google’s Kevin Dungs, Charl de Nysschen and Sarah Lucas announce Veles, an open-source secret scanner, implemented as a new standalone module within Google’s OSV-SCALIBR ecosystem, that currently identifies Google Cloud Platform (GCP) API keys, GCP service account keys, and RubyGems API keys. Veles is being integrated into deps.dev as well as Google Cloud’s products.

💡 I wish the blog would also address why they’re releasing a new secret scanning tool when dozens already exist, several of which already support 100s of secrets and validating them. Licensing? OSV-SCALIBR integration? Speed? Precision? Someone needed a promotion?

Why XSS Persists in This Frameworks Era?
Given the widespread adoption of frameworks that handle XSS and other vulnerabilities by default, why does XSS still happen? GMO Flatt Security’s canalun gives a great overview of potential reasons with examples, including:

  • Data that was assumed to be safe was, in fact, not.

  • A custom sanitizer was bypassed, or an open-source sanitizer was used incorrectly.

  • The framework’s built-in defense mechanisms were not used correctly or were intentionally avoided.

  • The implementation contained a sink that was outside the framework’s protection scope and not protected against.

  • A library’s specifications were misunderstood, leading to incorrect usage.

Sponsor

📣 Take Control of User Access with WorkOS

As your app grows, managing “who can do what” becomes complex. Hard-coded roles and scattered permissions slow you down and fail to meet enterprise demands for fine-grained access.

WorkOS RBAC is the fastest way to implement structured, scalable permissions. Define roles, group permissions, and update access for entire user groups in a single step. With developer-friendly APIs, a powerful dashboard, and native integrations for SSO and Directory Sync, WorkOS gives you enterprise-grade access control out of the box.

👉 Integrate RBAC with WorkOS 👈

As a security consultant, I saw a number of home rolled authorization implementations that had evolved heavily over time, were quite complex, and often buggy. RBAC is surprisingly hard to do well, but quite important 👍️ 

Cloud Security

IAM SAR-ry: Deep Dive and Nuances of AWS’s Programmatic IAM Action List and Service Authorization References (SAR)
In 2024, AWS released programmatic service reference information available in a JSON format. Previously, tooling that needed to programmatically retrieve information about IAM actions had to scrape Service Authorization Reference (SAR) web pages or use other indirect sources. In this post, Fog Security’s Jason Kao compares AWS’s new programmatic IAM action listing to info scraped from SAR pages, finding a number of inconsistencies. See this GitHub repo for more.

Cloud Threat Horizons Report – H2 2025
New 27 page report from Google Cloud Security. Some highlights:

  • Most common initial access vectors: weak or absent credentials (47.1% of incidents), misconfigurations (29.4%), API/ UI compromises (11.8%).

  • Financially motivated threat groups are increasingly targeting backup systems as part of their primary objective.

  • Advanced threat actors are leveraging social engineering to steal credentials and session cookies, bypassing MFA to compromise cloud environments for financial theft.

  • Google has taken steps to harden Chrome Extension supply chain security: To combat threat actors using compromised OAuth tokens to bypass MFA and inject malicious code via automated CI/CD pipelines, Google has introduced

    Verified CRX Upload controls.

Aren’t AWS Cloud Investigations the same as On-Prem?
Chester Le Bron describes how EC2 instance compromises differ from on-premises server investigations, highlighting key differences in AWS, including:

  • EC2 instances can easily be made public-facing with minimal configuration, unlike typical on-prem servers behind firewalls.

  • EC2 instances have associated IAM roles that can grant broad AWS API access, enabling rapid post-compromise privilege escalation and lateral movement.

  • After initial compromise, attackers can operate entirely via AWS APIs without leaving host-based artifacts, making CloudTrail logs critical for investigation.

  • Data exfiltration can occur via AWS services like S3, bypassing network monitoring. VPC flow logs alone are insufficient to detect exfiltration.

Container Security

Kali Linux & Containerization (Apple’s Container)
You can now run Kali Linux on macOS using Apple’s new containerization framework. Note the “troubleshooting” section at the bottom for a few known limitations.

Introducing KubeForenSys: A Kubernetes Forensic Collection Framework for Azure Kubernetes Service (AKS)
Invictus Incident Response introduces KubeForenSys, an open-source tool for enhancing incident response capabilities in Azure Kubernetes Service (AKS) environments. The tool uses the Kubernetes API to generate a single, comprehensive timeline that brings together events, container logs, RBAC changes, and suspicious pod activity, even when proper logging was not fully configured. KubeForenSys pushes this data to a Log Analytics workspace, where it can be queried using KQL.

Kubernetes security fundamentals: Networking
Datadog’s Rory McCune continues his series, in this post discussing Kubernetes network security, focusing on network policies for controlling pod-to-pod communication. He explains how all pods can communicate by default, and demonstrates how to implement ingress and egress rules using Calico Container Network Interface (CNI) in a kind cluster, showing how to restrict access between namespaces and allow specific traffic patterns. The post also covers best practices like starting from a “default deny” position and considering both ingress and egress rules to prevent unauthorized access.

Blue Team

vulncheck-oss/0day.today.archive
Repo by VulnCheck containing a preserved archive of exploit data originally hosted on 0day.today which was a long-running public repository of exploits and shellcode hosting hosted tens of thousands of PoCs for vulnerabilities affecting a wide range of platforms.

cisagov/playbook-ng
By CISA: A stateless web-based application used to match incident findings with countermeasures for adversary containment and eviction. The interface ingests MITRE ATT&CK™ TTP IDs or free text describes threat actor activities on compromised assets and provides a corresponding list of recommended response actions.

Scaling Netflix’s threat detection pipelines without streaming
Zack Wilson shares lessons learned from implementing the “Psycho Pattern” at Netflix, a hybrid batch/real-time threat detection pipeline using Spark, Kafka, and Airflow. Zack shares a number of technical challenges operating at that scale, but I think the real interesting takeaway here is that they spent 6 months rewriting a pipeline that was already good enough:

“The first rookie mistake was to chase a real-time approach without asking what the real problem to solve was. It turned out that latency wasn’t the bottleneck. Signal quality was.

Ask better questions. When someone says they want faster pipelines, what they often mean is better data. Don’t just ship quicker results. Ship better ones.”

AI + Security

Initial results from a large scale run of Google’s Big Sleep
H/T Google’s Amanda Walker. So far ~21 bugs in imagemagick, ffmpeg, redis, QuickJS, and more.

anthropics/claude-code-security-review
An AI-powered security review GitHub Action using Claude to analyze code changes for security vulnerabilities. The Anthropic team has also shipped (X thread) a /security-review Slash command for Claude code. The prompt used appears to be here.

💡 Exciting times in AI for code review, Cursor also released Bugbot recently.

💡 I would love to see more benchmarks/evals of all of these approaches 👀 

Cost of a Data Breach Report 2025: The AI Oversight Gap
31 page report from IBM featuring Ponemon’s research based on studying 600 organizations impacted by data breaches between March 2024 and February 2025. Some stats: Global average cost of a data breach: $4.44M. Added breach cost for shadow AI: $670K. Cost savings from extensive use of AI in security: $1.9M. Average cost of malicious insider attacks: $4.92M. Number of breaches involving AI-driven attacks: 1 in 6.

You Don’t Need a Vendor to Automate Security Questionnaires
Marco Lancini explores three approaches to automating security questionnaires using AI: SaaS vendors, custom RAG systems, and direct use of ChatGPT/Claude. He finds SaaS solutions lacking and recommends either building a custom RAG system (example repo by Adan Alvarez) or using ChatGPT/Claude directly with a well-structured knowledge base and prompt.

The Agentic Threat Hunter
Sydney Marrone argues that traditional threat hunting is struggling to keep up with modern attack volumes and automated adversaries, proposing a shift to “agentic threat hunting.” These AI systems can autonomously generate hypotheses using threat intel and behavioral patterns, collect and correlate data across tools and time windows, run parallel investigations, and more.

Sydney offers practical steps to implement agentic hunting (no $$ platform or vendor required), including: start treating your hypotheses like code, start pairing with AI to accelerate the boring stuff, build a unified data view, automate the repetitive, set guardrails of what agents can do before you scale.

Building an AWS GuardDuty Alert Triage Agent
Dakota Riley walks through creating an AI agent to triage AWS GuardDuty alerts, built with PydanticAI, Pydantic Logfire (observability), and foundation model APIs. The agent has access to a number of tools (get GuardDuty alert, get CloudTrail events for resource name or identity), uses them to classify alerts (malicious, red team activity, non-malicious, inconclusive), and outputs structured assessments including alert details, conclusion, timeline, investigation actions, and evidence.

💡 I like this post a lot: it shows how a single person can hack together a useful prototype, and a number of practical lessons learned, like how the agent was much better able to use specific, targeted tools (get_cloudtrail_events_for_identity) vs broader ones (get_cloudtrail_events).

Uncovering memory corruption in NVIDIA Triton (as a new hire)
In Will Vandevanter’s first month at Trail of Bits as an AI/ML security engineer, he found two remotely accessible memory corruption bugs in NVIDIA’s Triton Inference Server. He found the bugs, caused by unsafe alloca usage in HTTP request handling, with Semgrep, and determined they could be triggered via chunked transfer encoding to crash the server by sending many small HTTP chunks.

💡 Wiz’s Ronen Shustin and Nir Ohfeld also discovered a critical vulnerability chain allowing unauthenticated attackers to take over Triton using an information leak in the Python backend’s error handling and then abusing the shared memory API for arbitrary read/write access.

💡 Obligatory Simpsons reference: Triton right now.

Misc

AI

Feelz

Misc

✉️ Wrapping Up

Have questions, comments, or feedback? Just reply directly, I’d love to hear from you.

If you find this newsletter useful and know other people who would too, I’d really appreciate if you’d forward it to them 🙏

Thanks for reading!

Cheers,
Clint
@clintgibler


Powered by beehiiv

Read More

Related Posts

Scroll to Top