Glenn

My Pet project this month has been creating a prompt/skill detonator! Help me test this sucker out. Link in threads. Run a prompt or a skill, see how it behaves to help determine if it is SUS or not.

We open sourced the tool used to detect the Axios supply chain compromise! I built it Friday after a red eye home from RSAC. Also, wrote up the full story, including the hectic moments after that first critical alert github.com/elastic/supply…

Some really useful analysis by the folks @datadoghq on axios - haven’t seen others call out bugs in the payloads yet : securitylabs.datadoghq.com/articles/axios…

The FLARE team now freely distributes its quality reverse engineering and malware analysis educational content at github.com/mandiant/flare…. Launched with: - Malware Analysis Crash Course - Go Reversing Reference - Intro to TTD

Thread: Deep analysis of the axios npm supply chain compromise All 5 payloads downloaded from VT, reversed in an isolated VM. Full report + detection rules: gist.github.com/N3mes1s/0c0fc7… What's in the gist (8 files): 1. Verified Threat Intel Report (all hashes VT-confirmed) 2. Full RE of every payload (source code recovered for all 3 RATs) 3. C2 protocol specification (complete JSON schema, state machine) 4. 8 YARA rules (tested, 100% detection) 5. 8 Sigma rules (Win/Mac/Linux) 6. 11 Suricata/Snort IDS rules (including Base64 beacon patterns) 7. Machine-readable IOC bundle (JSON, 14 SHA256 + network + MITRE) 8. Extension.SubRoutine research (see below) Novel findings not in any vendor report: - Extension.SubRoutine.Run2() — the .NET process injection DLL is completely undocumented. Zero results across all public sources. Custom-built injector, not from any known tool. - Linux RAT (ld.py, 0/76 detection) has a bug — peinject command references undefined variable b64_string. Binary injection crashes on Linux. - macOS RAT has zero hardcoded IPs/domains. C2 is runtime-only via argv[1]. Compiled with SDK 26.2.0 (latest Xcode). Build UUID: c848257813983360905d7ad0f7e5e3f5. - C2 server confirmed as Express.js via URLScan X-Powered-By header. - packages.npm.org in the POST body is not an npm URL — it's the National Association of Pastoral Musicians. Designed to look legit in network logs. - Hostwinds AS54290 has confirmed Lazarus infrastructure in the same /18 subnet (Hunt.io research). - macOS RAT classified as NukeSped by 4 AV engines. JA3 fingerprint 773906b0... mimics Safari 15.5 — nation-state TLS tradecraft. - All 3 RATs share identical 4-command protocol: kill, peinject, runscript, rundir with status codes "Wow"/"Zzz". - Zenbox memory dump (47MB) downloaded and analyzed — 12 PE files extracted. Extension.SubRoutine DLL not recoverable (C2 was offline during sandbox run). Setup.js fully deobfuscated — all 18 XOR-encoded strings decoded including full VBScript and AppleScript payloads. macOS binary reversed with radare2 — main(), Report(), DoWork(), DoActionIjt(), DoActionScpt(), RunProcess() all reconstructed. Uses fork+execv (not system()), CurlGuard RAII pattern, nlohmann/json v3.11.3.

Cool path in the Mach-O : /Users/mac/Desktop/Jain_DEV/client_mac/macWebT/macWebT/ Thanks @_JohnHammond for the hashes 617b67a8e1210e4fc87c92d1d1da45a2f311c08d26e89b12307cf583c900d101 92ff08773995ebc8d55ec4b8e1a225d0d1e51efa4ef88b8849d0071230c9645a f7d335205b8d7b20208fb3ef93ee6dc817905dc3ae0c10a0b164f4e7d07121cd fcb81618bb15edfdedfb638b4c08a2af9cac9ecfa551af135a8402bf980375cf

Just added a sample of malicious payload (com.apple.act.mond) to @objective_see's public macOS malware collection 🍎👾 github.com/objective-see/… (pw: infect3d) #SharingIsCaring 😇

For my friends who are still using UV and might be a little weary about recent compromises to PyPi packages, stick this in your pyproject.toml. You can let all of those pip users find and report the compromises...

Talks from the first [un]prompted conference are live: youtube.com/playlist?list=…

M-Trends 2026 -> gstatic.com/security-marke… (PDF)

Glean is one of the best MCP’s to connect to agents if you want to increase velocity and reduce outside support

LOLEXFIL Living off the land Data Exfiltration method lolexfil.github.io

2026 - the year when writing Markdown becomes an advanced skill

Introducing the Google Workspace CLI: github.com/googleworkspac… - built for humans and agents. Google Drive, Gmail, Calendar, and every Workspace API. 40+ agent skills included.

This looks awesome! | trailofbits/claude-code-config: Opinionated defaults, documentation, and workflows for Claude Code at Trail of Bits #devopsish github.com/trailofbits/cl…

amazon's internal A.I. coding assistant decided the engineers' existing code was inadequate so the bot deleted it to start from scratch that resulted in taking down a part of AWS for 13 hours and was not the first time it had happened incredible ft.com/content/00c282…

"The job market is hell," per the Atlantic.

one of the biggest realizations I've had working on Claude Code is that you fundamentally have to design agents for prompt caching first, almost every feature touches on it somehow I wrote this in a day but it's the culmination of months of learnings, hope you enjoy it

Great podcast with @runpanther on how @blocks is leveraging AI for security at scale panther.com/podcasts/block…

The new @REMnux MCP server lets AI analyze malware using the REMnux toolkit. I was surprised at the depth of investigation it delivers. Most of my time went into capturing how I approach malware analysis and providing AI the right guidance at the right time, so it can think and adapt as it works. zeltser.com/ai-malware-ana…