Sabitlenmiş Tweet
Thoughts & SecOps/IR workflows for Agentic AI: sudorem.dev/blog/agentic-a…
This mostly just consolidates a heavy period of "mess around" I've been in with AI into some tangible takeaways and real world systems.
English
Rem
277 posts
Rem
@sudo_Rem
Staff Tactical Response Analyst @HuntressLabs | @SANS_EDU Alumni | Python Security Researcher
Katılım Mayıs 2023
343 Takip Edilen835 Takipçiler
This time, we venture into RedSun, BlueHammer, and UnDefend!
huntress.com/blog/nightmare…
As always, it's a pleasure to work with @RussianPanda9xx; banger work by the SOC crew @wbmmfq and @Curity4201 that helped document and raise the flag on this internally as well!
English
@AikidoSecurity PyPI did fairly well in this regard-- "Trusted Reporters" are an internally delegated group that have the ability to trigger 'Quarantines' with their reports to the PyPI Reporting API, which prohibits the package from installation until cleared by a human administrator.
English
The malware we detect in npm packages takes an average of 13 days before npm takes it down 🤯
And that's if they take it down at all.
English
Everyone talks about AI, but nobody talks about the nightmare of naming AI-generated RATs, backdoors. There are so many of them, and they are constantly changing...
English
Rem retweetledi
#AIForBlueTeam - Day 27!
Today I'm dropping a new tool 🔧
fishbowl is a containerized credential auditing perimeter for AI coding agents. It wraps Codex/Claude Code in Docker and audits credential access via eBPF.
Check out the git repo ( link below ) for more information and log samples.
English
Rem retweetledi
Inspired by @Antonlovesdnb #ClaudeForBlueTeam, I wanted to use Claude for something productive & helpful, I decided to make Web extension that blocks clickfix, replaces clipboard content and alerts the user.
joshallman.co.uk/posts/shipping…
github.com/xorjosh/ClipSh…
English
Sometimes I think we, as a security community, fail to recognize that our research and insight has far reaching consequences beyond the product we're selling.
It's important to acknowledge that one person's novel research could be the difference in some small mom & pop that realistically couldn't buy/afford [your | a] security product; and the security outcomes they may experience in an incident.
I'm not saying it's wrong to hold your cards close to your chest-- it's your research. But there's often more on the table than profit or attribution.
Gotta' stay in business to keep the research going, but LLM's training on my materials, detections, rules, etc., is a good thing imo-- makes the content more available to everyone.
Florian Roth ⚡️@cyb3rops
I’ve deliberately not published blog posts on useful detection ideas and rule-writing methods because I didn’t want LLMs to absorb them. So those ideas stayed private and were shared only with a small group. I doubt I’m the only one making that call. And that probably has consequences for the community over time - not just ours, but any community.
English
Be cool if more philanthropic organizations got involved in OSS security. Not saying I don’t understand why you’d want to make money off of supply chain security— but it’s obviously so far reaching that it can kind of defacto be considered “public use”.
I pay something like $3000/yr to try, but even then, we’re just getting outpaced by the sheer quantity of threats that exist in OSS.
Detection engineering against an entire OSS ecosystem is a nightmare of false positives and brittle assumptions.
English
Also @LiteLLM immediately went public, transparently, and is even doing a webinar, to talk about lessons learned.
I haven’t heard shit from aqua nor checkmarx. When they should be role models about how to handle incidents. Instead they show us what NOT to do.
English
Charlie's coverage of the AquaSec/Trivy breach and related activity has been phenomenal, highly recommend checking it out if you've been living under a rock.
Charlie Eriksen@CharlieEriksen
The payload from CanisterWorm/TeamPCP isn't exactly subtle about its intent.
English
This is cool, did something similar today and pointed Claude at API docs to get a CLI tool bootstrapped. This probably would've saved some time.
shawn@shawn_pana
I've stopped downloading CLI tools. Agents can call APIs directly. aurl allows agents to understand and use APIs. > curl for humans → aurl for agents > API docs as --help flags and SKILL[.]md files pass in an API spec, agent instantly learns new tools
English
Enterprise tier SAST and DAST seem very likely; kind of like a bolt on CodeQL/Dependa/Semgrep. I mean-- these products already exist, they're just third party developed. Would make a lot of sense for Anthropic/OpenAI to target that margin directly-- a lot of that training data can be weaponized anyway for competitive advantages over each other.
Would be interested to see if they ever start to target MDR/EDR vendors, many of which are already essentially just wrapping these LLM's anyway, at least to some degree.
I imagine the enterprise security space becomes 'How do we feed Claude/Codex the fewest tokens possible to get the maximum security effect?' to aid in cost margins until it collapses into LLM/AI companies taking more of the broad ecosystem on.
English
Apparently high confidence that the model providers will become security vendors. Given the capital they can leverage, I agree. There’s probably better profit margins there for them.
What will they sell? definitely sast, probably enterprise tiers with improved data handling guarantees, DLP and monitoring. Maybe also orchestration frameworks with containerization and runtime monitoring. Maybe also dast (smart crawlers? Automated pentest style, like xbow)
solst/ICE of Astarte@IceSolst
Will Anthropic have a booth at RSAC or BH in 2027 promoting their security offering?
English
What kind of changes would you advocate for? (Or alternatively put, as a professor where are you seeing shortfalls between what students are leaving you having learned, and where they're struggling in the industry.)
(Not trying to put you on the spot here, genuinely curious, I noodle over training a lot, and often come up blank with ideas beyond just... labs and lecture, at least in the operations/IR side.)
English
I teach security and the gap is real, but it’s not just incompetence. The industry hires people into security roles and then gives them almost no structured training path. We shouldn’t be surprised when the average skill level reflects that.
English
The “research Twitter” slice of security is tiny. Most people in security aren’t doing exploit dev or vuln research — they’re doing risk, governance, incident response, operations, etc. Calling the whole workforce incompetent because they aren’t researchers misses how the industry actually works.
solst/ICE of Astarte@IceSolst
There’s an astronomical skill gap between good security people, and the rest. There’s no mid. Accounts you see posting their research here are absolutely cracked, it’s not the norm. When you go out and talk to security folks that don’t go to conferences, don’t read up on research, you realize- holy shit. They have no fucking clue. The majority of the cybersecurity work force is absolutely incompetent. It’s partly why vendors can come up with inane bullshit as marketing material and it works on many CISOs. If you’re reading this, you’re most likely 1000x the skill level of the average person. Like I cannot emphasize enough how low the bar is when the sample size is the entire industry.
English
Python's abuse for DLL sideloading reached its "pinnacle" in Nitrogen's use of Python 3.11 in its 2024 malvertising campaigns. Rapid7 has a really good writeup about it here: rapid7.com/blog/post/2024…
If you're into DLL sideloading/hijacking, the security community's chief export for research and detection of these seems to be hijacklibs.net
Important nuance: this isn't really a Python vulnerability. The legitimate `python311.dll` is signed, and `Python.exe` isn't spidering around odd places to look for this DLL. (It follows standard DLL search order convention.)
The issue is adversaries dropping their own Python runtimes alongside malicious DLLs. It's a low-friction execution container that tends to blend in if you're not explicitly looking for it.
Same same for ADNotificationManager.exe, DLPUserAgent.exe, or WerFault.exe, unfortunately. Where we once may have looked at unsigned binaries executing, we now need to look at signed binaries loading unsigned modules or running from unusual locations as a more effective methodology.
English
@RussianPanda9xx @sudo_Rem Posting about "DLL sideloading"
+
tagging @sudo_Rem with "Python Security" in profile
=
*python.exe* abused for DLL sideloading
at least since 2026-02-05
easy to spot on VT by unusual / illegitimate
filenames (& exec parents)
virustotal.com/gui/file/a3e5b…
English
We promised and we delivered 🔥 Teamed up with my Binja (IDA supremacy but we don't need to talk about that rn 😂) buddy @sudo_Rem 💙 to exorcise this lil Demon 😈
From the spam bombing and fake Outlook patches all the way down to the Havoc Demon. DLL side-loading, Hell's Gate, Halo's Gate... detours... this one had it all. Go give it a read 👇
Rem@sudo_Rem
🧑💼"Your Outlook has an issue. Let me help you fix it." @HuntressLabs Threat Hunting and Tactical Response teams join forces to open new pages on an old playbook, leading to custom Havoc agent deployment via sophisticated DLL side-loading. huntress.com/blog/fake-tech…
English
Special thanks to @RussianPanda9xx for being my reverse engineering buddy and taking on the daunting task of working through the Havoc Demon capabilities while I lost my mind with the DLL payloads.
English
Adversaries leverage e-mail spam bombing, personal cellphone numbers, fake Outlook patches, and novel DLL side-loading cradles using to evade detections. But that's not all. Microsoft Detours, Hell's Gate, and highly obfuscated functions await us inside this demonic campaign. 👿
English
🧑💼"Your Outlook has an issue. Let me help you fix it."
@HuntressLabs Threat Hunting and Tactical Response teams join forces to open new pages on an old playbook, leading to custom Havoc agent deployment via sophisticated DLL side-loading.
huntress.com/blog/fake-tech…
English
@RobTerrin @IceSolst It's important to give back to the broader community IMO. Technical blogs are but one way of doing that-- pulling back the curtain on some tradecraft or malware and letting other people weaponize that information as well.
English
@IceSolst That's fair! I think the difficulty with technical blogs is often they are true or impressive but not very useful to real organizations.
English
“How should cybersecurity companies do marketing?”
Just look at @HuntressLabs and @ThinkstCanary:
- hire fantastic people
- publish blog posts to show off real, nuanced research
- no theatrical clickbait bs
- don’t put lamp shades on heads
- word of mouth does the rest
English