Francis Alexander

NoSQL Exploitation Framework v2.0 Released , Added features, github.com/torque59/Nosql… #MongoDB #couch #redis #hbase #nosql @OpenSecurity_IN

@decodebytes I see btw, I saw from the documentation that After apply(), there is no way to expand permissions. The sandbox persists for the lifetime of the process and all child processes. /tmp/myapp-<session-id> would not work with nono in that case right ?

@torque59 The answer is: don't grant /tmp. Grant /tmp/myapp-<session-id>/ instead. But nono isn't a guest/host isolation layer; plenty already do a good job there (Kata, Firecracker). This is granular, OS-enforced resource control over what an agent may or may not access.

Containers and microVMs solved a well-defined problem: process isolation between workload and host. They are best in class for host/guest isolation, resource constraint and environment isolation. Industry transformative and nothing less. The mistake is assuming the same specialism solves the new problems that agents present. An agent is not a workload to isolate, it's far more nuanced. It is an autonomous decision-making system operating , sometimes on your behalf, at runtime, against often sensitive material, in ways that cannot be fully anticipated at launch time. Placing it in an isolated environment and considering the security problem solved because the host is protected and the guest is isolated is not enough. The agent needs access to sensitive resources to do its job, and those resources require protection as well. When the agent needs capabilities beyond its initial grant, it requires a secure, mediated channel to request them. Without one, privilege elevation becomes a path that bypasses the very isolation boundary you depended on. Existing primitives enforce boundaries. They do not enforce intent, auditability, or runtime access control over an actor whose behaviour is non-deterministic by design. Nono is built on a different premise: the sandboxed process is untrusted by construction, and capabilities are granted dynamically under explicit oversight, enforced at the kernel level, and recorded with immutably. The supervisor is the mechanism that realises this, and its nono's superpower. The supervisor runs outside the sandbox, intercepts every file access syscall via seccomp-notify, and mediates every access decision before it reaches its entity. The agent never executes its own calls. Privilege elevation requests are trapped, approved over a secure verified channel, and fulfilled via direct file descriptor injection. The audit trail and access gate - is not an instrumentation on top of execution. It is direct in the execution path. API credentials never enter the agent's address space. Files can be cryptographically attested, right back to the source code - before the agent even reads or executes them. And the best bit of all, already have a container orchestration system in place, well nono runs quite at home in either a container or a microVM - belt, braces, and a safety harness. This is not a tightening of existing primitives or a repurposing of previous tools. It is an approach purpose-built for a new era. nono.sh #AgenticAI #Security

@dguido @trailofbits Are there plans to add skills for AI specific threat modeling or threat modeling in general ?

The non-public @trailofbits internal skills repo has: - 59 plugins - 140 skills - 66 agents - 81 helper scripts - 34 workflows - 18 defined commands - 3 hooks ... covering every part of our consulting lifecycle x.com/dguido/status/…

@ZackKorman Definitely observability and detection. Also wouldn't it be better to just manage the MCP servers, especially with enterprise controls available for claude ?

If I were a CISO at an org full of devs running Claude Code, I’d focus super hard on observability and detection. Use Claude hooks to pipe audit logs to a server you control, and run frequent AI jobs on those logs to look for problems (eg malicious MCP servers).

@mitchellh no vscode was hurt 🤣

I severely underestimated how many people have heard this sound before because it's the same sound their laptop makes whenever an Electron app spins up. My mistake.

4 Chained zero days and to top it of ML to detect what pictures/documents are relevant to them. Operation Triangulation is quite interesting. Vid: youtube.com/watch?v=7VWNUU…

@JustJake @LinkedIn @JustJake You can actually verify employment linkedin.com/help/linkedin/…, It's current enabled for selected companies only though , with plans to expand.

Does @LinkedIn, the 26B company, not have a fucking way to verify employment? Am i taking crazy pills?

I'm kicking off a series of blog posts about interesting vulnerabilities I've found and responsibly disclosed over the years, starting with a complex chain of vulnerabilities leading to XSS on accounts.leagueoflegends.com back in 2016: @bored.engineer/xss-on-account-leagueoflegends-com-via-easyxdm-2016-75bcf9d582b5" target="_blank" rel="nofollow noopener">medium.com/@bored.enginee…

I made a website: leaky.page

I never thought I would experience a XSS on Google Search. But @kinugawamasato blew my mind! This is a video going over the difficulties of sanitizing HTML in JavaScript. youtube.com/watch?v=lG7U3f…

The awesome @WEareTROOPERS badge

Finally wrapped up writing on an interesting distributed tracing helper which I initially built in #python and then had to rewrite in #golang tunnelshade.in/blog/2018/12/r…

@ronenshh m 87,

Here is my writeup on how I solved the express-yourself challenge from the #35C3 CTF. github.com/r0nen/ctf/tree…

@ajinabraham i think they named it as Workers as a Service (WaaS)

@torque59 A nifty use of V8 Isolates, should call it CaaS: Coroutine as a Service

blog.cloudflare.com/cloud-computin… Should change a bunch of things in the serverless world.

CVE-2018-10933

Learn to pentest the modern stack including continuous build & deployment tools, message brokers, configuration & resource management systems, and distributed file systems from end-to-end in #BHEU Training w/ @torque59 & @tunnelshade_ ow.ly/jAre30lWMI6

Intel PT and it's usage in Hongfuzz - tunnelshade.in/blog/2018/09/h…

VirtualBox VM escape - CVE-2018-2844 PoC exploit - voidsecurity.in/2018/08/from-c…

Garfield: An offensive attack framework for Distributed Layer of Modern Applications github.com/torque59/Garfi…