Risky Business - Risky Business #841 -- Microsoft gets owned and 0day'd
Episode Date: June 10, 2026On this week’s show special guest co-host Chris Wade, the founder of Corellium turned Cellebrite CTO, joins Patrick Gray and James Wilson to discuss the week’s cyber...security news. They cover: Microsoft has repos owned, GitHub tokens popped, and a new 0day dropped on them Meanwhile, researchers are choosing full disclosure instead of engaging MSRC Meta’s AI support agent allowed a staggering 20,000 accounts to be stolen! Apple pulls Russia’s MAX messenger from the App Store and disables notifications Anthropic gives the public our first Mythos-class model but it won’t do cybersecurity work Stripe and Google Tag Manager used in eCommerce website hack campaign And much, much more! This week’s show is brought to you by runZero. HD Moore, runZeros’ founder, drops by in this week’s sponsor interview to talk about the AI vibe shift. Everyone is very worried about getting owned all of a sudden, and it’s really changing the cybersecurity business. This episode is also available on YouTube. Show notes Microsoft Hacked to Deliver Malware to Claude and Gemini Users | 404.feed.press Researcher publishes GitHub token-stealing exploit, blames Microsoft’s disclosure process | therecord.media Microsoft Defender 'RoguePlanet' zero-day grants SYSTEM privileges | BleepingComputer Microsoft breaks Patch Tuesday record with 206 vulnerabilities | CyberScoop chompie1337 | X WhatsApp says NSO targeted users with spearfishing attacks in violation of court order | therecord.media Over 20,000 Instagram accounts stolen in Meta AI support hack | BleepingComputer New Apple feature automatically changes your compromised passwords | BleepingComputer Apple removes Russia’s state-backed messaging app Max from its store | therecord.media Exclusive: Anthropic's Mythos can exploit new flaws in hours | Anthropic’s new model is Mythos on a leash | CyberScoop Anthropic Offers Mythos Upgrade for Cyber Partners and a ‘Safe’ Version for the Rest of You | wired.com OpenClaw AI agent found falling for phishing attacks, spills user data | BleepingComputer OpenAI unveils Lockdown Mode to protect sensitive data from prompt injection attacks | TechCrunch Security Hands on with Intelligent Terminal, an AI-powered Windows Terminal | BleepingComputer Seeking Counsel: Ongoing Targeted Campaign Against US Law Firms | Mandiant Check Point warns of zero-day flaw targeted by ransomware affiliate | Cybersecurity Dive ServiceNow discloses security incident exposing customer data | BleepingComputer Credit card theft campaign abuses Stripe to host stolen payment info | BleepingComputer CrowdStrike, Palo Alto Networks defy estimates as AI fuels cyber demand | Cybersecurity Dive The U.S. Military Quietly Turned GPS Into a Global ‘Numbers Station,’ Evidence Suggests | 404.feed.press New 'HTTP/2 Bomb' DoS attack crashes web servers in under a minute | BleepingComputer Google has quietly cut staff across its Cloud business | businessinsider.com
Transcript
Discussion (0)
Hey everyone and welcome to risky business.
My name's Patrick Gray.
This week's show is brought to you by Run Zero,
and we'll be hearing from Run Zero's founder, H.D. Moore,
later on in this week's sponsor interview,
and we'll be talking about the vibe shift underway,
thanks to AI, making everyone a little bit jumpy.
You know, simple controls, things like Discovery products like Run Zero,
they're becoming very cool again.
There's definitely been a vibe shift,
and yeah, he's going to join us in chat all about that a little bit later on.
Adam Bailo is not with us this week.
He's going to be back in the show next week.
So we've got a guest co-host this week
in addition to James Wilson, my colleague, who joins me now.
But yes, Chris Wade joins us now.
These days he serves as the CTO of Selbright,
but he's probably best known as the founder of Corellium,
which allows you to virtualize iOS.
This is very useful in exploit development.
So useful, in fact, that Corellium was sued by Apple.
for offering this product, a lawsuit that actually went Chris's way, and the rest is history.
So Chris Wade, welcome. Thanks for joining us.
Thanks for having me on, Patrick. It's good to be here.
Now, I should mention, too, Chris is also based not too far.
For me, splits his time between the United States and Australia.
He is actually from a town in Australia called Moolumbah, which is about an hour's drive
for me and happens to be on my way to the Gold Coast, where I have to go for various things
every now and then.
So I do stop by Chris's pub, actually, because like any good Australian who made it big overseas, he returned to Australia and bought his local pub.
Very nice spot if you're in Mo Willembar, do stop by, grab yourself a Schnitzel and a schooner.
But guys, let's get into this week's news now.
And James, the first story we're going to talk about this week is a bunch of Microsoft repos, GitHub repos got owned, right?
and like we're pushing malware, this seems not great.
And I believe like one of them, it was like the second time it got owned.
So now they've like, they haven't just like rolled back to a previous version of the repos.
They've like just completely blocked those repos from showing anything at all.
Is that about it?
That's about it.
It's a very strange response from Microsoft to literally just shut down these repos.
And amusingly, if you go to the repos, it actually says this repo has been canceled because it violated our terms of service.
I'm like, hmm, okay.
But the sort of backstory that's interesting here is that we're talking about 70 repos,
and you're right, one of the repos, it was compromised for a second time,
and there's this thing called durable task.
It's a Microsoft framework for basically describing a task you want done,
you know, multi-turn agent kind of stuff, and it goes and reliably gets it done.
But the thread that's sort of been pulled on here is that that was compromised first by Team PCP,
then, you know, supposedly remediated and everything's fixed.
to it,
but somehow, it along with these other 70-odd repos
got compromised again,
and I think it's telling
that Microsoft's response
is not just roll back
to a known good version
of the repo and lock it down,
but just to pull them entirely
because, you know,
if repos have been popped once
and you think you've remediated
and they've come back again
for a second time,
it really does make you wonder,
okay, what did we miss
in the remediation the first time?
They thought they evicted them,
and then there was like,
this happened and it's a mystery.
That's what it says to me, right?
Yeah, we don't know how this happened.
100%.
And then one thing to be mindful of is that the Git can really muddy the waters here.
There's ways you can go deep into the Git internals through API access and actually forge a lot of the details.
So the article does actually point out that it could well be that it wasn't that account either the first time or the second time was compromised,
but someone might have made it look like it was.
So we don't quite know.
Yeah, and Microsoft is just having an absolute shocker of a week.
Just as we were preparing last week's show, someone published this like GitHub stealing exploit,
and they published it as O'Day.
You actually did a tear down on this bug and you like.
Yeah, I did. I love the research behind it.
So let's start with the premise.
If you're on GitHub.com and you're viewing a repo,
turns out you can actually just change that URL to be GitHub.dev or use the little
drop-down in the UI.
And that spawns a cloud-hosted version of VS code, which is, of course, the reality when it's
an electron app.
And so it can easily be a website as well.
But here's the interesting thing GitHub does.
They mint a personal access token for you, very helpful,
so that that cloud version of VS code can do all things that it might need to do in GitHub,
including raise pull requests.
But they mint the token not scoped to the repo that you're looking at,
but essentially scope to any repo that you have access to on your account.
So the researcher realized this and then basically sat down and went,
hmm, how can I get that token out through some really nifty way?
And what they discovered is, and they do call this out, that the VS code implementation is quite good in the way it uses iFrams and in the app separate web views to create those security boundaries and there's some good use of like no content source, etc.
But to have a good user experience, you need those iFrames to be able to talk to each other for things like handling keyboard shortcuts, right?
Imagine if my keyboard shortcuts only worked if I was clicking on the keyboard shortcut bar.
It wouldn't work, right?
So they found that the plumbing for keyboard shortcuts goes between all these eye frames and bubbles up to the core process.
And then this is the bit I love using a series of built-in as well as deploying their own keyboard shortcuts programmatically,
they're able to basically keyboard shortcut their way into installing a malicious arbitrary package without user intervention.
That package runs some JavaScript pops out that GitHub token and that's it.
Your account is owned at that point.
Yeah, I mean, it's just, it's just nifty hacks, right?
Like, it's, it's nifty.
And look, this isn't the only O'Day to get dropped on them,
just breaking just before we hit record,
or like an hour before we're recording this,
is the Nightmare Eclipse, the research persona known as Nightmare Eclipse,
has dropped ODA, LPE,
the grant system privileges on Windows machines running Defender.
It's a race condition, like, it's a bad bug, and it's O'Day,
and I just am glad I don't work on the team,
memes at Microsoft who are responsible for maintaining this product because that's a tough thing to
explain to your customers who are running Defender that they just keep getting ODAID over and over
and over and over again. And, you know, this comes just some wider context here. Microsoft has
just dropped its biggest ever patch Tuesday. That's 206 Volns. No doubt fueled by AI discovery
of security vulnerabilities, excuse me. And, you know, they're just, they're just a bad time to be
Microsoft basically, but you feel you get the impression they're actually bringing a bunch of this on themselves, right?
And I think a good example of that is they are at the moment reaching out, like MSRC is like reaching out to researchers who are scheduled to speak at conferences and asking them if they're planning on dropping O'Day, which is like, who are you to be sending that email in the first place?
Chris, I want to bring you into this because, you know, you've been around.
exploit development, vulnerability research for a long time.
You must see this and get, I'm guessing you have the same reaction as me, right?
Which is there's two reactions here.
First of all, like this is just insane from Microsoft.
And second of all, what year is this?
Apple was doing this as well.
They would email researchers and say,
hey, can we give you feedback on your presentation before you give it at Black Hat?
I think there's an interesting kind of side effect to this in that a lot of people don't really
get along with Microsoft's security team.
And I don't think this promotes open dialogue,
especially given that it was an automated request, right?
Like he'd used AI to send these requests.
Yeah, it actually says so.
In the email, it's like, I used AI to send this, to automate it and whatever.
Like, really, like, if you work at MSRC doing, like, researcher outreach,
do you really think tasking your, like, open claw to go and hassle people,
like, automatically is a good use of time?
Like, what are you doing?
Yeah, I'm sure that's going to make researchers really want to talk to you more, right?
Yeah, so James, any thoughts on this one?
No, look, like you said, it's a bad time to be Microsoft, but also Microsoft is making it a bad time to be Microsoft.
Like right now with the AI bug apocalypse, you should be wanting the most, you know, open arms, open mind sort of relationship with the community out there to just try to get any sort of heads up on all these bugs that are coming out.
but instead they just seem to be dug so far in
and making themselves thoroughly unpleasant to work with.
Yeah, now I should mention also,
it's not just Microsoft that's smashing records
with its patched Tuesdays.
Like, I've seen similar headlines around Google
in the last week, I think it was.
And, you know, we already saw Firefox patching hundreds of bugs recently.
Interestingly enough, James,
like someone actually wrote in with a link to a paper
that they claimed proved that C programs
all contain unlimited vulnerabilities.
because they managed to create a C program that would contain unlimited vulnerabilities.
I think the stretch in the paper was that that means that all software contains infinite vulnerabilities or something.
But anyway, we're not going to patch our way to glory here, I think, is the idea.
Now, look, moving on to a different topic, and a big news story this week is WhatsApp says that NSO group is back up and running and targeting WhatsApp users.
with spearfishing attacks, they have a court injunction that says NSO is not supposed to be doing this.
Obviously, this is going to go to court and these allegations will be tested.
But like, I guess while we got someone who's from this rough, you know, ecosystem here, Chris, you know,
not that I'm saying you're affiliated it anyway with NSO, but, you know, you do have customers in that space.
I mean, I'm kind of surprised NSO is still around.
Do we hear much about them these days?
like, do you know, do you know anything about what they're up to?
Like, is there anything to say here?
No, I honestly, the lawsuit updates are the only thing I've heard about NSO recently.
They do appear to be still in business, but I'm just as shocked as you as after everything.
They're still there.
Honestly, I'm shocked that they still have vulnerabilities because I imagine that a lot of their
staff left, but they're chugging along, it appears.
Now, last week we spoke about how Instagram accounts were getting owned.
with Instagram accounts were getting owned because people were targeting the chat support agent to do password resets.
And we thought, gee, that's really dumb.
Like, ha, ha, ha.
We got the headline this week that that impacted over 20,000 accounts, which I got to admit, I was like, that's a lot of accounts, right?
That is really a lot.
And you would hope that a company like Meta might notice after, say, I don't know, a thousand accounts got owned that way.
You would think there would be some signals that would enable them to stop this.
James, what do you even say here?
Yeah, what do you even say?
You know, look, boss, here's the dashboard showing our new support agents doing great.
It's done 20,000 account recovery so far.
It's like, yeah.
Look, I was thinking about this after we talked about last week,
and I think the thing that this comes down to for me is it's the scale of the problem
that they're trying to solve that makes it a tempting thing to do with AI.
Like when I was at Apple, sort of 2014 era, when a new iPhone drops,
the support center would be seeing 700,000 plus account recovery attempts per day from people
that have unboxed their phone and can't remember their ICloud password.
So the scale of the problem is huge.
It's expensive to deal with when those requests are getting to humans.
So of course, what do you try to do?
You try to get AI.
But the difference between Apple's process and Metas is that Apple's is very deterministic and
it's policy-based as to how you can and if you can even recover an account.
But, you know, when you and I were chatting, Pat, it sounds like Metas process.
is, to be fair, very, very subjective.
And the moment there's any sort of, you know,
subjectivity or human decision-making
involved in an account recovery process, that's bad.
And if you're then allowing an AI to also operate in that space
that is, you know, non-deterministic by nature,
it's just, it's not going to work out.
So, well, I mean, that's the thing, right?
They just took all of the problems that they had.
Because I've described this situation as like a dog's breakfast,
you know, prior to AI, even being a thing,
you know, the way meta handles accounts,
particularly Instagram accounts is just insane.
And they've just taken like a really bad process that was human driven
and made it a really bad process that's AI driven.
And you'd like, of course it's going to be a disaster.
Yeah, so now it's at a larger scale.
Good job.
Yeah, exactly.
Turbo charge, the fail.
But I mean, this is why I, you know, when Twitter sort of imploded, right?
And Musk took it over and like a bunch of people left.
This is why I never went to threads.
This is why I had never done a single post on threads is because like you could
build up an account there.
you're going to lose it. Now, obviously, Meta now offers some of these services,
you know, Meta Premium or whatever where you can pay a fee to not get owned as easily,
I think is like kind of how it works, which I think is actually not a bad idea.
But yeah, I just think they really need to get it together here because it is just, yeah,
it is just nuts. And the processes are bad. And, you know, this, I guess I got a front row
seat to a bunch of these because I did know someone whose account got taken over.
And I did take it to Meta PR, not because I'm trying to like do a favor for a mate,
but because I was really like, okay, here's an opportunity to find out more about like what's going on in this incident.
And the answers that came back to me were just crazy, right?
Just absolutely crazy when you find out how people are actually taking over these accounts.
And the fact that meta's processes for dealing with the exceptions when someone really has had their account stolen are just woefully inadequate.
So yeah, no surprises on this one at all.
Now look, this piece about Instagram dovetails really nicely with this next one that we're going to be talking about, James,
which is about this new Apple feature, which I think is very, very interesting.
The idea is it's going to determine.
So a lot of browsers can already tell when you're using a exposed or out-of-date password or a weak password.
But what Apple's going to do is take it one step further and agentically, automatically go and change your password if you are using an exposed or weak password with some sort of online service.
I think this seems like a terrific idea that's probably going to be a net benefit.
But then you think, unless they make a mistake here, in which case, this is.
is going to be an absolute disaster. I think Apple seems to do stuff pretty carefully. I mean,
you work there for a long time, so I'm guessing you're going to have an opinion here. You know,
what do you think here? Yeah, look, I agree with the base premise. This is a, this is a good
feature, right? I mean, we've had the passwords out for a while. It lists your known compromise
passwords, but I just don't think people do anything with that at that point. Yeah, and I'm assuming
this is going to be an LLM-based agent sort of thing and it's going to sort of look at the sign-in flow,
find the change password or I forgot my password, go through that.
Maybe it looks at your inbox and it can see the verification link.
So look, it feels like the ingredients here in this problem space are ripe for something to be
automated here.
When I saw this though, I thought about my own use of iCloud keychain.
I mean, I've been using that as my password manager since forever.
So if an agent crawls through there and suddenly goes and reactivates like decades of accounts
that I've let just go inactive, I am going to have a real bad time.
So, yeah, hopefully it's opt-in and off by default.
But I think, yeah, net positive for users in general.
I reckon they'll probably rig it up so that it just applies to creds as you use them.
You know, I mean, that's the way a lot of these features tend to use.
But you don't know, right?
Like, that's the thing.
Yeah, we don't know.
We've done something crazy.
Chris, do you got any thoughts on this?
I mean, I think it feels like a positive, but there's definitely potential for stuff to go wrong.
I don't know. It depends on what sort of guardrails that Apple has. I don't know how this works,
but I'd be interested to see what protections are in place for this not to be hijacked or abused.
I know that I'm agree with you, it needs to be off by default because I'd be really annoyed
if suddenly all my passwords, old passwords were changed and broke a bunch of other systems that
aren't Apple-based. But yeah, it'll be interesting to see how it goes in the beta.
I'm going to give it a shot over the next few weeks and see how it goes.
Now we've got an interesting bit of news where Apple, staying with Apple, they've actually removed Max Messenger from the app store.
So Max Messenger is the government messaging client that's kind of like Kremlin telegram, right?
So the idea is it's like they're trying to come up with their own sort of Wii chat thing.
So this makes it very friendly, it's very surveillance friendly, right?
So the Russian government can look at everyone's messages and all of that.
It's also extremely vulnerable technology.
You know, it being banned from the store, I think, is really bad news for the Ukrainians,
who seem to love Max Messenger because, and they want as many high-ranking Russians using it as possible,
because it's apparently a cakewalk to get access to it.
But I guess the interesting thing is here, the interesting thing is here that Apple, I'm sorry,
has not just kicked it out of the store, but they're also suspending the delivery of notifications for Max,
which effectively renders it a dead app on the phones of people who already have it installed,
which according to the digital development minister in Russia,
that's 20 million Russians who are apparently using iPhones with this messenger installed.
I mean, this is really a setback for the Kremlin.
Yeah, and it's, I mean, there's multiple sort of layers of interesting information
that comes to light when you look into this.
Of course, you know, 20 million iPhones in a region where iPhones are not sold is quite incredible.
there's also all sorts of restrictions
around how you can use the app store
even if you do manage to get one of the iPhones in Russia
like for example you can't fund a balance
on there from a credit card
so it's already obviously an area
that Apple heavily restricts and sees
is one of their key levers
that they can pull when they're not happy about something
now they've been as Apple would be
they've been cages as to why they did this
I think they just cited well because sanctions
you know and then the press are like
which sanctions and they're like look over there
squirrel
run away in a puff of dust, right?
I mean, it is funny also the blocking of the push notifications,
because presumably that means that you can still launch the app
and you can still see your messages,
but this is heavily degrading the overall utility,
I guess, of a messaging application when you're not getting push notifications.
Yeah, they haven't killed it. They've just made it dead, right?
Yeah, exactly. Yes.
Yeah, so this is an interesting thing.
And it does turn out that, you know,
even though Apple has suspended the sale of iPhones in Russia,
there's like this huge gray market for them
where they get transship from third countries and whatever.
And, you know, we were looking into it.
You and I both were looking into, well, hang on,
how were people buying stuff on the app store?
And it turned out Apple actually in April this year suspended the ability of people to buy things
on their store.
And you're thinking, well, hang on, there was already no Visa and MasterCard access.
So how are they doing that previously?
We're thinking probably there's like iTunes gift cards in a gray market or maybe, you know,
like Visa, you know, prepaid Visa or whatever.
Chris, have you ever looked into this sort of whole ecosystem of
grey market iPhones in Russia?
No, but it would explain why scammers always want Apple gift cards, like iTunes gift cards, right?
That's where I always wanted why, like they always want you to put money on Apple gift cards.
I wondered where they went.
Maybe they're ending up in Russia.
Yeah, that's actually, you know, I guess that's possible.
All right, now, look, here's one that I want to talk to you about, Chris, which is some work out of mythos,
sorry, some work out of Anthropic, where they've said that mythos is now reversing patches to back into exploit,
within a few hours and like you know you drop $2,000 on tokens and you get like a
functioning Windows kernel bug based on a patch. This is a big deal because you know
previously we've thought oh okay you know there can be you know you got a bit of time before
you need to patch a bug before someone's going to be able to reverse it from the patch
and and be to be able to exploit that now it looks like with contemporary LLMs people
could just dump the patch into a model and get an exploit out the other side
This obviously changes things.
I mean, we're talking about this news in the same week that Ruby Gems introduced a dependency cooldown feature
so that you don't automatically bring the latest dependencies in because that's dangerous because of supply chain attacks, right?
So I kind of feel like we're being squeezed into a damned if you do, damned if you don't situation.
But, you know, 31 minute patch to exploit pipelines seems like it's going to be a pretty bad slash dire thing for enterprise security.
Like, what's your take there, guy?
It's interesting.
The thing that jumps out is the cost to me, right?
I think it was, was it $2,000 in tokens?
Yeah.
Yeah, I think they spent $15,700 in API credits,
and it generated a whole bunch of stuff.
Across 18 security patches,
they wound up with eight functioning exploits for that spend.
So about $2,000 per exploit.
Yeah.
So it's definitely lowering the cost for exploits.
I don't think in the $2,000,
they didn't get a reliable exploit, right?
So that's a very different thing, actually building reliable exploits first, quick and easy.
So for sure, there's going to be people who only care about quick and dirty, right?
They can spend $2,000, get an exploit, they can exploit a bunch of machines.
It doesn't matter if it crashes, you know, 10 out of 100 machines.
But for, like, government players, they're going to need reliable exploits.
So I think this is people are easy, really quick to say, AI can build exploits.
I'm specifically talking about mobile here for a second, but it's a very different thing to go from
building an exploit faster and cheaper to building reliable exploits.
And I don't think we're there even close to that with Bithos and Fable yet.
Now, speaking of the money, James, you know, you and I were talking about this and you were saying
that like $2,000, like actually that's quite a lot of tokens.
So from the perspective of getting a functioning exploit, that's a bargain.
But you were like, Dan, that's also a lot of tokens that they're burning there.
where do you think those tokens went?
Yeah, well, it does say that I think they were taking 5.7 hours for the longest exploit to be found.
So that's a lot of time, a lot of tokens.
And you've got to imagine that that's not human going back and forth,
but it's a harness, it's some sort of loop that is either systematically stepping through the code bases,
maybe it's sort of a layered approach.
Like I, for myself at the moment, I find both with Codex and Claude,
that the best use of them is not, hey, can we go,
develop this one-shot thing or hey go do this it's actually take a step back and explain
the broader context of what you want to do and then set it up and say okay now I want you to
iteratively step through every single step at the end of each step do your reviews etc
and it gets a much higher quality result but yeah it's it's not cheap and it uses the tokens
are plenty now Chris just mentioned this but the latest uh the latest uh the latest
anthropic model is out fable uh so we see you're seeing a bit of a theme here mythos and fable and what's
next, you know, tall tale, legend, furphy, fib. But yes, they have released their latest model.
It is Fable Five, and it is guardrailed up the absolute wazoo. You know, Chris, you were saying,
you've seen some people bypassing it, but James, you actually tried this morning to get it to
actually just do like a security review of a pull request, and it was like, whoa, blocked,
oh, hacker, hacker alert, whoop. Yeah, the guardrails, it must be like a maybe a five-line
if statement, I think, because it's a true.
triggers on pretty much anything that could be, would be, should be smells or even vaguely resemble
cybersecurity. And also chemical and biological. And interestingly, another thing that the guard
rail specifically gets tripped up on is any attempt to extract the reasoning. So they're obviously
very concerned about the distillation aspect of this as well. But yeah, I fired it up this morning.
I was excited. I've got a PR that makes me a bit nervous about some of the security implications.
And I said, you know, this is potentially one of our riskiest features yet. Can you take a look at this
PR and conduct an in-depth security and architecture review.
No, this request was blocked.
We will not do.
Would you like to use Opus 4.8 instead?
You're a dangerous hacker.
Dangerous hacker asking those sort of questions.
These are forbidden questions.
Meanwhile, we've got, what is it, some research out of Veronis that's shown that
open claw agents fall for fishing attacks, right?
So they basically conducted four types of lures, through four types of lures at
at OpenClaw and it was like, you know, what was a, there was like a fake gift card that you could
redeem and the OpenClaw agent's like, oh, fake gift card, awesome. And what's funny here is like,
that was one of them. Then there's a team lead asking for access to a staging environment, fake gift card,
customer data extract for a remote presentation and a fake Oath app disguised as a timesheet
app. And, you know, it just did appallingly against all of this stuff. What's funny here is
Varonis's remediation advice, I think, is actually quite bad because it's recommended that agents
should be explicitly required to verify sender identities, be prevented from emailing new external
recipients without approval, and have limited access to internal data. That sounds like a bunch of
non-deterministic statements that you would put in some sort of like conf file, not actually a hard
control. So I don't know that that's going to help here, really. No, you may as well have just a
system prompt that says, please don't fall for fishing.
Yeah, exactly. Please don't get fished.
Yes, exactly.
I think it's pretty funny that we've been telling users, like, not to click on links for years and years.
We, you know, staff, everybody accidentally clicking on fishing links.
And now AI is just clicking on every link it can and being enthusiastic about it.
We've got machines to click on links for us now.
Yeah, exactly.
It's basically a link clicking machine.
But, but OpenAI has a solution.
Good news, everyone. Open AI has a solution, which is they have lockdown mode, and they've cracked this problem because they've got a lockdown mode and essentially what lockdown mode does. Are you ready? It's very clever. It's very subtle. What they basically do is they make the model or they make the agent completely useless. James, walk us through OpenAI's lockdown mode here because this is like, I feel like this is a way for Open AI to cover their ass, right? So that they can, like if something bad happens, they can say, but you weren't using lockdown mode.
mode, which nobody's going to use, right?
Like, that's the vibe here, I think.
Yeah, so let's walk through this incredible feature set here.
So lockdown mode will disable live web browsing, so you can't browse the web.
The retrieval and display of images from the web, but you can still generate images.
Deep research, no, totally gone, don't need it.
And agent mode.
So, listen, I think what they've done here is they essentially took the advisory that we saw
from Microsoft a couple of weeks ago about the safe use of AI, which was similar sort of advice
of the safest way to do this is to put them in a box and don't connect it to anything.
And they've just disabled anything that could be potentially useful for an agent to do.
I mean, you know, this is more like they're rolling you straight back to, you know,
chat GPT 3.0 level features where it used to say, I'm sorry, my corpus of data ends in
September 2020.
And I don't have any fresh data because that's, it's about all you're going to get out of this.
It's just going to ruin the experience and the utility of anyone doing anything at all.
But I mean, this is fundamentally the issue with these sort of agents, right,
is that they need to have deep privileged access to be useful.
And that's the temptation.
That's why we keep getting ourselves into these hilarious situations with these models.
Speaking of which, too, Microsoft is releasing something they're calling intelligent terminal,
which is an AI-powered Windows terminal.
So it's like, what if you got PowerShell and glued it to an LLN?
you know like that's gonna that's gonna work out great but then when you look at it it it turns out like
really what they're doing is they're just putting everything in one window that everybody's doing
already which is using lLMs to actually like craft commands and whatever yeah it's uh sometimes
we get a story that we laugh about and joke about and sort of make all these uh assumptions about
what it's going to read really like and then you look at the article and you find out oh my god it
it is like that because the first reaction we had was oh is this seriously going to be like
power shell with AI and then I open up the article to read it deeply the story
morning and sure enough there's a screenshot of the top pane is power shell and the lower
pane is an agent chat interface but you know jokes aside of how dystopic that is
the reality is this is what everyone's doing anyway it's just that they've got two separate
windows open and they're copying pasting the error that they're getting out of the shell or
power shell into the AI and saying I just got this error what do I do now I run this command
copy paste that in and so sure remove the copy and paste error is about all that this
overall net achieves, I think.
Now, while we've got you here, Chris,
we should also ask you to tell us a little bit
about some of the stuff that Cell Bright's doing around AI
because it is, I mean, you know,
it's like it makes me feel a little uncomfy,
if I'm honest, but it's also extremely cool.
Where, of course, you know,
Cellbrite being a forensics company
that extracts data off cell phones,
you know, using AI lets you go to that next level
of actually analyzing a bunch of the information
that's been seized from devices.
Yeah, walk us through that because you've actually got a product release like today around that, right?
Yeah, we're launching our AI Genesis product today.
So we've been baitering it for some time and I was really impressed with the results,
especially on cold cases, right?
And cases with large data sets bringing in data from not just mobile but other platforms as well,
like desktops and even things like drones, IOT devices, routers,
and having all of that data accessible to AI,
it's incredible.
We've had cases solved that were open for years
in a matter of like 15 minutes.
So it's like it crunches the data and just goes,
it was that guy.
And then you look into it, you're like, oh my God,
it was that guy.
Is it kind of like that?
Yeah, I mean, like if you think about how much evidence is on a phone,
it's displayed in such a way we actually output it in this UFDR,
it's big PDF basically with all of the details.
investigators, they go through it, but they don't always have a great system to coalate different
data sources, like if they have two different phones. So the AI has been amazing at taking
like 50 devices, like in RICO cases or like terrorism cases where there's a lot of devices,
and then analyzing all that data and tracking it back to a location. We had one where it found
a video of the terrorist planning to make the bomb, and they used the metadata to,
to track it back to where the training facility was,
and it was missed by humans.
They didn't, I guess, for whatever reason,
didn't look at the metadata on the file,
and, you know, AI found it within minutes.
So there's a lot of really great use cases surrounding fraud
and stolen property, things that, like,
maybe let's say it's only a few thousand dollar items stolen
and it's not super high priority,
but now the police can just punch in the data
and AI can give them a summary.
And it's always like trust but verify kind of thing.
Like it's, you know, AI does make.
This is going to be my next question, which is, you know,
I'm sure there's people listening to this who are freaking out because they're thinking,
I'm going to get arrested because like some crap LLM made some weird non-deterministic call
because of some odd artifact on my phone and now I'm in jail for murder.
But I mean, that's not quite how this is supposed to work, right?
Actually, one of the cases that it solved, one of the initial cases just to solve,
with an exoneration.
So the way that we display the data is very much,
here is the data source,
and here's a link to,
and it shows the reasoning how it got to this point.
So it's designed in such a way
that an investigator can look at the data,
verify that it's correct,
and then move to the next step.
So I'm hoping that we've put enough guardrails in place
that we don't have any issues like that.
We haven't seen any yet.
But we launched it today.
I'm very hopeful.
We look at over,
our celebrate is used on over 1.5 million
cases a year. And I always wonder about how many of those cases they don't go to the next level
because the investigator didn't have all the tools he needed. So I think it's a really great use of
AI. I'm interested to see like long term in the next five years what the solve rate for AI is
versus cases solved without it. No, I mean, you and I were, you know, sort of first discussed
the theory of this a while ago, actually when I was visiting your pub. Right. So we sat down and had a
beer and we're actually chatting about this and it is fascinating.
But I also understand that there's going to be, there are going to be people out there for whom
this sounds really creepy.
I mean, what are you doing?
Are you putting some, you know, access restrictions around this sort of technology?
Because I'm guessing that it is the type of stuff that, you know, you would not want certain
governments using it to chase down, you know, political activities and dissidents and things like
that.
Yeah, I mean, we have ethics board.
We are very careful about who we sell this technology to.
Currently, it's restricted to the US only.
And we're aware that there's potential abuse for AI.
So we have been very careful about how we roll this out.
I should mention, too, that, like, I think, you know, how do I put this?
There are people out there who perhaps don't realize the extent to which companies like yours actually cooperate as well with people who are investigating human rights abuses.
I believe, like, for example, Correlium provides free licenses and support to amnesty, international, right?
To help them identify human rights abuses.
That's probably something that we could say here.
For sure, 100%.
We also provide free accounts to journalists, right?
We do our best to try and help if we get reports of abuse, whether it's Celibrite or Correlium.
We always investigate it and accounts are cut off or locked.
I'm glad to say we haven't had, you know, there has been cases for sure, but we're pretty diligent.
about where we sell and who we sell to.
And I mean, that came up in the lawsuit.
That was one of the remarks that the judge made
that we do have processes in place.
And we've been very diligent about the kind of customers we have.
And I'm proud of that.
Yeah.
Yeah.
I believe also that you have offered other organizations like Citizen Lab.
You have offered them information on things like resellers
who might be trying to obtain technologies like Corellium to pass them onto not so great
regimes.
you've offered to pass on intelligence on those
and also free licenses to organizations like Citizen Lab
but they don't seem too keen on taking you up on the offer.
Yeah, I think, you know, in the past,
they've put articles out, whether it's Citizen Labs or others
that name Corellium or, you know, like point out that we have customers outside the US.
I am always happy to give out free accounts to causes like Citizen Labs.
in terms of the intelligence, we get contacted by government agencies all the time that work with us
reporting potential resellers who are trying to obtain our product.
It happens fairly regularly.
So we're always happy to share that with them.
But so far, they haven't taken us up on the offer.
Well, let's move on to the next story now.
A bit more bread and butter security stuff.
And we actually, this story was out last week, James.
We were going to talk about it in last week's show.
But then there just wasn't that much detail in it.
But now Mandians dropped a report.
So last week there was an FBI alert about this ransomware crew who were doing a lot of social engineering and whatever.
But the thing that makes it really, really interesting, few angles, right?
First angle is that they're targeting high-end law firms because they're doing data extortion.
And what they've discovered is a lot of companies, you steal their data, they won't care, they won't pay to have it deleted.
Whereas these high-end law firms, they absolutely will because that data being leaked is a,
disaster for their clients so they will absolutely do that. The other thing that's
interesting is the way that they escalate. So what happens here is the if they
can't remotely socially engineer these firms what they wind up doing is
actually sending someone to the firm with a USB drive to say, hey I'm the password
inspector or whatever and then they get in, plug in, download a whole bunch of
data and off they go. So I mean this is a nightmare I guess if you are a CISO
now you've got to worry about in-perance
us in social engineering to do this sort of thing. Like what a, yeah. And, you know, maybe I've worked
in the wrong sort of places, but the physical security in a lot of the places I've worked at has been
very, very relaxed. You know, it's, yes, there might be swipe cards, but everyone will hold
the door open for you to let you in. And, you know, there's, there's very little sort of, I guess,
discerning qualities as to who is actually working in IT and would legitimately come up to you
and say, hey, sorry, I'm from IT, I've got this urgent update. I need to install, can I see you
laptop. And it's just this really plays into the fact that that physical security and I guess
catching employees off guard is clearly working. I mean, I think the interesting thing about this
is that most ransomware and extortion groups, they give up once at, you know, the cybersecurity
aspect and the social engineering and the fishing fails. But I think it is very cluey that this
group has realized that the tradeoff of potentially getting caught in person is worth it,
given just the sheer dollar value that can be extracted, as you say, from companies that are willing to pay.
It also reminds me of one of my favorite between two nerds episodes where Tom and the Gruck were talking about
the three first principles of a cyber attack. There's got to be a human involved. So there's that
weakness or exploitability of a human being involved. There's got to be data that's able to be taken.
And there's got to be an economy behind it. And I think what's super interesting here is what we're seeing is
the data from certain organizations is so valuable that it's worth the potential risk there
of someone physically getting snapped in person.
Yeah, I mean, I hate that he's been right in his prediction because a couple of years ago
he predicted this big pivot to data extortion, and I'm thinking people aren't going to pay.
They're just not going to pay.
And what they've been able to do is identify categories of victims who do pay.
So Grec was right.
I was wrong.
It's very annoying.
moving on and checkpoints
he's apparently like warning about a zero day bug
that is being used like targeted by a ransomware affiliate
and this is a bug in people who are using their checkpoint
with IKEV1 enabled raw dog on the internet
and you just think what did you think was going to happen
like there's always going to be an ODA in that
like was that your take here as well
yes I mean like on multiple levels
that you know last week we were like it's Wednesday
so there's a bug in fortinet this week it's like it's Wednesday so there's a checkpoint and then
you read through and you're like okay not only is it a checkpoint zero day but it's in a VPN that allows
you to connect without authentication great and how does that happen it only happens on devices that are
configured to use ike v1 and so you think all right listen that's got to be a vanishingly small
population on the internet but of course it's not and these are getting actively exploited and
some of the post-exploitation tradecraft points to the Quillan ransomware group as well.
So there you go.
It's just like you read through and you go, surely that's three devices, but no, it is a lot more than that.
Yeah, and they belong to like, you know, Fortune 50 companies or whatever.
Like it's always the way, right?
Like who is crazy enough to do that?
It's like, yeah, it's there for legacy reasons because of something, something.
Well, it's there because the account manager had a really great relationship with the CSO.
That's always how it goes.
Now, Service Now has just disclosed some security incident.
Details are still, you know, coming to light.
But they applied a patch on the 5th of June to hosted instances
saying that they fixed the configuration of an endpoint to require authentication,
to which my response is blink, come again.
So, yes, apparently there was some endpoint that didn't require authentication
that was causing, yeah, ServiceNow instances at customers to get owned.
What? What?
Well, I mean, the dual use purpose of this article also is if you are looking for a masterclass in Corpo speak to bundle your actual dumb bug in a whole lot of fluff, this is the article to go and read because I loved lines like this may have resulted in the API granting an unauthenticated user a higher degree of privilege than was expected.
It's like you said they were unauthenticated.
What would be my expectation?
Well, when you can arbitrarily just like pop shell, I guess that is like, you know, giving someone more privileged.
That's unexpected.
It is, it was very unexpected that you pop shell down.
I'm surprised. Yeah, yeah, 100%.
Now, this next one, I actually found it actually a very interesting story.
There's this credit card theft campaign targeting e-commerce sites.
But what's interesting is all of the bad stuff is hosted on Google Tag Manager and like Stripe.
so it's all like allow listed like domains that look squeaky clean.
I'm going to coin a term for this, right?
Because we know what living off the land looks like with using lull bins and whatever.
I'm going to call this living off the ocean.
Living off the sea, right?
But it's like, I mean, it's cool.
I love it when you see people do this.
It's sort of like how spammers are getting docusigned to send their spam.
I mean, this is about getting, you know, legitimate services to host.
I mean, not even your payload.
It's like bits of your payload, right?
In this case.
Yeah, it is just continuing that trend of why make a hacky version of something when there's a legitimate version there that you can abuse to go do your bidding for you.
And in this case, two very legitimate services, Google Tag Manager, which is the easy way to drop various chunks of JavaScript onto your website without changing your website.
Maybe you're dropping your analytics from Century to something else and you want to just, a quick and easy way to say, you know, drop in this tag, don't drop in that tag.
and the thing that is a little bit unclear about Google Tag managers use here in particular
is it doesn't say how that malicious tag, I assume, has made its way into Google Tag Manager
and someone has enabled it on the site, but there's probably heaps of ways.
TypeoSquot a tag or a malicious fishing email saying, hey, please update this tag with this
version, but either way it gets in there.
And what's deployed in that tag is, yeah, like you said, it's fragments of the malware
that essentially goes and hijacks the payment payment.
pages in these e-commerce sites and funnels the payment data off to Stripe to go and, you know,
handle payments on behalf from that stolen payment method, again, through a completely legitimate.
And more importantly, like the other aspect to this is it's not just that these are legitimate
services, but they are the kind of things that just get whitelisted everywhere in a particular
email site.
Well, they're the kind of services you expect to see on those sorts of sites, right?
Which is what makes it so cool.
Like, good luck spotting this, like, unless you really like expert mode, IR mode, you know?
Yep, 100%.
Yeah.
Just real quick, I wanted to mention this one.
There's a story from Cybersecurity Dive
that says that Crowdstrike and Palo Alto networks
are like defying estimates and business is great for them at the moment
because of AI.
Look, I would just say that the funny thing I've noticed
is that people who are making basic controls,
people who are making stuff like, you know, like Run Zero doing,
you know, asset discovery and stuff like that.
Knock Knock is going berserk, stuff like Airlock, right?
All of your sort of basic.
security controls, they're doing great because everybody's absolutely terrified that AI is coming
to eat them alive. So whereas the really heavy AI products and stuff, I think the market's still
trying to work out how best to use them. So while you might be seeing AI enabled features on something
like, you know, the sublime email security platform where they've done a really good job of
integrating AI, it's not really why people are buying a high quality email security platform. It's just
nice that they're using AI appropriately. So I just find this is an interesting thing where
seeing a lot of spending in like traditional security controls as a result of stuff like mythos
terrifying everyone so yeah that's cool now chris i wanted to bring you in on this one because i want
to i want to know what you think about it um but it turns out that it looks like the u.s military
is using the gps satellite network to distribute key material and look i mean there's so many
jokes you could make it here about pkai right and about how pkai key distribution is difficult and i guess
like where I landed on this one is I can't figure out if using the GPS system to distribute
your key material is doing it in hard mode or easy mode.
Because basically that's what I can't figure out.
But like, were you surprised Chris to see this?
And were you impressed, I think is the question.
Yeah, I was going to say, I was actually impressed.
I thought it was very clever.
I'd like to know what the actual use case for it is, like which systems are actually using
this data and take the guy out for a.
beer who came up with the idea. I think we need more creative thinkers in the government. So
I love when I see creative stuff from tech people in the government. Yeah, it's cool. And it's the
kind of story I love because this was this researcher Stephen Murdoch. I think it was a decade ago
was working on just happened to be coding up a decoder of GPS data for completely unrelated
reasons. And when he was doing that, he noticed that there's this thing called subframe four,
page 17. I mean, my heart goes out to him for what the specification must have been like if there's a
subframe for page 17 in the protocol spec. But what he found was there's this like 176-bit message in
there that's not very well explained. And when he gathered a few samples, it just looked random.
And, you know, for those that work in networking, random is interesting because random doesn't
happen naturally, right? It's rare to not have some sort of structure in your data, especially on
in networks. But then he came back to it a couple of years later and
but with another researcher
and they found that there's actually an archive
of all these GPS signals
that go back to, I think, 2007 or so.
He stitched all those together
and found a huge payload
of 3,994 unique 176-bit messages
that were in this GPS signal.
And this is a bit that was really cool.
They then compared those different message fragments
and could find little differences
and those differences happened at certain times.
It's like they were like a sentinel message.
Yeah.
And that just happened to line up with when certain new military networks were getting commissioned
by virtue of corroborating that with publicly available information.
So it's good sleuthing.
Yeah, it's great sleuthing.
And it's like, as I say, does having access to the GPS network make your key distribution easier or harder?
And I don't have an answer for that.
Well, I can imagine this guy's like data centers in space.
I'm in doing that for a while.
Exactly.
Exactly right, that's old news.
Now, we've got a bug here that I just think is worth mentioning.
There's this DOS attack that crashes a whole bunch of web servers in under a minute.
It's like a memory exhaustion thing,
and it works in servers that are serving stuff up through HTTP 2
because there's a whole bunch of weird features in that
that are not appropriately cu-aid, basically is the long story short here, right, James?
Yes, inappropriately cu-aid.
Let's come back to that and recalibate the bar on this
want to talk through the first aspect of this, which is it is two bugs combined. It is a bug in
the compression in headers, and it is a bug in essentially holding onto sessions for a long time.
You combine those two, and if you're able to seemingly decompress a whole bunch of data and
hold onto that in the server's memory, of course, it's going to write out of memory and it's going
to crash. But to your point about not specifically QA, the compression works like this.
Basically, you can say, here is my compressed data, and when it's decompressed, it's actually
sort of a structured reference and you essentially say decompress this and then actually what's
decompressed out there has a self-referential sort of reference and it keeps decompressing over and
over again to the extent where one byte in can turn into 10 to thousands of kilobytes of memory
being expanded over and over again and so it's like there is no compression method that should
work legitimately with one bite in and 10 to thousands of bytes out and yet this is present in
Apache and Voie, all the popular things.
And to, frankly, it is astounding that this hasn't caused mass mayhem,
but that also seems to be kind of the way these bugs go at the moment.
It's like, ooh, big scary and then...
Yeah, no crickets, right?
Yeah, HTTP too.
Like, let's make HTTP, but like binary.
Yeah, but like to add more stuff.
What could go wrong?
Just quickly wanted to mention it.
Shout out to all the people at Google Cloud and Google Threat Intelligence Group
who've lost their jobs.
This sucks.
So there's a bunch of Mandate people got cut loose
and Google Threat Intelligence Group.
People got cut loose.
I'm guessing a few of them
listen to this.
So I want you all to know,
we see you,
you'll be fine.
You're going to pick up other jobs,
but we're sorry,
this must suck.
And we're going to wrap it up.
Celebrite's hiring.
They could definitely apply to celebrate.
There you go.
Contact Chris Wade at Cellbrite.
They would love to hire you.
All right, we're going to wrap it up there.
James Wilson, Chris Wade.
Thank you so much for joining me
to talk through this week's news.
A pleasure to
to chat to you both. Thanks, Pat. This was a lot of fun as always. Thanks, Pat.
That was James Wilson and Chris Wade there with a check of the week's security news. Big thanks to
them for that. It is time for this week's sponsor interview and we are chatting with H.D. Moore,
who is the founder of Run Zero and we're chatting to him this week about the vibe shift out there
where basically a whole bunch of sensible security technology is all of a sudden red hot again,
because everybody's scared that Mythos is coming for him.
Ooh, Mythos is going to come and get you, right?
So you've got to go and do your asset discovery
and put in some sensible controls.
So yeah, look, that's really simply where I started off in this interview with HD
is asking him, you know, has there been a vibe shift?
And here's what he had to say.
I mean, you go back a year ago and everyone was saying,
well, we'll buy more defensive solutions.
We'll do an AI sock.
We'll do all this stuff.
And that'll somehow prevent us from getting compromised.
And reality is, no, you're going to get compromised now.
there's no way to really stop someone from getting into anything you've got exposed.
It's just a matter of knowing what you have, being prepared for it,
understanding where someone can get to once they get into that first point.
Yeah, it's funny.
I had a chat with, so I talked to people who are in the preventative control business, right?
And they say, well, AI stuff has shown us that we need preventative controls.
You know, and detection response is not going to suit us in the AI era.
But then I chatted with Ed Wu, who does AI sock stuff.
And he made a really good point, which is that, like, in the AI,
AI era, you're not going to stop people from getting a presence on the network. So
detection and response is really much more important as well. So I think where I've landed is like
everything is all of a sudden more important, right? Yeah. And Blasperidias matters more too. It used to be,
okay, can someone get into my DMZ? Can someone get into my server? Now that's more of like,
great, let's assume they get into this part of the network. Where else could they have gotten? Like,
how far do we have to look for the traces of this particular impact? Or previously you could say,
well, you know, maybe they got into my F5 or something like that. But they wouldn't necessarily
assume they already got your domain controller in the first hour.
after popping your perimeter.
Yeah, and now it's that lateral movement is a lot easier for attackers who are using AI
because it's, I mean, I guess that makes sense, right?
Because lateral movement through something like, you know, a typical enterprise network is pretty
well understood and documented, which means that all of that knowledge has been, you know,
ingested, I guess, by a lot of these chatbots and now they can just do it for you.
Absolutely.
I mean, you've done some great interviews with folks who do kind of the AI pentesting side and,
you know, they just went out and said it.
Most of what we do is lateral movement.
Most of the AI pen testing world is dump a cred,
a crowd repeat. Yeah, right. So how does run zero actually help you there? Because as far as I
understand it, okay, so let me let me let me, you know, have a stab at it, right? So you've got the
external attack surface measurement piece, right, which is, I think, very important. You want to
know what's hanging out there on the internet that people are going to be able to pop shell on,
right, as a first step. Managing your external exposure is going to be very important.
You want to be using something like run zero internally as well to have a look around from
point of view of like, okay, well, if someone lands at this point in the network,
what are the internal exposures that make lateral movement that little bit too easy?
Is that kind of where you're coming from with that?
Yeah, there's two parts.
And one thing we do that's really interesting is we find external exposures from internal-only scans.
So we'll fingerprint everything you have internally by only scanning internal.
And from there, we can tell whether any of that stuff internally is exposed externally
by just doing a hash lookup of the unique ID.
And so that lets us say, okay, we had no idea of this IP range of this cellular network,
had anything to do with your company.
but because we see the hash here and the hash there, we know it's worse.
So you find exposures that you can't really do attribution against otherwise by doing that internal scan.
The second part is a lot of times you say, okay, great, I've got my EDR,
I've got my controls scattered around my internal network.
But then we come back and say, well, here's the other 50% of assets you didn't realize you had,
and also half of those are missing your crowd strike.
Yeah, which is extremely not great, as you would say.
So, I mean, look, that's really nice in terms of finding those like EDR install gaps
and stuff exposed that it shouldn't.
There are certain bits of enterprise tech, though, that just are never safe, right?
Like, you can't just configure them to make them safe.
What are people doing about that?
And obviously, I'm interested in that in perspective of, you know, being involved with a company that does the access control bit.
But I'm wondering what other people are doing to deal with that.
Like, what happens when they find something on the edge of the network that is risky?
You know, how are people dealing with that?
because it's great to find this stuff with, you know, with Run Zero,
but like what are they actually doing to reduce the risk once they've discovered the exposures?
Yeah, the short version is the number one control people have for security of segmentation.
So if you find something you don't like, whether it's a BMC, whether it's a OT device,
a device you can't patch and all the support appliance, what you do is you put it in its own little
network, you isolate it, you say, okay, great, you can't talk to anything else.
The problem is you put all of those devices into the same networks.
You have all your BMCs of all your servers on the same management network.
Now all ticks is popping what are those to get to everything else.
So what we've been really showing with Run Zero, especially with the last release,
is we're able to identify the segmentation gaps across the entire enterprise.
So you have an idea of what your network should look like in your head.
We show you what it actually looks like in terms of being able to bounce around,
go around your firewalls, you know, go through connections you didn't realize you had,
find multi-home machines.
And that's really been a little terrifying for folks because they realize the controls I thought
they've been in place don't actually matter.
Now, you've been doing a presentation lately.
It is called, forgive me, the Shadow Era.
Give us the listeners the basic pitch of the shadow era
because it really connects to what we've been talking about.
Absolutely.
So back of the 90s, no one had any idea was exploitable
and this small group of 20 to 30 people
could walk their way into a network on the planet.
That's just how it was.
So it didn't matter what secret tools you had.
We're all in the dark all the time.
You move on to 2000s, 2010s,
and we started getting to kind of like patch exploit,
patched exploit cycle,
where a patch would come out and exploit would come out.
And the presence of an exploit was what triggered everyone to go patch.
and then we started getting into a cycle in the last couple of years that's much faster
where the exploits came out first everyone's getting mass owned and then you identify the patch
then months later the vendor says hey we had a problem here's a patch port so you're already like
now months to weeks behind the ball in terms of exploitation the challenge we're in right now is
that there's been so many vulnerabilities discovered that don't even have a CVE yet just in last
three months that we don't even know how many vulnerabilities we don't know about yet like we've
gone from you know knowing there's a few hundred in the queue for Chrome or Firefox it's now
having thousands and thousands and thousands of unknown bugs and the kind of
scary part about this is an attacker doesn't have to go after open to cell or Apache or
open to stage. They find that one little corner of your network, that one device that no one
looked at in 10 years. They throw the latest AI model at it and ban, they've got shells and
everything. So it doesn't matter. It's funny that you say that. Sorry to cut you off there, but I had
an interesting chat with someone who's a recently departed like intelligence community guy
about exactly that, which is where is the value for intelligence community, the intelligence community
when it comes to that sort of exploit development
because mythos came along, right?
And all sorts of bugs started falling out of mainstream software.
They're kind of useless for the IC because those bugs are all public.
If you can discover them with a one-shot prompt,
they're essentially public vulnerabilities
and they're not really enduring, durable or that useful.
But where it becomes really interesting is exactly what you said,
where they might scope an environment
and find some bit of esoteric gear or esoteric software there
and then they can use the LLMs to just automate the process of doing the vulnerability discovery and the exploit development,
hey, this weird, you know, Japanese web application over here that's used for something odd in this environment, please pop shell.
And the AI goes, okay, you know, so that is a new thing, isn't it?
And I guess we've seen that too with Penn testers, I know, over the last 20 years, have had great success moving laterally through quite secure environments by finding O'Day in all of the really crappy enterprise software that people tend to use.
in enterprises. So I guess that
is just ubiquitous now,
isn't it? This
there's no, you know, obscurity's
not going to save you, really, this time.
I'd say the difference though, like, you know, I'm one of those
pen testers used to love breaking into like the tape
library or the weird and esoteric thing in the corner.
But after the pentests, you report to the vendor, you get it fixed,
everybody gets an update, off you go.
More recently, we've been using the known exploitive
vulnerabilities list to be a list of what to go fix.
But these vulnerabilities are being exploited per target.
They're never going to become a cat.
No one's going to know about it because they're going to be used once, maybe twice.
Unless you get really, really, really lucky and happen to catch it the first time it's used, it'll never come to light.
So that's what's kind of the shadow part about it.
It's not that the exploit gets used once, then a month later everyone else finds out about it.
It's that you're literally going to get hit with an exploit that is only used specifically for your environment.
I mean, this is funny, right?
Because I asked Nicholas Carlini from Anthropic about this when we did an interview recently.
I don't know if you caught that one, but I did ask him.
I'm like, hey, you know, maybe it's an idea if you can get the models to detect when they're
wrapping out an ODA and that you could report that to the vendor. And his answer was like,
oh no, you know, we take our user privacy so seriously. And I'm just thinking, I'm rubbing my temples
thinking, man, like, you know, you should probably think about that a little harder.
I mean, something that I think we often mistake when we talk about AI is we like to think that
the large frontier models are the gatekeepers to technology. And they haven't been for a long time,
right? You can get very close to frontier level bottles just by having more harnesses running locally
on your MacBook, right? So the cat's out of the bag. Well, we had a big, we had a big interview
with Nils Provost talking all about exactly that.
But I guess my point there is that like even the frontier people are just like not really
thinking about this.
And it's and it's going to be an issue.
Indeed, we were speaking about NIST Kev.
Sorry, not, NIST's the CVE program falling behind on the, what do they call it, the NVD enrichment.
And then, you know, Kev's kind of turning into a little bit of a dog's breakfast as well.
So, you know, where does that leave us, right?
I guess you're going to say you should manage your exposure and you should use tools like
Run Zero to do it.
I mean, you go back to the 90s, right?
You don't know what you're going to get hit with.
All you can do is do layer defense.
All you can do is try to have a really good map of what's out there.
And we're kind of back into the, I don't want to say the fun mode again,
but it's not like you can go through a checklist and be secure, right?
You actually have to try again.
You have to actually know what you have.
You have to actually look for the exposures.
You have to actually look for the attacks.
You can't assume that defender threat intelligence is going to tell you about it
before you'd hit with it.
I guess what you're saying is we just really have to assume that there's a bug in absolutely
everything, minimize exposure, minimize blast radius and kind of treat it that way.
It's worse than that.
So my take is folks are now auditing every commit to every project
and finding a vulnerability and exploding it before people even know it's vulnerable in the first place.
So if you talk to like Heather Adkins, for example, at Google,
they've got a program where they're auditing every single commit for a security bug,
whether it's been shipped yet or not.
And the idea is that you actually want to know whether something's vulnerable
before it gets released in the first place.
And you have to assume that people are doing that for all the repos,
for all the tools out there.
So someone may commit something that creates a vulnerability,
and someone's already taking on an exploit for three or four months
before someone realized that there's even a bug there.
So what? We're just doomed?
You know, we're kind of back to the basics.
Like, I have to say the one thing that people can do that, you know, for the last 10 years or so,
we've depended on our security vendors, giving us, kind of spoon-feeding us,
threat intelligence and tooling.
You can't depend on them anymore, right?
You have to do your own work.
You have to have your own internal vulnerability operations team.
You have to proactively audit your own commits before they get shipped.
Like, you really have to be, like, auditing your own long-tail suppliers,
not waiting for some security vendor to tell you that there's a vulnerability and some, you know,
esoteric dependency. Like, we have to be very proactive about it if we want to survive.
Look, if I'm honest, though, that sounds like a approach that's out of reach of most
organizations. I mean, if you're Bank of America, maybe, right? But, like, what are the normal
folks supposed to do about this, right? Like, just give up? And the good news is the tokens are
getting cheaper, hardware's getting cheaper. So you can start proactively auditing all of your long
chain supply stuff. You can start looking for what's the one library that is weird that
doesn't update in five years that no one else in our industry uses? Go audit that. Like,
you're going to find something that's really important, really scary really quick.
And again, the whole idea of, like, risk being likelihood times impact,
we now know what likelihood looks like.
All right, HD Moore, always fabulous to see you.
Everyone should go and get Run Zero and have a look to see what their exposure is like.
I really do, honestly, hand-on-heart recommend that people do that,
because you never know what's hanging out there on the edge of your network in particular.
I mean, that's the first place you want to look.
And then, you know, as HD was explaining earlier,
you really want to do have that inside out view,
as well. But great to see you, my friend. I'll look forward to chatting to you again.
My pleasure. Thank you.
That was H.D. Moore there from Run Zero in this week's
sponsor interview. Big thanks to him for that. And yeah, you could find Run Zero. Just Google.
Run Zero, one word, and you are going to find it. It's an excellent tool, and I highly
recommend that you go and play with it. But that is it for this week's show. I do hope you enjoyed it.
I'll be back soon with more security news and analysis. But until then, I've been Patrick Gray.
Thanks for listening.