Ethical Hacking Techniques

Microsoft's AI Red Team has released a groundbreaking paper titled "Lessons From Red Teaming 100 Generative AI Products" (https://lnkd.in/dGxsydwF) 🌎 Drawing from their extensive experience, they've distilled eight pivotal lessons for enhancing the safety and security of Gen AI systems:- 1. Understand what the system can do and where it is applied. 2. You don’t have to compute gradients to break an AI system. 3. AI red teaming is not safety benchmarking. 4. Automation can help cover more of the risk landscape. 5. The human element of AI red teaming is crucial. 6. Responsible AI harms are pervasive but difficult to measure. 7. LLMs amplify existing security risks and introduce new ones. 8. The work of securing AI systems will never be complete. 📌 Distinguish between Red teaming and safety Benchmarking - Red teaming involves simulating real-world attacks to uncover vulnerabilities, whereas safety benchmarking assesses performance against predefined standards. 🤖 Leverage automation - Utilizing tools like PyRIT can help cover a broader risk landscape more efficiently. 👭 Human judgment is irreplaceable - While automation aids the process, human expertise is essential for nuanced assessments and decision-making. 💭 Responsible AI harms are complex - Identifying and measuring harms require careful consideration, as they can be pervasive yet subtle. 👉 LLMs introduce new security challenges - Large Language Models can amplify existing risks and present novel ones, necessitating continuous vigilance. 👉 Security is an Ongoing Process - Ensuring the safety of AI systems is a continuous effort, demanding regular updates and assessments. 📜 This paper is a must-read for AI practitioners aiming to fortify their systems against emerging threats. #AI #GenerativeAI #AIResearch #RedTeaming #AIEthics #AITrust #MachineLearning #AIInnovation #AIRegulation #TechSafety #ResponsibleAI #CyberSecurity #AIProductDevelopment #AITrends #SafetyInAI

🚨𝗪𝗲 𝗣𝘄𝗻𝗲𝗱 𝗚𝗼𝗼𝗴𝗹𝗲 𝗚𝗲𝗺𝗶𝗻𝗶 𝗮𝗻𝗱 𝗺𝘂𝗹𝘁𝗶𝗽𝗹𝗲 𝗼𝘁𝗵𝗲𝗿 𝗙𝗼𝗿𝘁𝘂𝗻𝗲 𝟱𝟬𝟬 𝗰𝗼𝗺𝗽𝗮𝗻𝗶𝗲𝘀 𝗯𝘆 𝘂𝘀𝗶𝗻𝗴 𝗽𝗿𝗼𝗺𝗽𝘁 𝗶𝗻𝗷𝗲𝗰𝘁𝗶𝗼𝗻 𝗶𝗻 𝘁𝗵𝗲𝗶𝗿 𝗚𝗶𝘁𝗛𝘂𝗯 𝗔𝗰𝘁𝗶𝗼𝗻𝘀 Rein Daelman and the rest of the Aikido Security research team uncovered a new class of GitHub Actions vulnerabilities triggered by using AI agents (Gemini, Claude Code Actions, OpenAI Codex, GitHub AI Inference) within GitHub Action workflows. 𝗕𝗲𝗰𝗮𝘂𝘀𝗲 𝗮𝗹𝗹 𝘁𝗵𝗲 𝗴𝗼𝗼𝗱 𝘃𝘂𝗹𝗻𝘀 𝗵𝗮𝘃𝗲 𝗰𝘂𝘁𝗲 𝗻𝗮𝗺𝗲𝘀 𝗻𝗼𝘄, 𝘄𝗲 𝗮𝗿𝗲 𝗰𝗮𝗹𝗹𝗶𝗻𝗴 𝘁𝗵𝗶𝘀 𝗣𝗿𝗼𝗺𝗽𝘁𝗣𝘄𝗻𝗱  As you may guess by the name, it is essentially prompt injection through the GitHub actions workflow, which is pretty wild. The problem is actually quite simple: untrusted data, like a commit message, is being used within prompts for GitHub Actions. The result is that we can use this to get AI tools to perform like posting secrets publicly.  𝗨𝗻𝘁𝗿𝘂𝘀𝘁𝗲𝗱 𝘂𝘀𝗲𝗿 𝗶𝗻𝗽𝘂𝘁 → 𝗶𝗻𝘀𝗲𝗿𝘁𝗲𝗱 𝗶𝗻𝘁𝗼 𝗔𝗜 𝗽𝗿𝗼𝗺𝗽𝘁𝘀 → 𝗔𝗜 𝗮𝗴𝗲𝗻𝘁𝘀 𝗲𝘅𝗲𝗰𝘂𝘁𝗲 𝗽𝗿𝗶𝘃𝗶𝗹𝗲𝗴𝗲𝗱 𝗚𝗶𝘁𝗛𝘂𝗯 𝘁𝗼𝗼𝗹𝘀 → 𝘀𝗲𝗰𝗿𝗲𝘁𝘀 𝗹𝗲𝗮𝗸𝗲𝗱 𝗼𝗿 𝘄𝗼𝗿𝗸𝗳𝗹𝗼𝘄𝘀 𝗺𝗮𝗻𝗶𝗽𝘂𝗹𝗮𝘁𝗲𝗱. A single issue, PR description, or commit message can silently contain instructions the AI will follow. Example of a vulnerable pattern inside a GitHub Action: 𝘱𝘳𝘰𝘮𝘱𝘵: | 𝘙𝘦𝘷𝘪𝘦𝘸 𝘵𝘩𝘦 𝘪𝘴𝘴𝘶𝘦: "${{ 𝘨𝘪𝘵𝘩𝘶𝘣.𝘦𝘷𝘦𝘯𝘵.𝘪𝘴𝘴𝘶𝘦.𝘣𝘰𝘥𝘺 }}" That innocent line can leak your GITHUB_TOKEN, cloud access tokens, or API keys, because the AI treats attacker-controlled text as instructions, then uses its built-in tools (like gh issue edit) to execute them. Following our disclosure in August, Google patched the Gemini CLI workflow which is no longer vulnerable and we have sent out multiple disclosures to other orgs. 𝗛𝗼𝘄 𝘁𝗼 𝗰𝗵𝗲𝗰𝗸 𝗶𝗳 𝘆𝗼𝘂'𝗿𝗲 𝗮𝗳𝗳𝗲𝗰𝘁𝗲𝗱 ✔️ Scan your GitHub Action files with Opengrep (we created open-source rules to detect this)  ✔️ Or scan with Aikido Security, our free version flags vulnerable patterns automatically 𝗛𝗼𝘄 𝘁𝗼 𝗳𝗶𝘅 𝗶𝘁 – Restrict which tools your AI agents can call  – Don’t inject untrusted user text into prompts  – Sanitize/validate user input if unavoidable  – Treat AI output as untrusted code AI in CI/CD is powerful… but also a brand-new attack surface. If you’re using AI inside GitHub Actions, now is the time to audit your workflows. Link in comments friends.

New research from Google Threat Intelligence Group (GTIG) details how PRC-nexus 🇨🇳 APT41 is leveraging innovative tactics, including the use of Google Calendar for command and control (C2). In late October 2024, we discovered APT41 exploiting a government website to deliver a novel malware family TOUGHPROGRESS. TOUGHPROGRESS utilizes Google Calendar to exfiltrate data and receive commands, an evolution in APT41's misuse of cloud services to blend in with legitimate traffic. The malware uses several obfuscation techniques, including memory-only payloads and intricate control flow obfuscation. GTIG has taken action to disrupt this campaign by terminating attacker-controlled infrastructure, updating Safe Browsing, and providing detection signatures. Our report also discusses APT41's broader use of free web hosting tools for malware distribution. Full report available here: https://lnkd.in/gPv7bPQj

Analyzing the leaked code from the Vanhelsing Ransomware, it is essentially a highly modular and automated builder, developed in C++, designed to dynamically generate executable binaries (.exe) based on instructions received from a C2 server. The core logic includes a persistent loop (wmain) that continuously polls for new tasks via REST HTTP requests to an attacker-controlled endpoint. When a task is received, the system automatically compiles two binaries: the locker, responsible for encrypting the victim's files, and the decrypter, which allows for data recovery if the correct key is provided. The main payload is encrypted using AES-256-GCM (via libsodium), with a key derived from an X25519 key pair. The compiled locker binary is read, encrypted, converted into a binary header, and embedded into the loader, which is the final stage responsible for decrypting and executing the locker at runtime. The modular architecture allows the same locker to be reused with multiple loaders. File operations are handled directly through low-level Win32 API calls (CreateFileA, ReadFile, MoveFileA, DeleteFileA), with no dependency on external libraries. PowerShell’s Compress-Archive is also used to efficiently package and transmit artifacts via HTTP. There is a clear separation of responsibilities in the build pipeline: reading, encryption, macro substitution, architecture-specific compilation (Win32/x64), binary renaming, and upload to the C2 are all handled in well-defined stages, with error handling and diagnostics performed via GetLastError(). Summary of Evasion Techniques: - Encryption of artifacts using X25519 + AES-256-GCM - Use of fileless-like execution via loader with embedded payload - Per-build uniqueness through dynamic key and ID insertion - Compilation via MSBuild (LOLBin abuse) #redteam #cybersecurity #malware #malwaredevelopment #malwareanalysis

#ASD and international partners have released an advisory on the tradecraft of a #PRC-backed threat actor named #APT40, and it's well worth a read, whether you are in Government or the private sector. APT40 is code for a group backed by the PRC's Ministry of State Security (#MSS). The MSS is engaged in intelligence gathering and foreign interference activities, including cyber warfare. APT40, based in Haikou, Hainan Province, has been targeting Government and private sector entities around the world since 2017. Their objectives appear to be maintaining persistence in order to exfiltrate data. How does APT40 go about their activities? 🔴 Exploit small office / home office (SOHO) routers as proxies to hide their origins among normal traffic 🔴 Target vulnerable systems on the edge of networks, such as MS Exchange, Atlassian Confluence, and Log4j (commonly found in Java applications), 🔴 Deploying web shells - uploaded code snippets that allow commands to be executed on the remote host, eg. a malicious .aspx file dropped in a public directory on an OWA server 🔴 Conduct internal recon to enumerate victim hosts and accounts 🔴 Move laterally, stealing credentials, then exfiltrating data via existing Command and Control (C2) channels None of the TTPs described in the report are "top shelf" exploitation. This is clever use of well-known exploits against well-known vulnerabilities. Why expose clever TTPs if you don't need to? The advisory contains a few indicators, detection rules, and recommended mitigations. Here is a summary of mitigations: 🔵 Look for process executions in unusual directories or world-writable locations, eg. why is there a process running from C:\WIndows\Temp? (Allow listing would probably prevent this.) 🔵 Implement logging in a centralized location with a suitable retention period 🔵 Patch! The common factor in the listed vulnerabilities (CVE 2021 44228, CVE-2021-31207, CVE-2021- 26084, CVE-2021-31207, CVE-2021-34523; CVE-2021-34473) is that they were all discovered (and presumably patched) in 2021! 🔵 Segment your network - impose costs by forcing the adversary to conduct recon and lateral movement on hard mode. Use jump servers to access sensitive hosts such as auth. 🔵 Other strategies covered in the Essential 8, eg. MFA, restricting admin privs and office macros I for one am glad to see a return to Mandiant-style "APT" codenames rather than the new-fangled monikers like "Electric Tempest". But I would like to see structured threat intelligence released with these reports, eg. STIX JSON format, and hopefully someday soon, structured hunting and response playbooks in CACAO JSON! But I will have more to say about CACAO another day...

Let me show you how red teams quietly map your attack surface, without touching your network, in under 30 minutes. We’ve seen this over and over again. And I’m telling you, the most dangerous threats don’t use exploits anymore. They use what you’ve already exposed, unknowingly. Here’s how it works: 01. First 5 minutes? They scrape everything the internet knows about your org: Your domains, subdomains, cloud assets, public repos, mobile apps, SSL certs, employee IDs, GitHub orgs. They use tools like Shodan, FOFA, Censys, Spiderfoot. 02. Next 10 minutes? They hunt for misconfigured assets. Open S3 buckets, exposed Kibana dashboards, Jenkins panels, Prometheus endpoints. You’ll be surprised how many critical services don’t require authentication. And no, your WAF won’t block this. 03. Then 5 minutes just for GitHub. Searching for hardcoded AWS secrets, Slack tokens, VPN creds, SSH keys. They don’t need your main app repo. One forgotten intern-side project with an ENV file leak is enough. 04. Next 5 minutes go into SaaS and shadow IT. They’ll search for Notion pages, Airtable bases, Google Drive folders, public links that hold PII, vendor pricing, old incident logs, internal checklists. No password, no MFA, no revocation. Still indexed by Google. 05. Last 5 minutes? They run people recon. Find 3 employees on LinkedIn, and dig up public email IDs, weak reused passwords from old breaches, social handles, side project domains. Now your entire company’s threat surface includes your people. That’s 30 minutes. No payloads dropped. No alarms raised. But your attack surface is wide open, and you’ve already lost the element of control. I’ve built cybersecurity tools for over 3 decades, from the early days of disassembling file infectors in DOS to watching ChatGPT generate polymorphic malware today. But what hasn’t changed is this. If you don’t look at yourself the way an attacker does, you’re defending a fantasy. Most teams today don’t even know where their real attack surface begins. They’re still focused on endpoints. Seeing this pattern repeatedly is what led us at Seqrite to build our Digital Risk Protection Services (DRPS), focused entirely on what’s visible outside the organisation, including exposed assets and dark web signals. When was the last time you did a zero-touch external scan of your company’s digital footprint? Seqrite #CyberSecurity #AttackSurface #RedTeam #ThreatIntelligence #ExternalExposure #CloudSecurity #SecurityAwareness #CISO #InfoSec #DigitalRisk Quick Heal

🔍 𝐑𝐞𝐝 𝐓𝐞𝐚𝐦𝐢𝐧𝐠 𝐟𝐨𝐫 𝐋𝐋𝐌𝐬: 𝐖𝐡𝐲 𝐢𝐭'𝐬 𝐜𝐫𝐢𝐭𝐢𝐜𝐚𝐥 𝐟𝐨𝐫 𝐀𝐈 𝐬𝐚𝐟𝐞𝐭𝐲 Last week I talked about guardrails (See post Part 2). Once you have those in place, you need to test them to ensure they actually do the job they're supposed to do. This is where Red Teaming comes into play. 👉 𝐖𝐡𝐚𝐭 𝐢𝐬 𝐑𝐞𝐝 𝐓𝐞𝐚𝐦𝐢𝐧𝐠 𝐟𝐨𝐫 𝐋𝐋𝐌𝐬? Red Teaming involves adversarial testing of AI systems to: ▶️ Identify potential vulnerabilities ▶️ Uncover harmful outputs or behaviors ▶️ Test model boundaries and failure modes ▶️ Ensure alignment with ethical guidelines 🎯 𝐊𝐞𝐲 𝐚𝐫𝐞𝐚𝐬 𝐨𝐟 𝐟𝐨𝐜𝐮𝐬: 1️⃣ Prompt injection attacks 2️⃣ Harmful content generation 3️⃣ Privacy and data leakage 4️⃣ Biases and fairness issues 5️⃣ Reliability and robustness 💡 𝐁𝐞𝐬𝐭 𝐩𝐫𝐚𝐜𝐭𝐢𝐜𝐞𝐬: • Employ diverse testing teams • Use automated and manual testing • Document and categorize findings • Implement continuous testing • Share insights with the AI community ⚠️ 𝐂𝐡𝐚𝐥𝐥𝐞𝐧𝐠𝐞𝐬: • Keeping up with evolving attack vectors • Balancing security vs. functionality • Resource-intensive process • Requires specialized expertise 🔑 𝐓𝐚𝐤𝐞𝐚𝐰𝐚𝐲𝐬: Red Teaming isn't just a security measure - it's an essential step in responsible AI development. As LLMs become more prevalent, robust testing frameworks will be crucial for building trustworthy AI systems. 💭 𝐐𝐮𝐞𝐬𝐭𝐢𝐨𝐧: What Red Teaming practices does your organization employ for AI systems? Share your experiences below! #AISafety #LLM #RedTeaming #ResponsibleAI #MachineLearning --- 🔹 Hi, I am Verena 🔹 AI Strategy Consultant 🔹 Bringing Amazons innovation and customer centricity to organizations and enabling them to implement secure and responsible AI solutions

𝐓𝐡𝐢𝐬 𝐢𝐬 𝐚 𝐛𝐢𝐠 𝐨𝐧𝐞. New research (#NOMSHUB) on how AI coding agents can be turned into full system compromise. A malicious README, an AI agent trying to be helpful, and suddenly you have: 👉 Sandbox escape 👉 Persistent backdoor via .zshenv 👉 Remote tunnel spun up 👉 Full shell access handed to an attacker This is a complete attack chain - from indirect prompt injection to persistent access executed by the agent itself. Some practical steps to consider: 1️⃣ Enforce strong isolation between agent environments and sensitive systems 2️⃣ Continuously test agent workflows (red teaming) for breakout and misuse scenarios 3️⃣ Add runtime visibility and controls over what agents actually execute and have robust enforcements in place. Full article here: https://lnkd.in/gUzqBskk Amy Heng Straiker

𝗧𝗿𝗮𝗻𝘀𝗽𝗮𝗿𝗲𝗻𝘁 𝗧𝗿𝗶𝗯𝗲’𝘀 𝗡𝗲𝘄 𝗥𝗔𝗧 𝗖𝗮𝗺𝗽𝗮𝗶𝗴𝗻: 𝗔 𝗥𝗲𝗻𝗲𝘄𝗲𝗱 𝗖𝘆𝗯𝗲𝗿-𝗘𝘀𝗽𝗶𝗼𝗻𝗮𝗴𝗲 𝗧𝗵𝗿𝗲𝗮𝘁 𝘁𝗼 𝗜𝗻𝗱𝗶𝗮 India’s cyber front is under constant pressure silent, persistent, and continuously evolving. The latest reminder comes from a renewed cyber espionage campaign linked to Transparent Tribe (APT36), a well known threat actor with a long history of targeting Indian interests. According to CYFIRMA, the campaign targets Indian government bodies, academic institutions, and strategic organisations, underscoring ongoing, long-term intelligence gathering efforts against the country. What Makes This Campaign Dangerous? This operation is not noisy ransomware or defacement it’s covert cyber espionage. The attack chain begins with phishing emails carrying ZIP attachments. Inside these archives are malicious Windows shortcut (LNK) files, cleverly disguised as PDF documents. Once a victim opens the file: - A Remote Access Trojan (RAT) is deployed silently in the background - A decoy PDF is displayed to reduce suspicion - The attacker gains persistent access to the system This combination of social engineering and stealthy execution allows the malware to remain undetected for extended periods. Adaptive Malware Built for Persistence One of the most concerning aspects of this campaign is the malware’s adaptive behavior. Researchers observed that the RAT dynamically adjusts its persistence mechanisms based on the antivirus or endpoint protection installed on the victim’s machine. Once fully deployed, the payload allows attackers to: - Steal sensitive data - Control and manipulate files - Capture screenshots - Monitor clipboard activity - Execute commands remotely These capabilities make it a powerful surveillance tool rather than a short-term attack. A Familiar Pattern, A Long Term Strategy Active since at least 2013, Transparent Tribe has steadily evolved its tools and techniques. Previous campaigns have used malware such as CapraRAT, Crimson RAT, ElizaRAT, and DeskRAT each improving stealth and control. CYFIRMA warns that the group remains strategically driven, focused on long-term intelligence collection rather than short-term disruption. Parallel Threat Activity: Patchwork (Maha Grass) Security researchers have also flagged related activity by Patchwork, another advanced threat group targeting defence and strategic sectors. This group has been linked to new spyware frameworks that rely on: - Advanced obfuscation - Long term persistence - Low visibility execution Together, these campaigns highlight a broader and ongoing threat to India’s strategic digital ecosystem. Why This Matters for India ? These attacks highlight a critical reality: modern cyber warfare is rarely loud. It is quiet, long term surveillance aimed at stealing intelligence, research, and strategic insights. Awareness is the first step. Preparedness is the next.

Cobalt Strike vs CrowdStrike Falcon - EDR Bypass Research One of the most common red team challenges today is getting Cobalt Strike payloads to land and execute in EDR-heavy environments, especially with CrowdStrike Falcon running in aggressive mode. In my latest research, I focused on delivering and developing a loader to execute a raw Cobalt Strike beacon stealthily on a protected endpoint, without triggering detections or being blocked. What I achieved: Successfully loaded a raw Beacon payload in-memory Executed it without being flagged or terminated by Falcon Maintained full C2 communication, while running commands like whoami, hostname, etc. in a live environment How it was done: Built a custom shellcode loader from scratch with full userland OPSEC in mind, used techniques like: - Shuttered shellcode inside the memory at different addresses. - Trampoline-based execution helping with avoiding EDR heuristics. - Legitimate pre-padded memory regions to even help evading memory scanners. - Avoiding long length values which is a RED flag for EDR. - No use of Win32 APIs commonly hooked by EDR. - Strings resolving in runtime and wipe after usage. - Unhook EDR hooks. - Runtime resolving for libraries. - Patched ETW and avoided child process behaviors Falcon normally flags. While this isn’t a kernel-level bypass (so some telemetry like process creation and low-level events may exist), the execution was done in a way that evaded Falcon’s behavioral detection engine entirely. Why it matters: This kind of operation is usually heavily flagged. Many offensive security tools and methods fail against CrowdStrike Falcon. If you're relying on default detections, Falcon might catch commodity payloads, but with the right loader and OPSEC, even a raw Cobalt Strike beacon can silently slide through. Offensive security isn't about breaking things recklessly, it’s about understanding how defensive systems work and validating them under realistic conditions, that's what is red teaming really about. If you are involved in red teaming, detection engineering, or have an interest in learning about EDR internals and security, I would be happy to discuss this topic further. #RedTeam #CobaltStrike #EDREvasion #CrowdStrike #FalconBypass #CyberSecurity #PayloadDelivery #ShellcodeLoader #OffensiveSecurity #Infosec #DetectionEngineering #MalwareResearch #Infosec #WindowsInternals