@LikeARascacielo@mauroszeta obvio, la primera vez van sin mucha informacion de que buscar, cuando avanza la investigacion saben por donde va y van de nuevo
Hackers can abuse PAM to log SSH credentials in plaintext by modifying authentication modules. Helpful for lateral movement. There are many ways of doing it, but it often comes down to changes in /etc/pam.d/ and /lib/security/
Blue teams should monitor unauthorized changes in these directories
https://t.co/g6C7mjnR5W
@three_cube@_aircorridor@DI0256
#dfir #blueteam #redteam #pentest
1️⃣ Macros
Burp Suite provides built-in macro support that helps automate repetitive tasks such as refreshing authentication tokens and retrieving anti-CSRF tokens for each new request.
For instance, if you're testing an application that revokes anti-CSRF tokens with each new HTTP request, you can quickly set up a macro to automatically obtain a new CSRF token before sending a new request in Repeater or Intruder, preventing you from having to manually update the token every time.
Clawdbot just injected malware into your code ☠️☠️
Worst part? The attack is close to invisible, even to experienced engineers.
Clawdbot can implement a code PR, just like claude code to solve issues with your app. But this is where it can plant malware in your codebase.
With just a benign GitHub issue with an invisible payload, we managed to install a backdoor malware on your codebase
Here's how we did it:
1. The attacker submits a GitHub issue with a jailbreak prompt hidden inside a URL hyperlink. Completely invisible to humans, visible to LLMs
2. Waited for the maintainer to assign this task to Clawdbot
3. Clawdbot reads the jailbreak in the GitHub issue. Now the Clawdbot agent is hijacked by the attacker and will act on the attacker's command. It plants the backdoor in a lock file, which most engineers don't check in code reviews.
4. The malicious URL in the lock file enables execution of attacker commands
The takeaway? AI isn't just a tool, but rather a potentially corruptible insider agent that can be tricked to act against you.
These LLM hijack problems are what we're looking to solve in
@edison_watch - we'll be announcing a new solution to these solutions soon!
We'll be jailbreaking Clawdbot much more in the coming days - please comment👇 a workflow you use with Clawdbot, so we can show how that can enable an attacker to harm you