🛡️ InfoSec Blue Team Briefing

📰 Articles Covered

• Threat Intelligence Report: ZionSiphon OT Malware First Attempts? Psyops? Both? - DomainTools 🔍 Show Kagi Synopsis
  The following precis summarizes the findings regarding the ZionSiphon malware, based on the threat intelligence report from DomainTools.
  
  ### **Executive Summary**
  ZionSiphon is a Windows-based malware implant (identified as `SCADA_SecurityPatch_v8.4.exe`) designed with explicit intent to target Israeli industrial control systems (ICS), specifically in the water and desalination sectors. While it possesses a coherent conceptual model for sabotage, it is currently **functionally non-operational as an ICS weapon** due to a critical XOR bug in its geographic validation logic. This flaw prevents the malware from recognizing its target environment, causing it to self-destruct before it can execute any process-manipulation logic.
  
  ### **What Happened**
  The malware has been circulating in public sandboxes since 2025. It is designed to masquerade as a legitimate SCADA security patch. Upon execution, it attempts to validate its environment (checking for specific Israeli network ranges). Due to a coding error, this validation fails, triggering cleanup routines that delete the malware's artifacts. Consequently, the payload never reaches the stage where it could interact with industrial processes.
  
  ### **Who Is Affected**
  The malware is specifically engineered to target Israeli water infrastructure. Its internal configuration contains references to major facilities, including:
  * **Entities:** Mekorot, IDE Technologies, WaterGenix, Schneider Electric.
  * **Facilities:** Sorek, Hadera, Ashdod, Palmachim, Shafdan, and Eilat desalination plants.
  
  ### **Security Implications**
  * **Operational Status:** It is a functional Windows host-level implant (capable of persistence and privilege escalation) but a failed ICS-sabotage tool.
  * **Strategic Intent:** The malware contains explicit ideological, anti-Israel messaging. It may function as a "PSYOP-adjacent" artifact—designed to signal capability and shape perception rather than achieve immediate physical disruption.
  * **Attribution Ambiguity:** While the targeting and messaging align with Iranian-linked themes (e.g., MuddyWater tradecraft), the report notes that these elements could be "attribution theater" constructed by another actor to mimic Iranian activity.
  * **Evolutionary Risk:** ZionSiphon represents a modular, "transitional" class of malware. It demonstrates that domain-aware cyber-physical tooling is becoming more accessible, potentially lowering the barrier for less sophisticated actors to experiment with OT-oriented attacks.
  
  ### **Technical Details**
  * **Architecture:** A PE32 Mono/.NET executable that operates entirely at the Windows host layer.
  * **Persistence:** Uses the `HKCU\Software\Microsoft\Windows\CurrentVersion\Run` registry key with the value `SYSTEMHEALTHCHECK` to point to a copy of itself disguised as `%LOCALAPPDATA%\svchost.exe`.
  * **Sabotage Logic:** Contains embedded parameters for manipulating industrial processes (e.g., `Chlorine_Dose=10`, `RO_Pressure=80`). It references industrial protocols (Modbus, DNP3, S7comm) but lacks actual implementation code to interact with PLCs or engineering toolchains.
  * **Execution Gating:** Uses geofencing (Israeli IP ranges) and environment validation. The critical XOR bug in this validation logic renders the malware dormant.
  * **Communication:** No active command-and-control (C2) or beaconing behavior was observed; it appears to be a pre-scripted, autonomous payload.
  
  ### **What Defenders Should Know**
  * **Detection:** ZionSiphon is detected by standard security tools as a generic .NET trojan or loader. Defenders should focus on the host-level behaviors (registry persistence, PowerShell execution, and file masquerading) rather than waiting for ICS-specific alerts.
  * **Indicators of Compromise (IoCs):**
  * **Primary Sample:** `07c3bbe60d47240df7152f72beb98ea373d9600946860bad12f7bc617a5d6f5f` (SHA256).
  * **Persistence:** Look for the `SYSTEMHEALTHCHECK` registry key.
  * **Artifacts:** Monitor for the creation of `target_verify.log` and `delete.bat` in `%TEMP%` directories.
  * **Proactive Defense:** Because the malware relies on masquerading as legitimate software updates, organizations should enforce strict application whitelisting and verify the digital signatures of all "security patches" or maintenance utilities before execution.
  * **Context:** Treat this as a "directional indicator." Even if this specific sample is broken, the modular architecture suggests that future variants may be more reliable and dangerous.
• North Korean-Linked Threat Actor Targets Developers with New npm Infostealer RAT - OX Security 🔍 Show Kagi Synopsis
  This precis summarizes the findings from the OX Security report regarding a North Korean-linked supply chain attack targeting the npm ecosystem.
  
  ### **What Happened**
  OX Security discovered a malicious npm package, `terminal-logger-utils`, which functions as a multi-purpose threat containing keylogger, infostealer, and Remote Access Trojan (RAT) capabilities 【1】. The malware is distributed through three dependent packages—`pretty-logger-utils`, `ts-logger-pack`, and `pinno-loggers`—which trigger the malicious payload upon installation 【1】.
  
  ### **Who Is Affected**
  The campaign targets developers and organizations utilizing the npm ecosystem. The threat actor behind the upload, identified as `jpeek895`, has been previously linked to North Korean (DPRK) cyber campaigns, specifically noted for similar malicious npm activity 【1】.
  
  ### **Security Implications**
  The malware is designed for high-impact data theft and long-term persistence. By compromising developer environments, the attackers gain access to sensitive credentials and infrastructure configurations, potentially leading to lateral movement within corporate networks or the theft of digital assets 【1】.
  
  ### **Technical Details**
  * **Execution:** The malware utilizes an npm `postinstall` hook to execute an obfuscated dropper (`utils.cjs`), which subsequently downloads a second-stage binary—a bundled Node executable containing embedded malicious JavaScript 【1】.
  * **Persistence:** On Windows, it installs itself in `%LOCALAPPDATA%\MicrosoftSystem64` and maintains persistence through hidden VBS launchers, scheduled tasks, and registry keys 【1】.
  * **Capabilities:** It functions as a cross-platform Node.js implant, providing the attacker with full machine control via WebSocket 【1】.
  * **Data Exfiltration:** The malware targets high-value data, including Telegram sessions, SSH keys, crypto wallets, cloud configurations (AWS, GCP, Azure), environment variables, and clipboard data, exfiltrating this information via HTTP and Hugging Face datasets 【1】.
  
  ### **What Defenders Should Know**
  Defenders are advised to take the following immediate actions to mitigate the threat:
  * **Remediation:** Remove the identified malicious packages and the associated malware from any infected machines 【1】.
  * **Network Monitoring:** Inspect network traffic for requests directed toward the identified Indicators of Compromise (IoCs) 【1】.
  * **Credential Hygiene:** Perform immediate key rotation for any credentials (SSH keys, cloud API keys, etc.) that may have been exposed on infected machines and ensure multi-factor authentication (2FA) is strictly enforced 【1】.
• Coruna Respawned: Compromised art-template npm Package Leads to iOS Browser Exploit Kit - Socket 🔍 Show Kagi Synopsis
  The compromise of the `art-template` npm package represents a sophisticated supply chain attack that weaponized a widely used library to deliver the Coruna exploit kit. Below is a detailed precis of the incident.
  
  ### Incident Overview
  The `art-template` npm package was compromised after an attacker gained control of the repository under the pretense of maintenance. The attacker subsequently published versions `4.13.5` and `4.13.6`, which contained a malicious script loader designed to facilitate a watering-hole attack. This loader silently injects an exploit framework into the browsers of users visiting applications that bundle the compromised versions.
  
  ### Affected Parties
  The attack is highly targeted, focusing exclusively on **Safari on iOS versions 11.0 through 17.2**. The exploit framework explicitly filters out other browsers (Chrome, Firefox, Edge), Android devices, and iOS versions 17.3 and later, with a primary focus on users running iOS 16.6–17.2.
  
  ### Security Implications
  This supply chain attack allows for arbitrary JavaScript execution within the context of the host page. Potential consequences include:
  * **Data Theft:** Access to cookies, `localStorage`, and sensitive form data.
  * **Payload Staging:** The framework acts as a "qualification harness," verifying that the victim is using a genuine, unpatched iOS device before delivering more severe malicious payloads.
  * **Sophisticated Evasion:** The use of advanced anti-bot and anti-headless fingerprinting ensures the exploit remains hidden from security researchers and automated scanners.
  
  ### Technical Details
  The malicious payload is characterized by its high level of technical complexity:
  * **Obfuscation:** The implant utilizes three layers of obfuscation, including UTF-16 integer packing, `eval` chains, and per-string XOR encoding.
  * **Fingerprinting:** It performs five distinct anti-bot probes, checking for `navigator.webdriver`, WebRTC/WebGL API presence, MathML rendering, and storage API behavior.
  * **Architecture Discrimination:** It uses WebAssembly to probe CPU architecture and verify JIT compiler output, confirming the device is running on real hardware.
  * **C2 Communication:** The framework beacons the victim's public IP and device version to `l1ewsu3yjkqeroy[.]xyz` every 10 seconds.
  * **Attribution:** The framework shares significant technical overlap with the Coruna exploit kit, including identical XOR patterns and targeting logic, suggesting a connection to the threat actor **UNC6691**.
  
  ### Recommendations for Defenders
  * **Network Blocking:** Block traffic to the domains `l1ewsu3yjkqeroy[.]xyz` and `cfww[.]shop`.
  * **Monitoring:**
  * Monitor for the campaign tracking code `CHMK6IG08F42496C22` in POST request bodies.
  * Look for the path prefix `cecd08aa6ff548c2` in proxy logs.
  * Flag sequences where a client fetches from `ipv4.icanhazip.com` followed within 2 seconds by a POST request to an unrecognized API endpoint.
  * **Mitigation:** For organizations with significant iOS usage, restrict Safari from loading third-party scripts on unmanaged domains and ensure Safe Browsing is strictly enforced.
• Windows BitLocker Security Feature Bypass Vulnerability - Microsoft 🔍 Show Kagi Synopsis
  This precis outlines the details regarding CVE-2026-45585, a vulnerability affecting the Windows Recovery Environment (WinRE).
  
  ### What Happened
  CVE-2026-45585 is a security feature bypass vulnerability involving the Windows Recovery Environment. The issue stems from the presence of `autofstx.exe` within the `BootExecute` registry value in WinRE. Because `BootExecute` programs execute very early during the boot process—including within the recovery mode environment—this configuration allows the executable to run in a high-privilege context, which can be leveraged to bypass BitLocker security protections 【1】.
  
  ### Who Is Affected
  Systems utilizing Windows Recovery Environment (WinRE) that contain the `autofstx.exe` entry in their `BootExecute` registry value are affected.
  
  ### Security Implications
  The primary security implication is a bypass of BitLocker. By allowing `autofstx.exe` to run during the early boot phase in a high-privilege environment, an attacker could potentially circumvent the security controls provided by BitLocker 【1】.
  
  ### Technical Details
  The vulnerability is mitigated by removing the `autofstx.exe` entry from the `BootExecute` registry value within the offline WinRE SYSTEM registry hive. Modifying the WinRE image necessitates a re-sealing of the BitLocker measurement chain to maintain system integrity 【1】.
  
  ### What Defenders Should Know
  Defenders should utilize the provided PowerShell script to remediate this vulnerability. The mitigation process involves the following technical steps:
  
  1. **Verification:** Ensure the script is run with administrator privileges and verify that WinRE is currently enabled.
  2. **Image Modification:** Mount the WinRE image using `reagentc`, load the offline SYSTEM registry hive, and remove the `autofstx.exe` entry from `BootExecute`.
  3. **Finalization:** Unload the registry hive and unmount the WinRE image with a commit.
  4. **Re-sealing:** Perform a disable/enable cycle of WinRE. This step is critical, as it is required to re-seal the BitLocker measurement chain after the WinRE image has been modified 【1】.
• CVE-2026-28910: Breaking macOS App Sandbox Data Containers, TCC, and Hijacking Apps Using Archive Utility - Talal Haj Bakry and Tommy Mysk 🔍 Show Kagi Synopsis
  This precis summarizes the findings regarding **CVE-2026-28910**, a security vulnerability in macOS discovered by Talal Haj Bakry and Tommy Mysk.
  
  ### What Happened
  Researchers discovered that until macOS 26.4, the system's default **Archive Utility** possessed nearly unrestricted filesystem access. By exploiting this, combined with a specific "drag-and-drop" behavior in the macOS sandbox, an attacker could bypass critical security protections to access private data or hijack installed applications without requiring elevated privileges or `sudo` access 【1】.
  
  ### Who Is Affected
  Users running versions of macOS prior to **26.4** are vulnerable. The attack is particularly effective against users who frequently install software via shell scripts or drag-and-drop methods, as the exploit masquerades as a standard installation process 【1】.
  
  ### Security Implications
  The vulnerability allows an attacker to:
  * **Access Private Data:** Gain full access to files within app data containers (e.g., Safari, iMessage, Signal, WhatsApp) and iCloud Group Containers without triggering permission prompts 【1】.
  * **Bypass TCC:** Access files protected by Transparency, Consent, and Control (TCC), such as those in `~/Desktop` or `~/Documents`, even if the user has explicitly denied access 【1】.
  * **Hijack Applications:** Replace executables within application bundles to impersonate trusted software, including background agents 【1】.
  
  ### Technical Details
  * **The Sandbox Loophole:** macOS grants an application permanent, unrestricted access to any file or folder dropped onto it. For non-sandboxed apps like Terminal, this is enforced by applying a `com.apple.macl` extended attribute to the file, which is protected by System Integrity Protection (SIP) and cannot be easily revoked 【1】.
  * **`au-cp` (Golden Copy):** The researchers created a sequence of commands that manipulates Archive Utility’s preferences to copy files out of protected containers into an attacker-controlled directory 【1】.
  * **`pb2au` Proof-of-Concept:** The attack uses social engineering to trick users into running a shell script and performing a drag-and-drop action. The drag-and-drop action is disguised using symbolic links and aliases to grant the attacker's process access to the Archive Utility configuration file 【1】.
  
  ### What Defenders Should Know
  * **Remediation:** macOS 26.4 introduced mitigations that restrict Archive Utility's access to protected areas when invoked by other applications 【1】.
  * **Terminal Warnings:** macOS 26.4 also added a warning when pasting commands into Terminal. However, this warning is heuristic-based and may not appear for regular Terminal users or developers, meaning it should not be relied upon as a complete defense 【1】.
  * **Best Practices:** Users should remain cautious when running shell scripts from the internet, even if they do not require `sudo`, and be wary of drag-and-drop installation instructions that seem unusual or unnecessary 【1】.
• Google API keys keep working after you delete them long enough to be exploited - Aikido 🔍 Show Kagi Synopsis
  The article from Aikido Security reveals a critical discrepancy between the expected behavior of Google Cloud Platform (GCP) API key deletion and its actual implementation. Below is a detailed precis of the findings.
  
  ### What Happened
  Researchers discovered that when a user deletes a Google API key, the action is not instantaneous, despite the Google Cloud Console explicitly stating, "Once deleted, it can no longer be used to make API requests" 【1】. Testing revealed that deleted keys remain functional for a significant "revocation window," with the longest observed duration reaching nearly 23 minutes 【1】.
  
  ### Who Is Affected
  This issue affects all users of Google Cloud Platform who rely on API keys for authentication. Because these keys can grant access to a wide range of services—including sensitive tools like Gemini, BigQuery, and Maps—any organization using GCP is potentially exposed if a key is compromised 【1】.
  
  ### Security Implications
  The primary security risk is that an attacker in possession of a leaked key retains unauthorized access to the victim's data and enabled APIs for up to 23 minutes after the victim has attempted to revoke access 【1】. Because the user is given no way to verify if the key has truly stopped working or to accelerate the revocation process, they may falsely believe the threat has been neutralized while the attacker continues to operate 【1】.
  
  ### Technical Details
  * **Propagation Delay:** The delay is caused by the "eventually consistent" nature of Google's global infrastructure. Revocation commands do not propagate to all servers simultaneously; while some servers may reject the key within seconds, others continue to accept it for the duration of the propagation window 【1】.
  * **Logging Obfuscation:** Incident response is further complicated by how Google logs requests from deleted keys. These requests are bundled into a generic `apikey:UNKNOWN` category 【1】. This makes it nearly impossible for security teams to distinguish between malicious activity using a specific leaked key and legitimate traffic from other services, hindering effective forensic analysis 【1】.
  
  ### What Defenders Should Know
  * **Assume a 30-Minute Window:** Security teams should treat the deletion of a Google API key as a 30-minute operation rather than an instant one 【1】.
  * **Plan Incident Response Accordingly:** When responding to a credential leak, assume the attacker has a 30-minute buffer to continue using the key after the deletion command is issued 【1】.
  * **Monitor for Residual Activity:** During this 30-minute window, defenders should remain vigilant and monitor API usage logs for any suspicious activity, keeping in mind that logs may be obscured by the `apikey:UNKNOWN` classification 【1】.
• A Deep Dive into Codex Windows Sandbox - Jonathan Johnson 🔍 Show Kagi Synopsis
  This precis summarizes the security analysis of the "Codex" Windows sandbox implementation as detailed by Jonny Johnson.
  
  ### What Happened
  OpenAI implemented a multi-layered Windows sandbox for its Codex application to balance usability with security. Rather than relying on a single Windows capability, the design integrates several native Windows security features to isolate execution environments. The analysis focuses on the "elevated" version of this sandbox, which utilizes dedicated local users and granular access controls to manage command execution.
  
  ### Who Is Affected
  Users of the Codex application on Windows are affected by this implementation. Specifically, the security posture of the host machine is impacted by the sandbox's configuration, and the persistence of sandbox artifacts after uninstallation poses a potential risk to users who believe the application has been fully removed.
  
  ### Security Implications
  * **Incomplete Uninstallation:** A significant finding is that uninstalling Codex does not fully clean up sandbox artifacts (e.g., local users, groups, firewall/WFP rules, and filesystem ACLs). This can leave the system in a state where the Codex CLI remains executable, potentially allowing an attacker to leverage it without the intended sandbox protections.
  * **Lack of Auditing:** The sandbox lacks robust, built-in logging. The existing `sandbox.log` is minimal, unreliable, and does not provide sufficient visibility into sandbox actions. Furthermore, there is no native Event Tracing for Windows (ETW) provider, making it difficult for security products to monitor sandbox activity.
  
  ### Technical Details
  The "elevated" sandbox model employs several layers of defense:
  * **Dedicated Users:** Two local users, `CodexSandboxOffline` and `CodexSandboxOnline`, are created and added to the `CodexSandboxUsers` group to execute tasks based on required network access.
  * **Restricted Tokens:** The sandbox uses "write" restricted tokens to harden access checks by disabling groups, removing privileges, and adding restricted SIDs.
  * **Synthetic SIDs:** These are used to force extra access-check conditions, effectively isolating different "workspaces" (folders) within the sandbox.
  * **Network Filtering:** Codex uses Windows Filtering Platform (WFP) and Windows Firewall to enforce user-scoped network controls. The `CodexSandboxOffline` user is subject to specific deny rules, ensuring it "fails closed" for network activity.
  
  ### What Defenders Should Know
  Defenders should implement monitoring to detect potential sandbox escapes or unauthorized modifications. Key areas for detection include:
  * **Process Monitoring:** Alert on `codex-command-runner-*.exe` processes or their children running outside the context of the `CodexSandboxOffline` or `CodexSandboxOnline` users.
  * **Named Pipe Monitoring:** Alert on unexpected processes accessing Codex runner named pipes (`\.\pipe\codex-runner-*`).
  * **Network Monitoring:** Alert on any network activity originating from the `CodexSandboxOffline` user.
  * **Configuration Integrity:** Monitor for unauthorized write operations to Codex configuration files (e.g., `config.toml`, `cap_sid`) and modifications to sandbox-related firewall or WFP rules by processes other than the authorized Codex setup binaries.
• veilgate: Asymmetric defense against AI red-team agents. VeilGate scores every request, diverts likely agents into a per-IP-coherent fake application, and measures the cost it imposes - C0oki3s 🔍 Show Kagi Synopsis
  VeilGate is an open-source deception proxy designed to defend web applications against automated security probing and AI-assisted scanners. Rather than relying solely on static blocklists, it shifts the defensive strategy toward increasing the operational cost for attackers by forcing them to interact with deceptive environments.
  
  ### Summary of VeilGate
  
  | Category | Details |
  | :--- | :--- |
  | **What Happened** | The release of VeilGate provides a new tool for web application defense that uses traffic scoring to categorize and respond to incoming requests. |
  | **Who is Affected** | Web applications exposed to the public internet that are frequently targeted by automated scanners, scrapers, and AI-assisted reconnaissance tools. |
  | **Security Implications** | It shifts the economics of defense by forcing attackers to waste computational resources, API tokens, and time on fake endpoints, rather than relying on fragile, easily bypassed block rules. |
  | **Technical Details** | Employs multiple detection signals (TLS/HTTP/2 fingerprints, browser headers, timing, honeypot paths, and ML scoring) to classify traffic. It operates in `observe`, `challenge` (Proof-of-Work), `tarpit` (deception), and `auto` modes. |
  | **Defender Guidance** | Requires careful tuning in `observe` mode before active enforcement. It mandates secure secret management (`VEILGATE_SECRET`) and requires that rule files be treated as version-controlled security policy. |
  
  ### Key Technical & Operational Considerations
  
  * **Traffic Handling**: VeilGate acts as a proxy that evaluates incoming traffic. Legitimate traffic is forwarded, suspicious traffic is met with browser-based Proof-of-Work (PoW) challenges, and high-confidence malicious agents are diverted into a "tarpit"—a deterministic, fake version of the application.
  * **Observability**: The system utilizes SQLite for logging and event tracking, and exposes Prometheus metrics for monitoring.
  * **Deployment & Maintenance**: It supports installation via systemd, Docker, or source builds. Configuration is handled through hot-reloadable YAML files, with rules managed via a community-driven repository (`veilgate-rules`).
  
  ### Guidance for Defenders
  * **Phased Rollout**: Defenders should deploy in `observe` mode for several days to establish a baseline and tune thresholds before enabling active `challenge` or `tarpit` enforcement.
  * **Security Hardening**: The metrics listener must never be exposed to the public internet.
  * **Secret Management**: The system enforces security by refusing to start in active modes if the default `VEILGATE_SECRET` is still in use.
  * **Policy as Code**: Rule files should be treated as critical security policy, requiring review and version control before being pushed to production environments.
• r-tec Blog | The 429 Microsoft Graph Mystery - r-tec Cyber Security 🔍 Show Kagi Synopsis
  This precis summarizes the findings from the R-TEC article regarding the `(429) Too Many Requests` error encountered when using Microsoft Graph API-based security tools.
  
  ### What Happened
  Security researchers using tools like **GraphRunner** began encountering persistent `(429) Too Many Requests` errors when interacting with the Microsoft Graph API. This throttling occurs even in isolated environments with minimal traffic, indicating that Microsoft has implemented rate limiting based on specific criteria rather than just total request volume or source IP. The author concluded that Microsoft is likely throttling the default `ClientID` ("Microsoft Office") commonly used by these tools, possibly due to the high volume of requests from penetration testers using that specific ID.
  
  ### Who Is Affected
  * **Security Professionals:** Penetration testers and red teamers relying on tools that use the default "Microsoft Office" `ClientID` for Graph API authentication.
  * **Defenders:** Security Operations Center (SOC) teams and administrators who may be monitoring for anomalous API activity.
  
  ### Technical Details
  * **The Root Cause:** The throttling is tied to the `ClientID` (AppID) used during authentication. The "Microsoft Office" `ClientID` is frequently used by offensive tools because it possesses exhaustive permissions, ensuring broad access to tenant data.
  * **The Workaround:** By switching to a different `ClientID` (e.g., "Microsoft Azure CLI" with ID `04b07795-8ddb-461a-bbee-02f9e1bf7b46`), the throttling is bypassed.
  * **Tool Modification:** Many functions in tools like GraphRunner were hardcoded to use the default `ClientID` and lacked support for custom `Device` or `Browser` parameters. The author submitted a [Pull Request](https://github.com/dafthack/GraphRunner/pull/51) to add these parameters, allowing users to specify alternative `ClientID`s and spoof User-Agents to avoid rate limiting.
  * **Resource Discovery:** The author recommends using [EntraScopes](https://entrascopes.com/) to identify alternative `ClientID`s that provide the necessary permissions for specific tasks.
  
  ### Security Implications
  * **Tool Efficacy:** Offensive security tools can be rendered ineffective by API rate limiting, which hinders vulnerability identification and post-exploitation reconnaissance.
  * **Evasion:** Attackers can easily bypass these specific rate limits by rotating `ClientID`s, meaning that relying solely on throttling as a defense mechanism is insufficient.
  
  ### What Defenders Should Know
  * **Monitoring:** While Microsoft Graph API throttling is a reality, it is not a foolproof defense against malicious activity. Defenders should monitor for unusual or high-volume API requests, even if they originate from legitimate-looking `ClientID`s.
  * **Contextual Awareness:** Be aware that attackers may use various `ClientID`s (such as those for legitimate tools like the Azure CLI) to blend in and bypass rate limits.
  * **Visibility:** Monitoring for unexpected User-Agents or unusual patterns of access to the Graph API remains a critical component of detecting unauthorized reconnaissance within a tenant.
• GhostTree: Unveiling Path Manipulation Techniques to Bypass Windows Security - Varonis 🔍 Show Kagi Synopsis
  The "GhostTree" technique is a method for creating recursive directory structures on NTFS file systems that can cause security tools and system utilities to hang, effectively hiding malicious files from detection 【1】.
  
  ### What Happened
  Researchers discovered that by using NTFS junctions to point a directory back to its own parent, an attacker can create an infinite loop of file paths 【1】. GhostTree expands on this by creating multiple child folders that all loop back to the parent, resulting in a massive, branching directory structure that can overwhelm scanning tools 【1】.
  
  ### Who Is Affected
  Any system utilizing the NTFS file system is potentially vulnerable. The technique has been confirmed to successfully evade folder scans by security products, including Windows Defender 【1】.
  
  ### Security Implications
  The primary implication is **evasion**. By placing malware in a parent directory and configuring a GhostTree structure, an attacker makes that directory effectively unscannable 【1】. Because security tools (such as EDRs) and system utilities (like the `dir` command) attempt to follow these recursive paths, they can hang or fail to complete their scan, leaving the malicious files unexamined 【1】.
  
  ### Technical Details
  * **Mechanism:** The technique uses `mklink /J` to create junctions that point back to parent directories 【1】.
  * **Path Diversity:** While a single-folder loop (GhostBranch) is limited, GhostTree uses multiple child folders (e.g., "P" and "B") to create a binary tree-like structure 【1】.
  * **Scale:** Given Windows' maximum path length limitations, this structure can generate approximately $2^{126}$ (roughly $8.5 \times 10^{37}$) distinct, valid paths, creating a search space far too large for standard recursive scanners to traverse 【1】.
  
  ### What Defenders Should Know
  * **Endpoint Limitations:** Endpoint scanning is only one layer of defense; it is susceptible to being bypassed by techniques that exploit file system logic 【1】.
  * **Detection Strategy:** Defenders should monitor file system activity at the data layer to identify anomalous behavior, such as the creation of suspicious junctions or the emergence of recursive directory structures that do not serve a legitimate operational purpose 【1】.
• Azure Tenant Enumeration is Dead - Sprocket Security 🔍 Show Kagi Synopsis
  This precis summarizes the findings from the Sprocket Security article regarding the current state of Azure/Microsoft Entra tenant enumeration.
  
  ### What Happened
  Microsoft has effectively eliminated the ability to perform unauthenticated tenant domain enumeration via a single request. Following the earlier closure of the SOAP-based Autodiscover service (which broke tools like AADInternals), Microsoft has now fully patched the Azure Access Control Service (ACS) metadata endpoint (`/metadata/json/1`). This endpoint was the last remaining unauthenticated path that allowed attackers to retrieve all domains associated with a tenant.
  
  ### Who Is Affected
  * **Security Researchers and Penetration Testers:** Those who relied on automated, unauthenticated tools to map tenant infrastructure are most impacted.
  * **Organizations:** While the "easy" discovery of full domain lists is gone, organizations remain exposed to more granular, multi-step reconnaissance techniques.
  
  ### Security Implications
  While "tenant enumeration is dead" in the sense that a single, simple request no longer yields a full list of domains, the underlying data remains accessible through alternative, albeit more complex, methods. Attackers can still reconstruct tenant information by combining multiple data points, meaning the security risk to organizations has not disappeared—it has simply become more labor-intensive for the attacker.
  
  ### Technical Details
  The article highlights that while the "silver bullet" endpoints are gone, attackers are shifting to a "waterfall" approach to gather the same intelligence:
  * **DKIM CNAME Lookups:** Querying DNS for DKIM CNAME records can reveal the `onmicrosoft.com` prefix (the tenant name). This is highly effective but depends on the organization having explicitly enabled DKIM for their custom domains.
  * **MX Brute-force:** If DKIM records are absent, attackers can brute-force potential `onmicrosoft.com` prefixes by checking for the existence of MX records. This is fast (approx. 50ms per query) and effective for guessing tenant names.
  * **Microsoft Graph API:** The `findTenantInformationByDomainName` endpoint remains a reliable source for tenant information. However, it now requires authentication with the `CrossTenantInformation.ReadBasic.All` permission.
  * **Pre-built Databases:** Tools like `azmap.dev` have adapted by scanning millions of domains to build a persistent lookup index, allowing them to map domains to tenant IDs without needing to hit live, patched endpoints for every query.
  
  ### What Defenders Should Know
  * **Reconnaissance is still possible:** Do not assume that because the primary enumeration endpoints are patched, your tenant's domain footprint is hidden.
  * **Monitor for unusual activity:** While individual DNS queries (like DKIM lookups) are hard to block, be aware that attackers are actively using these techniques to map your environment.
  * **Authentication is the new barrier:** Because the most reliable method (Graph API) now requires authentication, ensure that any service principals or applications in your environment with `CrossTenantInformation.ReadBasic.All` permissions are strictly monitored and secured.
  * **Defense-in-depth:** Since attackers can still reconstruct your tenant's domain list through a combination of DNS and API lookups, focus on securing the services associated with those domains (e.g., SharePoint, OneDrive, and M365) rather than relying on "security through obscurity" regarding your domain list.
• AI-generated reporting: Lessons learned from Cisco Talos Incident Response - Cisco 🔍 Show Kagi Synopsis
  This precis summarizes the findings from the Cisco Talos Incident Response (Talos IR) AI Tiger Team regarding the use of Large Language Models (LLMs) for generating technical incident reports.
  
  ### What Happened
  The Cisco Talos IR AI Tiger Team investigated the viability of using LLMs (such as ChatGPT, Claude, and Gemini) to draft technical incident reports from raw notes. They discovered that while LLMs can produce polished-looking text, they frequently suffer from "inconsistencies"—including significant factual inaccuracies, illogical conclusions, and erratic writing styles—that render them unreliable for professional reporting without strict controls 【1】.
  
  ### Who Is Affected
  This research primarily impacts security professionals, incident responders, and organizations attempting to leverage generative AI to streamline technical documentation and reporting processes 【1】.
  
  ### Security Implications
  The probabilistic nature of LLMs introduces several risks to the integrity of incident reporting:
  * **Reliability of Conclusions:** Models may provide conflicting recommendations (e.g., suggesting a full vs. targeted password reset) for the same scenario, complicating critical decision-making 【1】.
  * **Data Integrity:** "Context pollution" and cross-contamination can occur when models blend data from previous, unrelated tasks, potentially leaking sensitive information between reports 【1】 【1】.
  * **Accountability:** Because LLMs can hallucinate or generate irrelevant content, human authors must retain full ownership and oversight of the final output 【1】.
  
  ### Technical Details
  The team identified four core technical challenges stemming from how LLMs function:
  * **Research/Sourcing Variability:** Models pull from shifting data sources, preventing standardized, repeatable research 【1】.
  * **Output Format Fluctuation:** Token-by-token generation leads to unpredictable document structures 【1】.
  * **Context Drift:** As conversation windows reach their limit, models discard initial instructions, degrading performance 【1】.
  * **Unreliability of Automated Editing:** Using LLMs for grammar and spelling checks is currently unsuitable for production, as it yields high rates of false positives and negatives with inconsistent results across identical runs 【1】.
  
  ### What Defenders Should Know
  To mitigate these issues, the Talos IR team recommends the following prompt engineering strategies:
  * **Prompt Specialization:** Use granular, single-task instructions rather than one large, unified prompt to reduce hallucination and cross-contamination 【1】.
  * **Specified Source Constraints:** Explicitly mandate the data sources the model is allowed to use to ensure accuracy and prevent speculation 【1】.
  * **Output Format Specification:** Define rigid parameters for tone, length, and structure to maintain professional standards 【1】.
  * **Template-Guided Prompting:** Embed rigid templates into prompts to enforce structural consistency and distinguish between static and dynamic content 【1】.
  * **Operational Hygiene:** Always run each prompt in a fresh session or project to prevent data cross-contamination, and never upload sensitive data to public AI tools 【1】 【1】.
• CrabLoader: A PoC Cobalt Strike UDRL written in Rust - qmadev 🔍 Show Kagi Synopsis
  CrabLoader is an open-source, proof-of-concept project that implements a User-Defined Reflective Loader for Cobalt Strike, written entirely in Rust 【1】. It was developed as an educational exercise to explore the feasibility of creating such a tool 【1】.
  
  ### Summary of CrabLoader
  
  | Category | Details |
  | :--- | :--- |
  | **What Happened** | A developer created a basic reflective loader for Cobalt Strike using Rust and published it on GitHub 【1】. |
  | **Who is Affected** | Organizations using Cobalt Strike as part of their red teaming or security testing infrastructure, or those targeted by threat actors who might adopt this or similar open-source loaders 【1】. |
  | **Security Implications** | The loader provides a mechanism to execute Cobalt Strike beacons in memory. Its primary security feature is the avoidance of RWX (Read-Write-Execute) memory pages, which is a common technique used to evade memory-scanning detection mechanisms 【1】. |
  | **Technical Details** | The loader is written in Rust and relies on `MemoryModule` for its core loading functionality and `AceLdr` for the Cobalt Strike Aggressor script (`.cna`) component 【1】. It expects a standard MZ header to function; modifying this header (e.g., via `magic_mz_x64` in a C2 profile) will cause the loader to fail 【1】. |
  | **What Defenders Should Know** | The tool is currently basic and lacks advanced features like sleep obfuscation, though these may be added in the future 【1】. Defenders should monitor for the use of custom reflective loaders that avoid RWX memory allocations and be aware that this specific implementation relies on the presence of the MZ header 【1】. |
• Striga: Lifting x86 to LLVM IR with Python - mrexodia 🔍 Show Kagi Synopsis
  The article "Striga: Lifting x86 to LLVM IR with Python" by mrexodia introduces a new, educational-focused tool for binary analysis. Below is a detailed precis of the project.
  
  ### What Happened
  The author developed **Striga**, a Python-based lifter that translates x86_64 assembly instructions into LLVM Intermediate Representation (IR). The project was created to lower the barrier to entry for researchers who find existing lifting tools (like Remill or Dna) difficult to compile or integrate. Striga is intended for experimentation and learning rather than production use.
  
  ### Who is Affected
  This tool is primarily relevant to **security researchers, reverse engineers, and binary analysis developers**. It is specifically aimed at those interested in program analysis, deobfuscation, and devirtualization who want to leverage the LLVM ecosystem without the overhead of complex, large-scale build systems.
  
  ### Security Implications
  By lifting binary code to LLVM IR, analysts can utilize mature compiler optimization passes and analysis frameworks to perform:
  * **Advanced Deobfuscation:** Simplifying complex, obfuscated code (such as virtualization-based obfuscation) into a more readable and analyzable form.
  * **Static Analysis:** Enabling automated reasoning about binary code by translating it into a standard, well-understood IR.
  * **Devirtualization:** Assisting in the recovery of original logic from virtualized binaries.
  
  ### Technical Details
  * **Architecture:** Striga models the x86 CPU state using a `State` structure (containing registers and flags) and an opaque `memory` pointer.
  * **Lifting Strategy:** Each x86 instruction is translated into its own basic block in LLVM IR. The lifter uses a `Semantics` class to handle the translation of instruction semantics, including register/memory access and flag updates.
  * **Optimization:** By modeling registers as memory locations within the `State` struct, the lifter allows the LLVM `mem2reg` pass to convert these into Static Single Assignment (SSA) form, which enables powerful optimizations like dead store elimination.
  * **Brightening:** The project includes a "brightening" process—a technique to reshape the lifted LLVM IR back into a more human-readable, standard function format that adheres to target platform calling conventions.
  
  ### What Defenders Should Know
  * **Educational Value:** Striga is a simplified, proof-of-concept tool. It is not production-ready, lacks comprehensive testing, and only implements a limited subset of the x86 instruction set.
  * **LLVM Ecosystem:** The project highlights the utility of LLVM IR as a target for binary analysis due to its robust ecosystem of existing optimizations and analysis passes.
  * **Anti-Emulation:** The article notes that certain x86 instructions (like those affecting the AF flag) have undefined behavior in silicon, which can sometimes be exploited as an anti-emulation or anti-analysis trick. Striga handles these via custom intrinsics, allowing users to define their own handling logic.