Risky Business #816 -- Copilot Actions for Windows is extremely dicey - Risky Business

Summary8 min read

Risky Business #816 – Copilot Actions for Windows is Extremely Dicey
Host: Patrick Gray
Date: November 26, 2025

Episode Overview

This episode explores the rapidly evolving landscape of information security, focusing particularly on the risks introduced by Microsoft's new Copilot Actions for Windows feature, large-scale supply chain attacks, escalating APT activity, regulatory changes, and shifts in how organizations are approaching security fundamentals amid advanced threats and disruptive technology like AI. Patrick Gray and Adam Boileau trade insights, debate implications, and interject their trademark wit as they parse these ongoing issues.

Key Discussion Points & Insights

1. Salesforce & Gainsight Incident – The New Normal in SaaS Breaches

[00:41-05:59]
Gainsight, an application integrated deeply with Salesforce, suffered a breach that allowed attackers access to API keys/tokens, leading to exposure of customer data.
The attack mimics past tactics, likely involving the same “lapsus, Shiny Hunters” actors.
Salesforce initially detected suspicious activity and informed Gainsight – showcasing improved detection capabilities post earlier incidents.
The breach is another example of the risks inherent in interconnected SaaS ecosystems, where one vendor’s weakness can become everyone’s breach.

“...the way this thing works is it's a cloud service, and you have to get an API key from your Salesforce instance, plug it into the cloud service, and then the cloud service interfaces with Salesforce. Which begs the question, why wasn't this IP restricted?...” — Patrick Gray [03:06]

2. Insider Threats and Detection: From CrowdStrike to Intel

[05:59-09:27]
The CrowdStrike ‘breach’ ended up being the detection and removal of a malicious insider – an ideal outcome in terms of detection and response.
Discussion about the difficulty of vetting staff in technical fields, with most organizations ultimately relying on trust plus security monitoring.
Intel case update: turns out DLP solutions did catch exfiltration attempts, boosting the reputation of controls that are often maligned.

“No organization the size of CrowdStrike is going to be able to completely exclude, you know, a malicious insider. Right? ... being able to detect them and give them the heave ho, that's a good thing. That's a win.” — Patrick Gray [07:08]

3. Geopolitics & Proximity Threats: Russia, China, and Down Under Paranoia

[09:30-14:49]
Russian security research firm Positive Technologies publishes a report on tactics of Chinese APT31—a rare example of nation-state tensions surfacing in OSINT.
The conversation then turns to an Australian Parliamentary advisory, suspecting that proximity of a Chinese delegation might increase espionage risk. This led to disabling WiFi/Bluetooth and urging use of lockdown mode—raising questions about the balance of actionable threats and scaremongering.

“Set fire to your laptop, eat your phone. The Chinese are coming.” — Patrick Gray [13:12]

“...you do start to wonder like, I wonder if there is something actionable, like is there some proximity thing? Because I mean, there have absolutely been proximity based attacks, you know...” — Adam Boileau [13:15]

4. ShallowDude/NPM Worm Redux – Supply Chain Chaos in the JavaScript Ecosystem

[16:31-19:47]
The notorious npm supply chain worm has re-emerged with improved propagation tactics—spreading via malicious packages, stealing secrets, and leveraging GitHub Actions for backdoors.
Changes underway at npm try to plug gaps, but this is considered a chronic problem due to the dynamic nature of the JavaScript ecosystem.

“...the JavaScript ecosystem just kind of lends itself to these kinds of supply chain attacks. So yeah, we're going to see more of them and like, honestly it's just, you know, it's kind of fun to talk about. I'm glad I'm not a JavaScript dev though.” — Adam Boileau [19:47]

5. Regulatory Rollback: FCC Drops Telco Security Requirements

[20:04-25:09]
The FCC reversed minimum baseline security requirements for telcos in the US—despite persistent risks and the example set by recent Chinese intrusions (e.g., “Salt Typhoon”).
While telcos face real challenges, presenters argue that lack of regulatory ‘external requirement’ ultimately impedes progress, even if regulation is never enough to stop truly advanced threats.

“...telcos don't really have that kind of cultural background of caring about security and so regulation for them maybe is more appropriate...” — Adam Boileau [24:22]

6. Copilot Actions for Windows: Security’s Next Big Headache

[31:25-36:36]
Microsoft is previewing AI-powered “Copilot Actions” in Windows, warning users that they probably shouldn’t enable it unless they fully understand the risks—which, by admission, no one really does.
Patrick and Adam agree this is the “shape of things to come”: security teams won’t be able to block productivity-driving AI, and their role will shift to “enabling it without getting digitally murdered.”
VX Underground’s X write-up points out most of the agent’s heavy lifting is server-side, further raising privacy and telemetry concerns.

“...they're shipping it and just saying, hey, this is like super experimental... unless you're like a super duper power user, like, don't turn this on. And we can't really, we don't really know what's going to happen here. So they're just hedging the absolute crap here out of this release.” — Patrick Gray [32:38]

“The idea of hooking up an LLM to be able to just like randomly do stuff with your Windows, it sounds terrifying. And you are correct in that they are just going to do it anyway.” — Adam Boileau [32:59]

7. Miscellaneous News Bites

* DDoS record in Australia ([26:46-28:12])

Microsoft successfully mitigated a massive 15.7 Tbps DDoS attack targeted at an Azure endpoint.

* Cloudflare Outages Highlight WAF Dependency ([28:14-30:51])

Discussion on how many orgs rely on Cloudflare for WAF, leading to risks during outages.

* SEC SolarWinds Suit Tossed ([25:09-26:46])

Most of the SEC’s lawsuit against SolarWinds for security disclosure misrepresentation was thrown out—not likely to shift the status quo.

* Fortinet Web Vulnerability Now Mass-Exploited ([36:36-38:34])

A previously discussed directory traversal/command injection in Fortinet appliances is now fully weaponized and widely exploited.

* Ongoing: Lapsus$-style cybercriminals up for trial in UK ([38:34-39:34])

Two young defendants plead not guilty to Transport for London attacks and failure to comply with password turnover.

* Moscow coder charged with treason—possibly just for slamming Russia's new state messenger ([39:56-41:39])

Highlights the dangers of doing “good faith” security research in Russia.

8. Industry Initiative: End the "Hacklore" Public Security Advice

[41:39-43:37]
Security pros (including Bob Lord) urge media and peers to stop parroting outdated/pointless advice like “don’t use public WiFi.”
The letter offers a more rational, modern set of recommendations for the public (patch, password managers, MFA, etc.).

“So it's nice to have something to point to and something that they can kind of go and read on your own, on their own time so that you don't have to, you know, fix their Internet whilst you're at home...” — Adam Boileau [43:16]

9. Humorous Closer: Cryptography Association’s Botched Secure Election

[44:27-45:34]
The International Association of Cryptologic Research’s secure election failed when a coordinator lost their key material, annulling the outcome—illustrating that the hardest part of crypto is always the keys.

“It's not the algorithms, it's not the, like, key exchange primitives. It's not all of those things. It's where do we put the damn key?” — Adam Boileau [45:04]

Sponsor Interview Highlights: H.D. Moore of Run Zero

[46:02-57:14]

On Network Graphs/Bloodhound Integration: Run Zero is experimenting with bringing its asset and topology data into Bloodhound’s open graph model for new visibility into attack paths and relationships.
- Example Query: “Is there any network segment that has both an iPhone and a Cisco router with default SNMP config?” – [By correlating relationships, not just attributes.]
On AI in Security: Run Zero uses AI for early vuln detection and data enrichment, and exposes an MCP server for integration into AI-driven agentic platforms.
On Product Vision: The focus is on providing truly unique primary data—not just aggregating, but discovering relationships and exposures unavailable via inference.
AI/ML Constraints: Being a self-hosted and SaaS product, Run Zero is cautious about where customer data is sent, differentiating them from others in the space who might “YOLO” sensitive data to LLM providers.

“You can't synthesize your way to the data we provide about network assets...” — H.D. Moore [54:30]

Notable Quotes & Moments

| Timestamp | Speaker | Quote/Paraphrase | |-----------|---------|------------------| | 03:06 | Patrick Gray | “Why wasn't this IP restricted to those ranges in the first place?... we need to start having these conversations...”| | 07:08 | Patrick Gray | “Detecting [an insider] and firing them seems like a win to me...” | | 13:12 | Patrick Gray | “Set fire to your laptop, eat your phone. The Chinese are coming.” | | 19:47 | Adam Boileau | “I'm glad I'm not a JavaScript dev though.” | | 24:22 | Adam Boileau | “Telcos don’t really have that kind of cultural background of caring about security and so regulation for them maybe is more appropriate...” | | 32:38 | Patrick Gray | “They're shipping it and just saying, hey, this is like super experimental...” | | 32:59 | Adam Boileau | “The idea of hooking up an LLM to be able to just like randomly do stuff with your Windows, it sounds terrifying...” | | 45:04 | Adam Boileau | “It's ... where do we put the damn key?” | | 54:30 | H.D. Moore | “You can’t synthesize your way to the data we provide about network assets...” |

Timestamps for Main Segments

00:41 — Salesforce/Gainsight supply chain incident
05:59 — CrowdStrike insider case & DLP “redemption”
09:30 — Chinese APT31 attacks; Russia’s public report
13:01 — Australian Parliament disables connectivity for Chinese delegation
16:50 — npm “worm” returns
20:04 — FCC withdraws telco security rules
25:09 — SolarWinds SEC lawsuit dismissed
26:46 — Record DDoS attack in Australia
28:14 — Cloudflare outage exposes WAF reliance
31:25 — Copilot Actions for Windows/AI security dilemmas
36:36 — Fortinet auth bypass/command execution now mass-exploited
38:34 — Young hackers up for UK trial
39:56 — Russian coder arrested for treason
41:39 — Security pros push for rational public cyber advice
44:27 — Cryptologic Research election disaster
46:02+ — Sponsor Interview: H.D. Moore (Run Zero)

Takeaways

Supply chain and SaaS interconnectivity remain a critical attack vector.
AI is already reshaping both offensive and defensive security paradigms.
Regulatory retreats are unlikely to help, yet fixing fundamentals like asset discovery, detection, and rational advice can still move the needle.
Tools may advance, but the basics—controlling credentials, vetting changes after outages, and keeping cryptographic keys safe—still trip up even the experts.

End of summary.

Loading summary

Transcript90 lines

[00:00]
A
Foreign. And welcome to Risky Business. My name's Patrick Gray. This week's show is brought to you by Run Zero, which is a fabulous tool that lets you do, I guess, inventory, asset discovery, and even vulnerability scanning. And its creator, H.D. moore, will be along in this week's sponsor interview to talk about a couple of things. They have been playing around with bloodhounds open Graph to do some cool stuff with that. And we're also going to talk to HD about what they're doing with AI which is probably more than they kind of shouting from the rooftops because I think they just don't want to be those people.
[00:41]
B
Right.
[00:42]
A
But they're doing some cool stuff there. And we'll find out about all of that after this week's news, which starts now. Adam Boylo, welcome. And the first thing we are going to talk about today is Salesforce's rough year is continuing. There has been apparently some sort of like, people are couching. This is like describing it as a supply chain attack involving an app or a platform called Gainsight, which has resulted in like Salesforce data for something like 200 organizations going walkabout. What do we know here?
[01:16]
B
So I guess to start with, Gainsight is a company that you glue into your Salesforce so that it can like, give you insights about your customers. And it's designed to, like, you use that data to task your sales team with doing things. So it has quite necessarily deep integration into Salesforce, deep integration into your data. It looks like somebody got hold of some access from Gainsight into those integrations. We're not 100% clear how that happened. Probably someone got some credentials, got some access to a system at Gainsight and then kind of pivoted onwards into their access into Salesforce customers with what's interesting here, I think also is that Salesforce appear to be the ones that initially spotted this. So they spotted some unusual interactions with their APIs using Gainsight's access and then went back to Gainsight, said, hey, you know, like, what's going on here? Which I guess on the one hand is a good news story. Right. It's just that Salesforce has kind of learned something from the mess that has been going on for them earlier in this year. I think they initially went to Gainsight with like three customer accounts that were being abused, as you said, has now expanded to significantly more. So it looks like kind of a repeat of the earlier Salesforce breach, except using Gainsight's access. It looks like it's the same people like the scattered shiny lapses hunters you know, that kind of lot. And I expect we will see the same kind of, you know, endgame play out where the companies whose data gets stolen get extorted and, you know, we'll see whether that makes them any money.
[02:54]
A
Yeah. So meanwhile, a spokesperson for the Shiny Hunters group, they have a spokesperson now. I wonder if it comes with dental benefits. They said that Gainsight was a customer of Sales Loft Drift. You know, this was the earlier one that you mentioned was a company called Sales Loft Drift. And, you know, that's how people grabbed a whole bunch of Salesforce data. You know, we don't really precisely know what the mechanics of the breach are here, but it looks like based on a couple of things that have come out, like one of them from Gainsight, it looks like probably the attackers were just able to steal a bunch of API keys or something like that, or creds. Right. Because they've got here. Gainsight can provide the IP ranges and subnets that Salesforce login events from the Gainsight connector should originate from. At this time, these details can only be shared through a support ticket, blah, blah, blah, blah, blah. But that suggests to me that the way that this thing works is it's a cloud service, and you have to get an API key from your Salesforce instance, plug it into the cloud service, and then the cloud service interfaces with Salesforce. Which begs the question, why wasn't this IP restricted to those ranges in the first place? If those logins are only supposed to come in from that range, why was there no restriction there? You know, I think we need to start having these conversations and asking these questions personally.
[04:10]
B
I mean, yeah, we did see in the earlier breaches, these crews, you know, pilfering API tokens to move laterally. So it's absolutely in their wheelhouse, you know, as a terms of a modus operandi technique they're used to using. And it makes sense that, you know, that's the kind of the avenue they went down, whether or not the earlier breaches kind of led to the Gainsight. Like, one, maybe there was some access in the Gainsight with tokens stolen that then they could steal tokens to go back into Salesforce and so on and so forth. But you're right, the, you know, kind of assembling things out of cloud components is how we build modern tooling, but it does come with a bunch of risks. And those of us that are old enough to remember when perimeters existed and networks were restricted and you had to be in a certain place and where you came from was an auth factor do rather end up feeling like surely Grandpa's controls here would have prevented this kind of abuse. That's not the world we live in anymore. Even though there is something to be said for Grandpa's IP restrictions.
[05:08]
A
Yeah, I mean it's a look, it's a funny old world, let's just say that. But you know, I think Salesforce did well to detect this. Right. Because if it is a detection based on a bunch of unusual logins from the wrong IP ranges kind of thing and like actually detecting that when you're operating at the scale that Salesforce is, is like kind of commendable. Right. And they have to get on this because they've been just dragged all year.
[05:34]
B
Yeah, yeah, exactly. Right. In the end it's their logo and name that is at the top of this story. Even if it wasn't directly their fault, like even if it was, you know, some customer application and their customers, customers, etc. Like it's still their name. And you know, I think good on them for having spotted this proactively enough to kind of get onto it early. But in the end did it make most difference? I don't know. I mean they're still there with their name, as you say, being dragged through the mud.
[05:59]
A
Yeah. So what we do know is that Google has said that something like 200 customers of this platform have had their Salesforce data walked. But we also know that the lapses, Shiny hunters or whatever you want to call them, have made some claims here that are, that are being denied. They're claiming to have breached a whole bunch of different companies. Like one of the companies that they claim to have breached was CrowdStrike. So they said that as a result of this, you know, they were able to breach CrowdStrike and whatever and they used a few screenshots to kind of make that claim claim. We've seen them. Do you know, the comm kids kind of do this before in the case of Okta where they managed to get onto some like third party service agents, desktop and get a couple of screenshots of, you know, an Okta support panel and that was all that they managed to do. And then they claimed that they'd breached Okta. But you know, in this case it looks like there was someone on the inside actually taking some of these screenshots and they have now been fired. So it was interesting seeing CrowdStrike getting dragged for this because honestly that's a good result, right? Like if you've got someone in there doing the wrong thing, detecting them and firing them seems like, seems like a win to me actually. You know, no organization the size of CrowdStrike is going to be able to completely exclude, you know, a malicious insider. Right? Like it's, it's, it's not realistic to expect to screen them out. So being able to detect them and give them the heave ho, that's a good thing. That's a win.
[07:21]
B
Yeah, yeah, yeah, absolutely, absolutely agree. I mean, hiring people is difficult. And background checking people, trying to, you know, figure out who you can trust is really, really difficult. And you know, as an organ, especially one that's hiring, you know, young technical kids, you often do just want to give them a chance. And like when we were hiring at Insomnia, you know, we are hiring, you know, by and large, punk hacker kids, right? And you have to give them a degree of trust that, hey, even if you have done some shady things in the past or you have done some things that, you know, a normal corpo background check might even pick up and flag on at the same time you're saying, hey, we're giving you an opportunity, a legit job, it's going to make, you know, more money than you were making doing dumb hack and stuff. You know, come on board, take the win, let's move on with your life. And you know, 99% of them take that and do the right thing and you know, sometimes you lose some and as you say, spotting it, reacting to it, that's the best you can do.
[08:11]
A
Well, I'm going to guess I'm going to go out on a limb here and say CrowdStrike's hiring policies are a little bit different to your hiring policies when you were running a small pen test firm in New Zealand, when you were prepared to roll the dice. Like, I mean, anyone who admits to anything dodgy, they ain't getting a job at a major EDR vendor. It's not happening.
[08:29]
B
You sometimes you'd like to give these kids a chance, you know, they're good people mostly. Mostly.
[08:34]
A
Speaking of insiders too, I want to follow something up. A couple of weeks ago, a week or two ago, we spoke about this thing that happened at intel where someone tried to sneak data out on a USB device and then that didn't work. So they spun up a NAS and were able to get the device out on the nas, you know, and I made the point at the time. Well, they still got caught, right? But we sort of used that as a way to kick the DLP companies. I've since found out it was actually the DLP companies who caught it because. Because they detected the attempted USB X filtration is suspicious and then the product just went screenshot crazy and that's how they caught the guy. So you know, Interesting.
[09:10]
B
Yeah, it's funny how these things work out and I guess. Yeah, in that case, good job, good job. DLP snapping someone, you know, mounting up their nasm, copping stuff around so catching.
[09:21]
A
Screenshots too like you know, and I'm sorry but you know we say it for attackers, we've got to say it for defenders as well. It ain't dumb if it works.
[09:27]
B
Yeah, and I guess it did that time. So yeah, good job.
[09:31]
A
Now moving on, we've actually got a write up to cover from its positive technologies. Right. The Russia based, you know, big consultancy which is, you know, very competent but does a lot of stuff for the Russian state and we're not big fans of the actions of the Russian state these days. But what's funny here is we've got a pretty detailed write up about a Chinese APT crew called you know, apt 31. This is a group that has been I think indicted in absentia by the US Department of Justice. So they're like a known APT group. They do a lot of economic espionage, intellectual property theft, that sort of thing. And yeah, you know, Russia's Russia, Russians have done a big write up on the Chinese hacking them. You know, with friends like China, who needs enemies?
[10:16]
B
Yeah, exactly. It's. I always like reading write ups like this from other countries because you do get a slightly different perspective. There's a slightly different flavor like the culture of how much you share or what you say is a little bit different than what you might get out of western firms. So they're always a fun read. This crew, the ABT31, I think it's been attributed to the Wuhan branch of the Chinese Ministry of State Security. So you know, they're pretty serious business hackers and it's just a great write up, bunch of great details. They're using kind of tradecraft that you would expect. One thing I did quite enjoy in their tradecraft is they are using the old Microsoft dev tunnels where Visual Studio came with this feature a couple years back where you could just tunnel stuff out of your network into Microsoft and then Microsoft would port forward it back to you. So you could have a Microsoft certificate, Microsoft address space listener that would terminate on a local servers on your machine and they were using that for backdoor access. So it's a great way to get around network controls. And Red Team has used It, So it's always fun to see that stuff trickling down into APT Cruise. But yeah, overall it's just a great write up and you know, it's a good reminder that there are competent people everywhere and you know, just reading the stuff that's in English, you know, sometimes you do miss out on things.
[11:31]
A
I mean I, it's, I'm so, you know, you got to make a no limits partnership crack here. You know, Russia and China have a no limits partnership. I guess that includes, you know, the limits placed on each other by their various security controls. But fun stuff. Look, staying with the Chinese as well, we had an interesting thing hit the news cycle here which was there's, there's a big wig from the Chinese Communist Party visiting Australia at the moment as part of some huge 100 strong delegation. And as part of that, I think he's meeting the Prime Minister. It's like, it's, it's a pretty big deal state visit, you know, and the Australian Parliament House like, you know, security team put out this memo not to be, you know, not to be forwarded on to anyone of course. And subsequently of course it leaked. But this memo basically said, said, hey, we've got a Chinese delegation coming through Parliament House at various points. The WI fi ain't going to work because we're, you know, we're turning it off. You should update all of your devices to lockdown mode. Turn off WI fi, turn off Bluetooth. This. I don't know how to feel about this, right, because on one level I think, do they know something here? Does China try to slip in a couple of MSS guys holding, you know, super advanced Chinese equivalents to, you know, the hack 5 hacking pineapple or you know, or is this like, you know, the juice jacking thing or don't use public WI fi advice. I sort of, I sort of can't figure it out to be honest. If, if this is based on actionable advice. What did you make of this?
[13:02]
B
I mean, my initial result was the initial feeling was kind of the same thing which is like this feels like scaremongering. Oh my God. There's, you know, there's, there's Chinamen in our midst. Quick, everybody close the curtains and you.
[13:12]
A
Know, set fire to your laptop, eat your phone. The Chinese are coming.
[13:16]
B
Exactly when, you know, when all of the laptops were made in Shenzhen to start with. But so like that was my initial feeling. But then, yeah, you do start to wonder like, I wonder if there is something actionable, like is there some proximity thing? Because I Mean, there have absolutely been proximity based attacks, you know, against these platforms. I mean, I'm always reminded of Mark Dowd's Apple Airdrop, you know, like CPO path traversal, you know, bugs. So like there are proximity bugs. It would be kind of a, you know, a bold move to do it while you're there in an official delegation.
[13:48]
A
But China is that China does bold moves, you know what I mean? So that's it. And that's why I'm conflicted about this because I'm like, oh, it's ridiculous to assume that, you know, there would be someone malicious as part of this delegation here for a friendly visit. And then you're like, oh, actually no, probably not.
[14:03]
B
I mean, you know, like on the other hand, why not? I guess for comparison, the same delegation came through New Zealand before it went through Australia and this guy's like third in charge in China. Like he's, he's head of their, like the, I guess the equivalent of the Parliament. So like not quite speaking of the house kind of higher up, but still like third in line if you know, something bad happens in China. But yeah, they came through New Zealand and I don't see, I didn't see any news articles about our parliament turning off Bluetooth. So perhaps the New Zealand stuff is just absolutely impregnable. And you know, it's the Australians being, you know, worrying about things that, you know, we've got totally sorted or, you know, maybe we didn't get the actionable advice, you know, who knows? But yeah, either way it was just, it's an interesting story and it does make you wonder, you know.
[14:49]
A
It does, yeah. So it was Zhao Liji, I think is the pronunciation there. It is the chair of the National People's Congress of China. So yeah, visiting Parliament. And look, I think one thing about this story too is I don't think the Chinese are going to appreciate these news stories very much. I mean, one of their, at one point, like Australia's relationship with China deteriorated to the point that China issued It's like 10 demands. I think it was 10. They had a demand list of things that Australia needed to do to improve relations. And one of them was to stop getting the press to be critical of China, which we had to explain to them, like that's not really how it, how it works here. But they hate stuff like this and in particular they hate anything where they're being singled out. I think Dmitri Alperovich on his Geopolitics Decanter podcast had a great interview. He was talking about the podcast was about tariffs and trade negotiations with China and at one point the Chinese were going apoplectic about some Trump introduced trade measure because they were complaining about being singled out. And as soon as they found out, no, this applies to everybody, they were like, oh cool, yeah, no problem, you know, so when they feel like they're being singled out, it's a huge problem. So I sort of feel like, you know, we've got some pretty strong comments from the opposition party here in Australia in this piece from the Guardian, and I feel like, well, if they leaked this to sort of score some points here, I don't think that was in the national interest. Is it in the public interest in terms of like, should the public know about this sort of stuff? I think absolutely. But does this undercut the country in other ways? Like, I kind of, I kind of feel like it does. So I don't know if there's going to be any sort of flow on effects from this. We'll just have to wait and see. And, you know, if anyone knows why they did that, you know, email us, let us know. Meanwhile, Shailude is back. This is the NPM worm that was like gave us the warm and fuzzies earlier this year. Someone's had a second go of it. There's apparently 500 packages affected. What does the worm actually do in this iteration, Adam?
[16:51]
B
So much the same as it did last time with some refinements. I mean, essentially it infects developers through backdoor JavaScript packages, rummaging around, steals their GitHub tokens, steals their NPM tokens, publishes updated packages that are backdoored as well. So it kind of propagates via NPM Every time a developer with publishing rights gets compromised, then it adds itself. It also uses GitHub Actions to set up a backdoor in the environment that it's running in, which I think is one of the newer features. And it steals all the secrets. It uses Truffle Hog to rummage around, steal all the creds it can find, and just like straight up publishes them in a new GitHub repo in that account. So you can rummage around on GitHub and help yourself the credentials. The backdoor component is new and that's quite fun because the GitHub action, it uses hooks on GitHub discussions so you can post a message in the discussion forum feature of a repository and it straight up takes the body of that discussion and passes it to a shell to exec on the machine that it's backdoored. So it's a great public Internet to command exec in all the places that this thing has ever run. So that's pretty, pretty fun. But yeah, it's, you know, it went a little bigger I think than the previous one. It was a bit more aggressive. GitHub is changing npm, sorry, is changing a bit about how auth for publishing packages works. So I think maybe the people who write this felt like they better, you know, if they want to do it again, they better do it now before NPM ruins their party. But yeah, it's been spreading pretty big, gotten some quite big name packages, but it's also pretty noisy. One of the things it also does is it will delete all of your files if it can't find credentials that are useful to it. So it punishes you for not having.
[18:38]
A
Your credentials, not having a. Passwords, no passwords txt rmrf.
[18:45]
B
Yeah, exactly, punishes you. So yeah, but I don't know who's behind it. Like there's a couple of bugs in it that's making it not quite as effective as it could be. And because it's so noisy, you know, it's being shut down pretty quick in terms of how it propagates. But still, like I do love a good Internet mess and it's making a mess.
[19:02]
A
Well, how is NPM going to get, you know, how are they going to get on top of this really? Like is this just going to keep happening or they are actually going to get on top of this?
[19:09]
B
So they have proposed some changes in the workflows for publishing packages to try and require live human proof of presence, automate everything quite so much, which has some downsides obviously, but clearly having worms propagate through your packages, not ideal. And just because the JavaScript ecosystem is so fluid in terms of how often it pulls upstream dependencies, like this is a thing that you do want a human in the loop somewhere. You don't want this just going full auto crazy. NPM generally.
[19:40]
A
Yeah, I remember when we spoke about this when they were first talking about those sort of controls and it's a good idea but it's only going to slow it down, I feel like.
[19:47]
B
Well, yeah, I mean the supply, like the nature of the JavaScript ecosystem just kind of lends itself to these kinds of supply chain attacks. So yeah, we're going to see more of them and like, honestly it's just, you know, it's kind of fun to talk about. I'm glad I'm not a JavaScript dev though.
[20:04]
A
Yeah, it's a good time for us it is a good time for us basically. Now this is something that has been coming for a while. We've covered it in Risky Bullet and I don't know that we've talked about it on the main show, but the FCC in the United States has eliminated these minimum security requirements for telcos that were sort of introduced I think in the wake of Salt Typhoon or they may have even predated that. But the idea was that the FCC had had sort of reinterpreted, interpreted various bits of like I think the CALEA act to say, well, you know, according to this act you need to hit this bar and make your systems this secure. Trump admins rolled it back basically. Brendan Carr, who heads the FCC is the chairman there. He voted with one of his colleagues, which is Olivia Trustee. There you go. While the Democratic commissioner Anagomez voted against this. So it looks like telcos are kind of off the hook, right? I mean the telcos had some legitimate complaints in my view, right, which is, hey, this is going to be really difficult and expensive and it's going to cost us a bunch of money, which is of course what they, what they're going to say. But you know, it's all academic now because it's done. Those requirements are not going onto the telcos. What do you make of this? Right, because is getting telcos to spend billions of dollars to try to update their core networks to a more secure state, is that what's going to win us anything here? Or you know, do we need to be thinking more about how to use over the top modern services to mitigate most of the risks from groups like Soul Typhoon?
[21:36]
B
I mean, I think having some minimum requirements for tokos I thought was a good idea. And these are pretty low bar minimum stuff like claiming this is going to require billions of dollars worth work, you know, I feel is a bit disingenuous because some of these things are like change the default passwords, right? They're not things that are surprising to anyone or are specifically, you know, are telco specific. They are things that you as a customer of a telco would kind of expect them to be already doing. And you know, in that respect I don't, I feel like letting telcos off the hook isn't a great plan as you have. Also as you say, like telcos are less important than they used to be, you know, because of over the top crypto. Because you know, we tend to use say, you know.
[22:17]
A
Hang on, hang on, let me just, let me just stop you there. I mean I, I would Rephrase that and say that telcos should be less important these days. But as we saw through the salt typhoon stuff and how much the Chinese got out of that, you know, clearly they still are very important in terms of figuring out who's talking to who and this and that. So, you know, I mean, unless you really change policy and pivot towards using apps that regard the telcos as threats, you know, just as a matter of policy, like they are a problem, right? If you are, if you're an attacker, you know, in a US telco trying to figure out who FBI agents are talking to, I mean, chances are they're using phones, they're using text messages and whatever. I guess what I'm asking is like, can we, can we reasonably expect that a minimum baseline is going to be able to stop foreign adversaries from being able to do that? And I just don't think it will. It might make it a bit harder. But I think the solution here is going to be moving towards, you know, over the top stuff and doing a lot of education both internally at places like FBI and then externally as well, which is, hey, if you want to talk to us, maybe don't text message us or maybe don't ring the number, you know, maybe you want to use a payphone or send us an email, you know what I mean? Yeah.
[23:32]
B
I mean, I think defending telcos against nation states, right, is kind of a bar that regulation is never going to meet. Right? There's if your adversary is Chinese MSS or Russian fsb, then a telco is always going to be fair game for them because they'll find a way. But that doesn't mean that we should let the telcos off the hook completely, I suppose. In this week's Between Two Nerds conversation, Gruk and Tom were kind of comparing the lack of regulation for cloud services like infrastructure providers like Amazon and so on to telcos and saying like, you know, is like, do we feel like we can trust cloud providers to do a good job of this, unlike someone like Google or someone like Amazon EC2? Like, they do do a good job. Amazon AWS, like they do a good job because it's in their DNA to have build, you know, build robust systems that are resilient against all kinds of threats, like security is super important. Telcos don't really have that kind of cultural background of caring about security and so regulation for them maybe is more appropriate and I think maybe it was. Grok made the point that if you're an engineer inside a telco, having regulatory Requirements to point out and justify why you need to be in the way, why you need to slow things down, why you need to kind of be an impediment is actually pretty useful. And having done a bunch of work in telcos, I found being able to point to external requirements was useful for justifying things. And in that respect, I feel like letting them go is a loss, you know, but on the other hand, Chinese MSC is always going to be up in your telcos. So what can you do?
[25:09]
A
What can you do? Oh, well, on to the next story. That's what you do. The remaining parts of the sec lawsuit against SolarWinds has been tossed. This was a lawsuit that the sec filed in 2023. It was an interesting one. We covered it at the time because basically one of the biggest parts of the lawsuit was, hey, you know, you've been putting all of these security statements on your website and into your SEC filings, where we've looked at your internal chats and your security people are freaking out about all of the deficiencies in your, in your security, you know, so therefore you were lying to the market. You know, bits and pieces of that have just been getting tossed over the, over the subsequent years and the last of it's gone. So I don't know whether this sends a message that people maybe need to be a little bit more careful in their statements. Like, having had a couple of years to think about it, I think even if charges were proven and there was some sort of ruling and whatever, you know, if the lawsuit succeeded, I think the end result of that is you're just going to wind up with a different type of weaselly boilerplate language going into SEC filings. Instead of like, you know, the generic stuff we got now, it'll be a slightly more hedged, generic language. And I don't know that that really changes much.
[26:20]
B
Yeah, I mean, I think in the end weasels are going to weasel. And you know, this particular lawsuit, in some respects I quite liked it because, you know, I do like seeing weasels get some comeuppance because I've been involved in many weasels over the years. But as you say, like, I don't think it was going to make much difference. Big picture. And maybe it's time we let SolarWinds go and, you know, they can continue on with their life and we can all just move on from this ugly episode and people will continue to weasel regardless.
[26:47]
A
It's time to find someone new. It's been five years, basically. Oh, now someone in Australia really annoyed some people Because a world record DDoS attack hit a single endpoint in Australia. It was a 15.72-terabit per second DDoS targeting some Azure endpoint here in Oz.
[27:12]
B
Yeah, and apparently Microsoft just kind of weathered it, which, you know, I guess good for them. Good job on the network engineering team. All the people involved in, you know, pushing that many packets. It was a, what, 3.64 billion packets a second. They said that's a lot of packets. So, like, good work. Taking looked like it came from one of these, like, you know, compromised home routers and cameras, botnets because, you know, there's people's domestic Internet is so big these days that, you know, chucking 15 terabits a second at a target is totally a thing you can do with, you know, a few,000 compromised IP cameras and routers and things. So that's kind of terrifying in a way. But, you know, I guess it's kind of amazing the Internet works, given that you can throw that many packets around and people do, and yet things basically still fine. You know, wouldn't have been that long ago that, you know, the entire place would have been on its knees at that many packets per second.
[28:05]
A
Yeah, I mean, I'm amazed, like, we have the links to this country to support that sort of thing. You know what I mean? Like, it's amazing.
[28:12]
B
It's like a good news story, doesn't it?
[28:14]
A
It does. And Krebs has got an interesting kind of think piece here. You know, there was a intermittent outage. What was that like last week? I think it was before. Yeah, it was before we recorded last week's show. We didn't cover it though, because it was just an outage, which was a cloud. Cloudflare went down for a bit and was flapping around and, you know, having. Having a hard time and some people had to spin up, you know, some sort of alternative, like hack together CDN or whatever. And some people just removed CDN protection so that they could be online. And, you know, Brian's got this here, which makes the point that, hey, Cloudflare isn't just about availability, it's also your waf. And people have been very lazy about stuff like SQL injection because they're using Cloudflare and just relying on Cloudflare to mop that stuff up when people try it. So basically the thinking is, you know, a strategy for attackers might be to just wait until Cloudflare has an outage again and, you know, monitor for DNS changes on, on targets and whatever, and then you're going to have an easy time going at them. I don't know. I mean, sure. What did you think of this?
[29:17]
B
So I felt the bit about like, the WAF being missing is a thing that ideally people shouldn't be relying on, I guess, you know, like in my professional, previous professional career, you know, we did some shootouts between various WAF products, including, like can comparing Cloudflare with various other CDNs on premise WAFS. And the thing that is worth remembering about Cloudflare is Cloudflare does an amazing job, but they also only have a couple of hundred milliseconds worth time to make a call on every request. And so you're going to get at most 80, 90 milliseconds worth of CPU time spent deciding whether a request is malicious. And any attacker that can exceed that threshold is probably just going to get let straight through. So the amount of WAF you can get from something at Cloudflare scale and the amount you're paying for that waf, you're kind of getting what you pay for. So that's one thing to remember. The thing I liked about this particular Krebs piece though, was anytime you have a big outage like this and people have to make ad hoc changes to your infrastructure to stay alive, it's really important that you've got a process afterwards to say, okay, what did we change? What ad hoc stuff got created? How did we solve those problems and did we do so in a way that maintained our security posture? Did we spin some up with personal devices? Did we use accounts that were outside of regular what shadow it got created, which will then get forgotten about and left a bit rot and then compromised three years from now or something. So that part I thought was really good. Call out the kind of like our attackers going to wait for Cloudflare to go down and then pounce like that I didn't find particularly compelling.
[30:51]
A
No. And it's funny what you say, right, because you just triggered a memory for me, which is nearly 20 years ago when I founded this podcast, one of the early sponsors was Checkpoint, but in Australia. So obviously the audience early on skewed very heavily towards Australia. And the reason Checkpoint sponsored baby Risky biz, you know, new podcast was so that they could have someone come onto the show every month or two and just beg their customers to go and find and remove allow any any firewall rules from their checkpoints because of exactly what you say, which is something breaks, they throw an allow any any into their firewall and then, okay, everything works again and they just leave it there and this was such a problem that they were literally sponsoring the podcast so that they could, they could beg their customers to like, roll them back. So, yeah, it's, it's a thing and it's still a problem. Although now it's Cloudflare and not your checkpoint firewalls. That's how, that's how it goes. Now let's have a chat about Copilot actions in Windows, where Microsoft has got some new experimental AI agent shipping with like a Windows beta that you can turn on. But what's really funny is they're shipping it and just saying, hey, this is like super experimental. And unless you're like a super duper power user, like, don't turn this on. And we can't really, we don't really know what's going to happen here. So they're just hedging the absolute crap here out of this release. And I think quite rightly, people are pointing at this. You know, people in security are pointing at this and saying, oh my God, this is going to be a problem in the future. Now, a couple of things, yeah, probably I would agree with that, that it's going to be a problem in the future, but complaining about it ain't going to help. Because I have a feeling that in three, four years from now, like, even sooner, the job of security people is going to be dealing with stuff like this. You know, companies, they want the productivity gains that come with AI, they're going to demand it. They don't care that you shouldn't mix code and data. They don't care. That's all foreign gobbledygook. Your job now as a security professional is to help organizations do this in a way that doesn't get you immediately, like, digitally murdered. Basically.
[33:00]
B
Yeah. And we're going to solve the halting problem while we're at it, because the idea of hooking up an LLM to be able to just like randomly do stuff with your Windows, it sounds terrifying. And you are correct in that they are just going to do it anyway. And I think the, like, the Microsoft caveat was only turn this on, quote, if you understand the security implications outlined, which nobody does. Nobody does, right? Nobody knows what, what's going to go on. And like, I don't know, like, it's just, it's terrifying. And at the same time, you know, as a hacker, as someone that covers security, as someone that likes breaking stuff, like, this is a. It's wonderful. We're going to be. Future hackers are just going to be like, convincing Windows to give you A shell convincing Windows to do whatever you want to do by asking nicely. No more. Do we have to think about memory corruption or security boundaries or complicated things that require semantic execution or whatever else? No, we just ask nicely now we just give a convincing. Everything becomes social engineering, which, like, what a world, man, what a world it is.
[34:11]
A
I mean, I think we're going to be able to deal with a lot of the basic stuff, right? Like, I think that's, I'm pretty bullish on our ability to deal with like very basic prompt injection and whatnot. But you're right that we can't fundamentally, from a first principle sense, solve this problem. Now look, as regular listeners would know these days, risky business, you know, and me in particular, like, we work very closely with a VC fund. You know, I work very closely with Decibel and some of its portfolio companies. And what's amazing about that is you really get a sense for the sort of technology that's being funded and where all of this is going. And I can tell you absolutely we're going to be dealing with like AI on endpoints. Like it's happening because when you see, you know, you just look through a pitch deck of what people are saying they can do with AI agents on desktops and it's amazing from a productivity perspective, it's amazing from a like organizational efficiency perspective and you get some real security gains, like just really powerful sophisticated stuff. So it's coming. Like it is absolutely coming. Should it be turned on by default in experimental mode on every Windows endpoint ever? Probably not, but I guess that's my. I've said it a bunch of times, it's happening. Meanwhile, the VX Underground folks had a bit of a poke at this beta feature in Windows and did a little write up on X, which I found quite funny actually.
[35:36]
B
Yeah. So they dug through the implementation of this thing and interestingly enough, it's actually not so much client side. There is actually a lot of heavy lift talking back to Microsoft servers. They make the good point that if you want to turn this off, you can just like remove the DNS entry or make a fake DNS entry in your HOSTS file for the particular endpoint it uses, often in Azure. But yeah, the idea that your local machine is doing all of this AI stuff and, and then plumbing it off to Microsoft and that somewhere in Microsoft there was like a real time, you know, potentially a real time feed of like, you know, every at, you know, once this thing is deployed at scale, like every Windows user on the planet, everything that they're doing that, they're interacting with the AI, going through, you know, some endpoint of Microsoft which like, man, there must be some ways to monetize that, but also how much is that going to cost them? Jesus. So yeah, let's, you know, when you pull apart these things, it does start to look, you know, a little bit, you know, equal parts Panopticon terrifying. And also you can see why Nvidia stock price is so high.
[36:37]
A
Yeah, I mean, I think with a lot of this for the, you know, the bull case, I guess, is that they start shipping a bunch of these features, they become really useful. And then when the companies eventually turn around and say that'll be 50 bucks a month per seat, you can't imagine not paying. Right. So we're a little ways away from figuring out what, whether that's actually what's going to happen. But let's see now, from talking about the problems of tomorrow to talking about the problems of 20 years ago that are still problems today. Adam, we actually spoke about that 40 web. What was it like? Was it like a dot, dot slash like, you know, bad URL command execution bug? We spoke about that last week. Of course it is now being exploited in the wild and I believe there's a metasploit module for it now, so hooray, you too, dear listener can just go out and exploit this one easily.
[37:26]
B
Yes. Yeah, this one was being, is definitely being attacked in the wild. It's on the sisakev list we hadn't seen. So it was actually a two part bug. There was a path traversal that led to auth bypass or let you kind of create accounts auth bypass. And then there was a second one that you could do arbitrary command execution as root on the underlying device. And those two have been chained together. Last week we hadn't seen a POC for the second half of that. Now both of these have been checked into a metasploit module. And the funny thing is in the sort of irony sense, the command injection part of it is you inject into the file name of a SAML user. So you log into the like the command line interface of your fortinet and you set up a user to auth via saml and then the file name gets processed by some kind of underlying command line. You can shell metacharacter inject into that. And it's just kind of, you know, it's funny that it's in setting up federated authentication you get codexec as root. So like it's yesterday's you know grandpa's bug but with today's, you know, federated authentication technology. So buy our powers combined. Good job. Yes, Fortinet.
[38:34]
A
Now, meanwhile, two suspected scattered SPIDER kids have pleaded not guilty over the Transport for London cyber attack. This is a piece here from Alexander Martin talking about that one we'd already reported, I think on the arrests of these two guys, Talia Joubert and Owen Flowers, aged 19 and 18 respectively. And yeah, they've thrown in the not guilty pleas and you read this story and you think one of the things like they pleaded not guilty to is like failing to hand over their passwords to or passphrases to various encrypted devices. And you think that seems an odd thing to plead not guilty to because you would think that that would be a fairly straightforward charge. I think your note in our weekly planning document on this story was, well, yeah, good luck with that guys. I think by the time it gets to this point and you've had like, you know, National Crime Agency task forces and stuff all over you, they've got all of your, you know, your data on drives and whatever, I don't know, I don't think it's going to go their way but of course I'm not super familiar with the case but the vibes here don't feel good for them.
[39:34]
B
The vibes really don't feel good. And although they were behind the transport for, allegedly behind the Transport for London thing, you know, any sentencing or any kind of trial process and sentencing assuming they found guilty is absolutely also going to be thinking about like, look at the mess. Jaguar Land Rover, you know, like, it's just this is a big thing in Britain and I. Yeah, those kids not going to go well.
[39:56]
A
No, it's not. Speaking of someone else who's up on charges, another one from the record, Dorina Antonioka over over there has a report about this 21 year old guy who's been arrested in Moscow on treason charges. And some people in the Russian media are saying this is because he was smack talking that messenger app Max, which is like I guess Russia's answer to WeChat, you know, so they're trying to corral everyone onto a surveillance friendly, state controlled app. And he's like, yeah, this is a piece of crap and there's all these bugs in it and blah, blah, blah, blah, blah. So it seems like he didn't mind sort of poking, you know, the Russian establishment in the eye and that's, that's possibly what's gone wrong with him. But of course this is the issue with Russia, we don't know. I mean maybe he was doing something treasonous. You would never know. It's all going to go into a closed court and God knows what's going to happen to him.
[40:47]
B
Yeah, yeah, I mean he, at the very least he called Max quote a disgusting product unquote on his telegram. So that's, you know, not going to make you friends in Russia. But yeah, as to what's going to happen to him, I mean he may end up in the, you know, like severe penal colony alongside the group IB guy or he may end up working for the Russian establishment in the cyber world or he might just send to the front. You just don't know in Russia what's going to happen. And the lack of kind of transparency and maybe if you speak Russian there is more transparency to be found there. Obviously we see these things through Google Translate, etc. But yeah, who knows what's going to happen to the guy. But it doesn't feel like a good time to be someone doing maybe even good faith security research in Russia, you know?
[41:30]
A
No, unless you are working for one of the companies that the state smiles on. Like positive, right? Like if you're working there, you should be okay. But yeah, crazy stuff.
[41:39]
B
Just don't say mean things about Max.
[41:41]
A
No, that's right. Don't say mean things about the Russian state generally. You know, Max, the military, Vladimir Putin, you know what I mean? You just got to know what, what you can say and what you can not say. We got something I just wanted to mention this week. You found this one. This is a piece from Tim Starks over at cyberscoop. A bunch of cybersecurity professionals have gotten together and signed a letter asking everyone to end so called hack law. Right L O R E. So this is the idea that we keep putting out this advice. Well, not we, we, but you know, the cybersecurity advice du jour is still like don't use public wi fi and juice jacking is a big threat and whatever. So they've got together and signed a letter saying please God, let's stop this. And also put out a list of recommended advice which is actually sensible, which is stuff like, you know, you should patch your stuff and use a password manager and multi factor authentication. So I think this is a really good idea. A whole bunch of sort of senior cybersecurity executives have signed on to this. Bob Lord has something to do with this as well. And you know, it just seems like a, just seems like a great idea and it's A very handy resource that you can actually point people towards because, you know, you're like me, I imagine, in that people frequently ask you, like, what can I do to be more secure? And, you know, this is just something you can point those. Those people towards. And I hope. I hope they keep building this out.
[42:59]
B
Yeah. And I think this is a great project. And, you know, I thought I wanted to put it in the run sheet this week because, you know, so many people, so many listeners are, you know, going home for, you know, Thanksgiving in the US or, you know, festive season coming up. You know, you're going to be giving family IT advice and having something to point people to when they're like, you know, should I get a VPN? NordVPN sounds really good on YouTube. You know, you can point to something that says, actually, you know, VPN doesn't do anything for you. Just use a password manager, just change. You know, use multi factor. You know, that would be a good start. So it's nice to have something to point to and something that they can kind of go and read on your own, on their own time so that you don't have to, you know, fix their Internet whilst you're at home, you know, trying to eat Thanksgiving turkey or whatever.
[43:38]
A
Yeah, it's funny, man. Like, I hate listening to a podcast where the podcast is good and the host is saying smart things and it's really cool. And then the next thing, they're reading an advert for NordVPN. You know, just kill me. It's so bad. Like, I never wanted to do that. Like, people are like, oh, why is your sponsorship model the way it is? Like, why do you think? It's like, we do not want to do that. We're never going to do that. Never. And, okay, so we got our. We got our comedy story for the end of the show. This is. This is. This had me dying. Dying. The International association of Cryptologic Research. Adam ran a very cryptographically secure, like, election for some position within the organization. They had to abandon the election because. Drumroll, please.
[44:28]
B
One of the people involved in this process lost their key material. So they were supposed to have three people with a third of the key material each, and then by their powers combined, they could get the results back in a crypto, cryptographically good way. And, yes, one of the three lost his keymat. And so they've had to annul the whole thing and they're going to have to rerun all another election, which, I mean, it's a beautiful thing. It's a. It's a thing of joy to see that, you know, everybody struggles with, you know, the real hard part of crypto, which is not the algorithms, it's not the, like, key exchange primitives. It's not all of those things. It's where do we put the damn key?
[45:05]
A
Where's my yubikey? I thought I left it over here. I thought it was in this drawer. It's basically that, but this is the International association of Cryptologic Research. It's just so good. And the person who lost their key mat has actually resigned their position, which I think is really funny. It's like you get drummed out of those circles for, for losing your key.
[45:21]
C
Right?
[45:21]
B
Yeah, it's. The guy actually was. His name's Michael Young. He actually have a book by him on my shelf, you know, does amazing research on early crypto virology and stuff. So, like he's, you know, he's a legit guy. But it can happen to anyone, right?
[45:35]
A
Dog.
[45:35]
B
Dog eats your Yubikey. What are you going to do? Do you know?
[45:38]
A
Yeah, yeah, exactly. Well, mate, that is actually it for the week's news. Big thanks for that. It's great to chat to you as always. We'll do it all again next week.
[45:46]
B
Yeah, certainly. Well, Pat, I'll see you then.
[45:54]
A
That was Adam Boylow there with the check of the week security news. Big thanks to him for that. It is time for this week's sponsor interview now with industry legend H.D.
[46:03]
B
Moore.
[46:03]
A
He of course created Metasploit a million years ago, but these days he runs Run Zero. And Run Zero is a, I guess, asset discovery platform, which can also measure, like, risk exposures as well. Right. So you can point it at your organization and you can know, hey, wow, we got some really risky stuff hanging out on the perimeter here. There's a whole bunch of stuff happening internally that we didn't know about. Like, what's this network over here? It's a, it's a fantastic tool. It works both as a network scanner and as a data cruncher. You can feed it data from other tools, you can give it API access into your cloud environment. It's extremely, extremely cool stuff. Now, one of the things HD has been playing with lately, and the team at Run Zero is something that we spoke about on the show in a sponsored segment with Bloodhound. With Spectre Ops, who make Bloodhound, they introduced the ability to take their attack path mapping technology and they've made it more open so you can start creating your own extensions, I guess. To Bloodhound. So it's not just looking at like Windows credentials and things like that and finding attack paths through Active directory. So, yeah, HD joined me to talk about, like, what they were doing, what they've been doing with Bloodhounds open graph. And I also quizzed him on what they're doing around AI, because Run zero, being a primary source of data, is a fantastic tool to start throwing some AI at. And it makes a lot of sense for them, for example, to have a MCP server for other products and tools to use and agents to use. So, yeah, that's basically the interview with HD more that I did last week or the week before. Please enjoy.
[47:42]
C
So in Run zero we've got a graphs in the product already. We do like layer two, topology layer three, bridges, segmentation graphs, route path tracing. But we're curious what would happen if you then extended this to more than just network assets. And so the obvious choice to play with this was to go with Bloodhound and say, let's go build an open graph connector for Run zero to bring Run zero data into Bloodhound itself. And then let's try overlapping the nodes within run 0 with the nodes that are in the Bloodhound active directory and kind of figure out, can you chain things together? So the hard part of this is oftentimes when you see a graph, it's what they call an executive distraction machine. It actually doesn't do anything usable. It doesn't tell anything new. And so I was really kind of hitting my head against the wall trying to figure out what is the value of a graph when you can get the same data with just a linear query, right? What does the graph tell you that it doesn't? And so where we landed is anytime there is a relationship between two assets that define the security relationship that's really important for a graph and not something you can easily do outside of a graph itself. So when you think about from the network side, one example we came up with that I thought was really hit the nail on the head is, is there any network segment that has both an iPhone in it and a Cisco router with default SNP configuration? Like, by definition, you don't need to know which network is byd. You find them by the presence of a BYD device. And in the same segment, is there a misconfigured core infrastructure device exposed directly to it? And there you go, you've got either, you know, wireless guest segment or whatnot without having to know anything at all about which ones are wireless, how it's configured, you found like a pretty big significant configuration, flawless, just by looking for any connectivity between a BYOD device and an insecure infrastructure device.
[49:13]
A
But I mean, do you need a graph to do that sort of query? I mean, I would have thought that you could just sort of query a run zero, like inventory data set and find that anyway.
[49:22]
C
Right, sure, you could do it. So if you happen to start off with here's my wireless network, now let's go find all the insecure infrastructure, that would be great. I mean, that would get to the same answer. The question is, did you know which of your networks were guest networks to start with? So if you're going to a network with zero knowledge and the only thing you can really do to tell you what's what is to look at the relationship between two nodes. That's one way to get there. And that's where I really found it to be useful. It's like, did I find any segment of my network that has an as 400 and also has a Windows XP machine? Do I have any network that has, you know, a HMI but also has a consumer device in the same segment, like an IP camera for high K vision or whatnot? So it's those type of relationships that I think that are really interesting that you can do with the graph that are really difficult to do outside of it.
[50:01]
A
How fancy did you go with it? Right, because these seem like fairly basic use cases. Did you go through the whole step through, step through, step through, aha, attack path kind of thing with Open Graph?
[50:12]
C
Yeah, we took a different approach of like we open source everything. So all the code that effectively you take an export from run zero, whether it's the free version or paid or whatnot, and then you run this go code on it, it produces a Open Graph file which is nodes and edges and all the information linking together, you import that into Bloodhound, either the free version or your paid enterprise version and then you can do your cipher queries to show how it all chains together. So I look at this as a way to prototype stuff that we want to build and run 0 natively. Let's go play with it within Bloodhound first and then take the parts back that make the most sense into the product. Just like Bloodhound Inspect Drops is doing the same thing with Open Graph and their enterprise product. So it's kind of a neat kind of community prototype land opengraph. And all you really have to do is put together nodes and edges and lay them out a certain way and then be able to Create a query to check the relationships. Something similar that we do within REN0 today is we look for every TLS fingerprint behind the firewall and then we look at the whole Internet and see did we see the same fingerprint someplace else. So there's no vulnerability unless you happen to have a match in both places. And so it's a similar thing with open graph like vulnerabilities only exist because of the relationship between two devices in a certain way and a certain connectivity between them. The thing that we really try to highlight in Run Zero is what do you not find through other visibility, other tools like what are the things that we can identify about network segmentation, multi home connectivity, inter asset, inter credential relationships that you're not going to see someplace else. We felt like playing with Bloodhound is a really great way to show that stuff off and then we'd love to go the other direction. Import Bloodhound data into Run zero. So now you're overlaying your active directory with the Run Zero stuff. Vice versa. We already import your LDAP and AD and your entra ID today. So we have some of that data today. But I think we're going to meet in the middle someplace. We feel like we'll have a great way to make Bloodhound users lives much easier and also a way to make our users lives much easier by pulling in Bloodhound data. This is just a great kind of community pool to play in the meantime.
[51:59]
A
Now look, I do actually want to talk to you about AI a little, right? Because I feel like there are certain services and products that are kind of at risk from AI more than others. I feel like yours less so actually, because an AI agent just isn't going to immediately be able to do what Run Zero does. I can see though that that Run Zero would be a tremendously useful product for agentic platforms to use. I just wondered how you're thinking about all of that. Right? Like are you trying to set Run zero up as something that's very AI friendly? Are you trying to build like query builders for your product as well? So instead of people having to actually query it using some sort of, you know, structured query language, you could just get them to use natural language like where are you at in the whole AI thing? Because I haven't seen much from you guys at the moment and I'm guessing there's a reason.
[52:51]
C
Yeah, we're pretty quiet about it. We use a bunch of AI stuff right now to help us identify vulnerabilities before they make the News. So before you covered in, you know, risky biz news before they show up and bleep in computer, we have stuff scraping all the socials, looking at release notes, flagging stuff to us that we can help our customers get ahead of it really quickly. And that's a friend of the shows that we've been working with him and his company to do that. I don't want to name drop them here, but that's all AI based. We also use some AI stuff to help us find more references, do enrichment. And then we have an McP server in Run Zero so you can hook it up to Claude and do whatever you want to do with Run Zero, including running new scans, pulling data, cross referencing stuff all directly through your tool of choice through mcp.
[53:29]
A
What we haven't done so far, do you have some people operating AI platforms who are already using your MCP server? Because I'd imagine that would be very popular, right?
[53:38]
C
Yeah. A lot of folks will plug us into either their tienes workflow through MCP or pull us into nearly anything else. Claude for reporting. We have other folks who plug directly into Power BI and then hook that into whatever Microsoft's copilot type thing is. But there's lots of ways.
[53:51]
A
I mean it's just funny, right? Because everyone's shipping an MCP server and like run0 is the only one that I can think of where I'm like, no, it actually definitely makes sense for them to have an MCP server.
[54:00]
B
Right.
[54:00]
A
Where it's not always clear people are just shipping them anyway. But yours actually makes sense.
[54:07]
C
Yeah. We hope to not just give you data but help you take actual actions like actually do things in their product from mcp. That's the part that we've been shipping incrementally here. So we're going to build a natural language search. That's an easy thing. It's kind of been the works for a while. Where we've really been thinking more about the AI side is like we're hard to replace there because we provide data you don't get from anything else. You can't synthesize your way to the data we provide about network assets or some of the core.
[54:30]
A
You can't infer your way to the sort of information that you're capturing. That's not how it works.
[54:35]
C
Yeah. Kind of goal for Run Zero since day one is we need to be a primary source of data. We're not just going to aggregate stuff. We need to be telling you things you didn't know before. Otherwise what's the point, we don't want to sell your data back to you. So going forward with AI, we feel like there's some really cool things we can be doing. Like we already have some things that are not AI based but do very similar, like autonomous network discovery. We have automatic assets that will scrape your entire private RFC 1918 space, put it all together and show you the big fancy map. Building some more AI support around that so that it's predicting which offsets which octets to go after next. It's basically using some internal learning to figure out, you know, how can I do this thing more efficiently? And then highlight and continuously scan the things that are more at risk. That'd be a good example of that. Like, let's increase the frequency of testing for the things that are most likely to be exposed and let's hold off on things that just don't change very much over time. So that's another area we're looking at for building AI into. The challenge, of course, is we ship a self hosted product that runs at a skiff and we also ship a SaaS product that runs at Amazon and everything in between. Right. So whatever we build, it has to work just fine everywhere else. And so for the AI stuff, we need the ability for the customer to plug in their own local LLM or just turn it off entirely. And for the cloud side, we need to make sure their data never leaves that particular region, country, et cetera. So we're a little bit hamstrung in that we're not willing just to go through all of our customer data into anthropic and that kind of sets us apart from many other people in the space. Like we actually care about where your customer data goes and where it ends up. And that means we take a little bit of slower path together.
[56:02]
A
Yeah, it is, there's, there's a fair bit of YOLO out there, which I'm sure there's going to be some interesting headlines for us to cover in the news over the next few years. Because of that one thing we should just touch on before we go. Like you've done this big kind of pivot really to being a vulnerability scanning platform. Right. Like a risk exposure platform. You're currently working, you're currently doing a fair bit of work on the front end. Right. To sort of reflect that, that change. Yeah.
[56:28]
C
A while back we redid the product ux. So it was really designed to help you bring data in from as many places as you can, like your passive network discovery, active scans, your connections and it really kind of walked you through that process, gave you the dashboard, told you how all that worked. We've since then been adding a ton of features around vulnerability detection, exposure management, vulnerability inference, rapid response, risk dashboards. But none of that is like turnkey today. You have to kind of know what to do to set it up. So we're really looking at doing a refresh where as you log in, you're getting a list of like, here's my external tax service management, here's the things I want to plug into it. I want to watch that stuff, ask the customer what EDR they use, make sure that security tool is properly represented everywhere. Really kind of learn from the customer what goals they have as we do the onboarding, and then be able to show them that really quick hit list of here's what's going according to plan, here's unexpected new stuff that's come up, and here's what's falling behind.
[57:15]
A
All right, HDMore, thank you so much for joining us for a chat. It's always a lot of fun.
[57:20]
C
My pleasure. Thanks.
[57:22]
A
That was HD Moore from Run Zero there. Big thanks to him for that. And I've dropped a couple of links into this week's show, notes both into the the Bloodhound open graph stuff and what they're doing around AI so you can click through and have a bit of a read if that interests you. But that is it for this week's show. I do hope you enjoyed it. I'll be back next week with more security news and analysis, but until then I've been Patrick Gray, thanks for listing.