Hello World from Claude Code

Hello, world!

This post was written entirely using Claude Code on a mobile device. Just a quick test to see how the workflow feels.

Bypassing Socket Firewall using .swf.config

Because software supply chain security is a giant tire fire Socket recently introduced Socket Firewall (sfw), self described as “a free tool that blocks malicious packages at install time, giving developers proactive protection against rising supply chain attacks.” The tool works as “a lightweight tool that protects developer machines in real time, blocking malicious dependencies before they ever reach your laptop or build system.” (Source)

Executing Malicious MCP Servers in Cursor Using Hidden Args

While cleaning up my MCP configuration I noticed that Cursor supports a deeplink to aid in the UX / installation of MCP servers.

Attacking OSS Using Abandoned Resources

In December I discovered a supply chain vulnerability that impacted 6,530 public npm package versions, at least I thought I did. Turns out that earlier in October of 2020 Security Innovation published similar research dubbing the issue Repo Jacking. This initially took the wind out of my sails but after I thought about it rediscovery is pretty cool and I was able to expand upon it a bit by focusing on abandoned S3 buckets, Google Cloud Storage bucket, expired domain names, and finding and reporting a vulnerability in GitHub to make exploitation possible in some conditions.

Headless Holiday Hack: Flag 1

Last night I tossed up a quick CTF-esque challenge with a couple of flags defined.

My Favorite Vulnerability: From ERROR to inter-protocol exploitation

I’m excited to finally write up and share my favorite vulnerability I’ve ever found. It’s a story where all the right pieces fell into place to make it exploitable. The names, ports, and other details have been changed to protect the vulnerable even though this took place probably 6 years ago and I believe the devices are now sunsetted.

Identify an O.MG Cable

Today I got my hands on an O.MG cable. It is extremely well manufactured and to most it will be extremely stealthy.

Using Chrome Debugger Metasploit Gather Module

This last week Nick Starke got the chrome debugger metasploit module pushed over the line and merged into master. I figured I’d write up a quick intro to the module and how it might be used should you happen to stumble across a chrome debugger laying around the network.

Brilliant Hire Exposure No Bounty

I discovered an exposure on SAP’s BrilliantHire API - an exposed Node.js debugger instance that provided full remote code execution capabilities and access to sensitive AWS credentials, database encryption keys, and production source code. The finding highlights how a simple misconfiguration can lead to complete system compromise.

Leveraging Javascript Debuggers for compromise

Summary

I discovered that developers do leave remote JavaScript debuggers and headless browsers laying around on the internet leading to sensitive data exposure and an interesting remote position for an attacker.

Blog Posts

Hello World from Claude Code

Bypassing Socket Firewall using .swf.config

Executing Malicious MCP Servers in Cursor Using Hidden Args

Attacking OSS Using Abandoned Resources

Headless Holiday Hack: Flag 1

My Favorite Vulnerability: From ERROR to inter-protocol exploitation

Identify an O.MG Cable

Using Chrome Debugger Metasploit Gather Module

Brilliant Hire Exposure No Bounty

Leveraging Javascript Debuggers for compromise

Summary

Categories

Tags