RC RANDOM CHAOS

mitre-attack

10 posts

A valid go.sum hash proves nothing
Article

A valid go.sum hash proves nothing

Argegy is not a CVE. It's a Go supply chain claim against go-ethereum - module trust, init() execution, T1195, and where telemetry goes blind.

dd writes raw sectors below the filesystem
Article

dd writes raw sectors below the filesystem

Why the Unix dd command is a real security primitive: raw block writes below the filesystem, wiper TTPs, exfiltration, and the telemetry gap defenders miss.

htop is a reconnaissance surface
Article

htop is a reconnaissance surface

How htop and top expose Linux resource contention - OOM-killer steering, D-state telemetry gaps, niced miners, and PID exhaustion mapped to MITRE T1562 and T1499.

Locale decides the payload
Article

Locale decides the payload

The en-GB locale isn't a vulnerability - it's a selector. How attackers use Accept-Language and OS locale checks to filter delivery and gate detonation.

Typosquatted Microsoft AI packages harvest developer credentials
Article

Typosquatted Microsoft AI packages harvest developer credentials

How attackers weaponised typosquatted Microsoft AI tooling to harvest OpenAI, HuggingFace, AWS, and Azure credentials from developer workstations.

The chatbot answered the door for attackers
Article

The chatbot answered the door for attackers

Meta's Instagram chatbot abuse case is a prompt injection and confused deputy failure. Technical breakdown of the vector, telemetry gap, and residual exposure.

The WhatsApp breach was not a breach
Article

The WhatsApp breach was not a breach

Technical analysis of the WhatsApp dataset incident: contact discovery oracle abuse, rate-limit bypass, MITRE T1589.002, and the downstream attack surface.

Malicious VSCode extension shipped through official Marketplace
Article

Malicious VSCode extension shipped through official Marketplace

Technical analysis of a compromised VSCode extension reaching GitHub credentials: extension host privileges, MITRE ATT&CK mapping, telemetry gaps.

Your valid credentials are the breach.
Article

Your valid credentials are the breach.

Technical analysis of a coordinated GitHub Actions workflow compromise across 5,561 repositories, with detection guidance for audit log and EDR telemetry.

Vercel hands attackers your build pipeline
Article

Vercel hands attackers your build pipeline

Technical IR playbook for a Vercel CI/CD compromise: attack chain, MITRE ATT&CK mapping, telemetry gaps, containment sequence, and residual exposure.