mitre-attack
10 posts
A valid go.sum hash proves nothing
Argegy is not a CVE. It's a Go supply chain claim against go-ethereum - module trust, init() execution, T1195, and where telemetry goes blind.
dd writes raw sectors below the filesystem
Why the Unix dd command is a real security primitive: raw block writes below the filesystem, wiper TTPs, exfiltration, and the telemetry gap defenders miss.
htop is a reconnaissance surface
How htop and top expose Linux resource contention - OOM-killer steering, D-state telemetry gaps, niced miners, and PID exhaustion mapped to MITRE T1562 and T1499.
Locale decides the payload
The en-GB locale isn't a vulnerability - it's a selector. How attackers use Accept-Language and OS locale checks to filter delivery and gate detonation.
Typosquatted Microsoft AI packages harvest developer credentials
How attackers weaponised typosquatted Microsoft AI tooling to harvest OpenAI, HuggingFace, AWS, and Azure credentials from developer workstations.
The chatbot answered the door for attackers
Meta's Instagram chatbot abuse case is a prompt injection and confused deputy failure. Technical breakdown of the vector, telemetry gap, and residual exposure.
The WhatsApp breach was not a breach
Technical analysis of the WhatsApp dataset incident: contact discovery oracle abuse, rate-limit bypass, MITRE T1589.002, and the downstream attack surface.
Malicious VSCode extension shipped through official Marketplace
Technical analysis of a compromised VSCode extension reaching GitHub credentials: extension host privileges, MITRE ATT&CK mapping, telemetry gaps.
Your valid credentials are the breach.
Technical analysis of a coordinated GitHub Actions workflow compromise across 5,561 repositories, with detection guidance for audit log and EDR telemetry.
Vercel hands attackers your build pipeline
Technical IR playbook for a Vercel CI/CD compromise: attack chain, MITRE ATT&CK mapping, telemetry gaps, containment sequence, and residual exposure.