I *CANNOT WAIT* until we see this and other strings hit all these “Agentic SOC" environments.
-
I *CANNOT WAIT* until we see this and other strings hit all these “Agentic SOC" environments.
Likely gonna cause a whole bunch of orgs to go blind (telemetry-wise) for just enough time for attackers to do what they need to do. https://infosec.exchange/@morattisec/115929249640927958
@hrbrmstr Wouldn't it be funny if open source software repositories started to include that string in PRs, or spread throughout code comments?
I mean... I can certainly imagine that breaking quite a few systems and "agents".
No?
-
@hrbrmstr Wouldn't it be funny if open source software repositories started to include that string in PRs, or spread throughout code comments?
I mean... I can certainly imagine that breaking quite a few systems and "agents".
No?
@nopatience immediately add this header to Anubis and iocaine responses @hrbrmstr
-
@nopatience immediately add this header to Anubis and iocaine responses @hrbrmstr
Oh... how EVIL to put it as a web server header? Would they process headers as agents?
Perhaps worth testing
-
@nopatience I can neither confirm nor deny if this works but returning it in Anubis and iocaine responses is my current jam. Time to poison the source of the well. @hrbrmstr
-
@nopatience I can neither confirm nor deny if this works but returning it in Anubis and iocaine responses is my current jam. Time to poison the source of the well. @hrbrmstr
-
@nopatience @dch oh, aye. they have a system that does the fetching and then turns the content into markdown for processing. headers aren't going to get caught in the machine unless someone is asking for a header analysis.
and, they use a proxy (which claude told me about when it said it could not get to infosec.exchange via their infra) so they will likely be filtering these strings out at that central point.
thankfully that's not the only way those strings can get in tho.
-
I *CANNOT WAIT* until we see this and other strings hit all these “Agentic SOC" environments.
Likely gonna cause a whole bunch of orgs to go blind (telemetry-wise) for just enough time for attackers to do what they need to do. https://infosec.exchange/@morattisec/115929249640927958
BASE64 THESE EVERYWHERE
-
BASE64 THESE EVERYWHERE
ZOMGOSH I HOPED THIS WOULD WORK the mt agamenticus img is what i asked it to describe)
-
@nopatience @dch oh, aye. they have a system that does the fetching and then turns the content into markdown for processing. headers aren't going to get caught in the machine unless someone is asking for a header analysis.
and, they use a proxy (which claude told me about when it said it could not get to infosec.exchange via their infra) so they will likely be filtering these strings out at that central point.
thankfully that's not the only way those strings can get in tho.
@hrbrmstr AI is great at looking for patterns, anything from rot13 to base64 and variants in between will make it through a first cleaning stage @nopatience
-
@hrbrmstr thinking about popping it in my email sig
@hrbrmstr @neurovagrant linkedin
-
@hrbrmstr @neurovagrant linkedin
-
@hrbrmstr @neurovagrant we should stop screaming
-
-
@hrbrmstr @darfplatypus i dont even know what those are
-
-
-
-
