Digital Shokunin

I built crabbyproxy after spending an evening trying to get YouTube and Reddit to bypass my WireGuard VPN on macOS, and discovering that none of the standard approaches work.

The problem

WireGuard’s macOS app uses Apple’s Network Extension framework, which intercepts packets before the routing table. This means AllowedIPs exclusions generate hundreds of CIDR fragments (YouTube alone uses dozens of dynamic CDN subnets), and route add commands are simply ignored. The app also runs in Apple’s sandbox, no PostUp/PostDown scripts, no scutil --nc support, no scripting API.

I’ve been using agentic AI workflows in my security testing for a while now, and at this point I can say it’s the single biggest force multiplier I’ve encountered in offensive security. I’m not talking about asking ChatGPT to write you a Python script. I’m talking about orchestrated, multi-agent workflows with defined roles, custom skills, guardrails, and memory. Doing in a week what used to take a small team several weeks.

I spent about a year and a half doing privacy red teaming at a large tech company. I’m not going to name them but if you follow me it’s not hard to figure out. What I will say is that it fundamentally changed how I think about security testing, and I think there are lessons here that apply broadly to anyone doing offensive security work, especially as privacy regulation and user expectations continue to evolve.

Machine Learning

Everyone is into LLMs right now, ~48 billion of investment went into AI/ML in 2023 alone because of the hype surrounding ChatGPT and similar products. Even more investment going into it this year if the first quarter is any indication. AI/ML is important, even if you’re tired of the snake oil you were sold in the past on ML/AI and were tired of hearing about it before the hype cycle hit, if you’re in the security space at all, you should care because your business or customers care and they’re using it, spending large amounts of money on it and its directly touching your most valuable data (because that’s what the business is training them on). Just when I thought Nvidia stock/profits couldn’t go any higher after increased demand for GPUs because of the crypto hype cycle which was somewhat waning, the AI hype cycle hits and now Nvidia can print money as fast as they can ship silicon, with no evidence of supply meeting demand any time soon.

This post is to follow up some of the technical details for the talk I gave at the 2024 Red Team Summit. The talk itself covered the use of container registries and infiltration through CI/CD pipelines as a means of initial access and persistence. This post will cover some of the technical details and examples that I used in the talk.

The first thing to discuss is gaining initial access to a container registry. This can be done in a number of ways, but the most common is through the use of weak or leaked credentials. Once access is gained, the attacker can then upload a malicious image to the registry. This image can be used to gain access to the CI/CD pipeline and then to the production environment.

CI/CD pipelines exist in just about every company that does some kind of development. Some companies have more mature pipelines than others, but the rule still holds. Most companies with in house development have a Jenkins instance or some similar build orchestration software, code repositories, path to deployment, etc. Depending on your background you may be familiar with these environments to varying degrees. I started out doing somethin between running application servers and devops, maintaining deployment pipelines and helping developers troubleshoot issues. I even wrote my own share of code and deployed my own changes to a minor application that eventually went into production. This was done as an opportuntiy to get me more familiar with that side of things and I found the experience very valuable. Those experiences became invaluable when I went into red teaming and security research as I already had a baseline familiarity with these environments and how they worked, and more importantly, insight in how these environments could be exploited by an attacker.

Now that Microsoft is blocking macros for internet and externally sourced documents, I feel its safer to talk about some of the EDR evading Word macro techniques I have used in the past. Particularly for delivering Cobalt Strike beacons.

Cactus Torch is a great tool as a starting point. It takes some basic concepts such as a encoding the CS payload in memory, starting a process and injecting the payload into memory. Unfortunately, Cactus Torch is heavily signatured, but with a bit of modification, you can easily bypass most EDR solutions, including Windows Defender. Cactus Torch gets flagged because of a few function calls and variable names, but if you change those, you’ll find EDR no longer detects it. That’s the first step towards EDR evasion.

A while ago I earned my OSCP certification. Before that I had my GPEN and Pentest+. The Pentest+ I obtained during the beta program for the certification since the test was only $50 and I figured there was not much harm in trying. I took it practically blind (no preparation), and found out I passed in August. Shortly after I was given the opportunity to take the SpectreOps Red Team Training and after that scheduled to take OSCP training.

Back when CompTIA had a temporary beta program for the Pentest+, I took advantage of it, and the cheap cost of the test just to give it a shot. I didn’t study for it and kind of went in blind since no study materials existed and most of what was out there for it was pure speculation. It took a while to learn the results but I’m happy to report that I passed.

I’ve recently been using radare2 for a bit of reverse engineering and have used it a little bit in the past for CTF competions. (Side note: scaleway.com is a great cloud/VPS service if you need an ARM based server/machine for a something like a CTF to analyze ARM binaries and do not have a Raspberry Pi, ODroid or similar ARM based computer handy.)

I discovered Cutter recently, which has some instructions to compile it using cmake (also qmake but I had and used cmake).