The video sharply exposes how our reliance on development tools has turned productivity into a massive supply chain vulnerability. It is a necessary reality check for any developer who still views their IDE as a safe, isolated sanctuary.
安装我们的扩展,即时搜索任意视频内容
GitHub hacked! Mythos updates and more! - come chat cybersecurity and ai!本站收录:
Let's hang and talk about this week's news in infosec. I'm collecting stories for my newsletter @ vulnu.com
Good morning. How we doing?
Well, it happened. It happened. We thought maybe I thought maybe it was a a fake out. I thought But GitHub got hacked. Um, yeah, same group that's been running around doing all the uh supply chain stuff.
Apparently, the team PCP.
Uh, but they didn't do the same supply chain stuff that they did. I thought this would have been the irony of all ironies that npm would have possibly been hacked or been used to hack GitHub which has been just like the cause of so much turmoil uh over over the past couple weeks anyway.
But no um it seems like a VS Code extension which is one of the other main priorities that I keep harping about.
Right. Right. like this is what's been going on lately. Telegraphing it from the rooftops, the thread actors, not this thread actor, I don't think had done a ton of the uh VS Code extension stuff. Um although that's maybe where they uh they got into some of the other npm packages for their worm.
But h gosh. So in this case, GitHub's own internal repos 3,800 repos for github.com uh were actually compromised and all it took was a single employee device being poisoned by a VS Code extension.
Um that's it. That's all it took. And yeah, if the the employee had VS Code, they were a developer, so they had access to GitHub and the repositories.
This is always like it's going to be so confusing to talk about because when I say like, oh, they had access to GitHub, it's like, oh, we're talking about GitHub's GitHub. So, GitHub now, right? Our current assessment is that the activity involved exfiltration of GitHub internal repos. So they're basically saying no customer private repos were involved.
Saying that this employee did not have like special access to like your private repos or anything. We moved quickly to reduce the risk. Critical secrets were rotated yesterday and overnight. Man, rip. Hug ops. Hug ops. GitHub. I've uh I've been there. I've been there. This is not going to be done. By the way, the you don't rotate all your secrets uh instantly overnight. You don't even know what secrets uh are out the door yet. They're they're going to be responding to this for a few days. We continue to analyze logs, validate secret rotation. Yeah, this is a war room. There's a war room going on um right now for sure.
Uh we don't have the information about the extension that was used. I don't think I saw some chatter in a thread intel. Let me look really quick. I'm in a few thread intel groups. And uh I think I saw some chatter about the VS Code extension, but I don't know if we know that.
Um let's see. Let me just make sure if I have any info, I'll be happy to share it with you guys. Seems like um people are thinking maybe an auto update. Oh, Tuckner said this. Maybe an auto update of a popular extension.
Interesting. Interesting.
Hold on. Hold on. Hold on. Let's see.
What does this say? We're continuing. Am I still sharing? Yeah. We're continuing to work with Microsoft and GitHub. Who's this?
NXdev Tools to investigate the impact of the malicious NXT. So, here's the extension.
Here's the extension. What's up, Muhammad? Good morning.
Um, so this might be the extension. It doesn't say this in any of the GitHub information.
Initially, Microsoft indicated to us that there were 28 installs of a malicious version of NX Console. Based on our own analytics for the compromised version, we currently believe the number of users who receive the malicious package may be significantly higher over 6,000 installs.
Oh my gosh. Okay.
Okay. Looks like this is the extension that popped GitHub.
Um, so the threat, so the hackers used the same MO as npm worm, but instead of a wormy boy, they pushed a malicious extension VS Code extension out, right?
NX console says they see evidence of 6K downloads of the malware.
Okay, look. I I even avoided a little red siren emoji.
No, no hate to prime, but I could have just tweeted that with a red siren emoji. All right, we'll keep working to determine the actual impact and exposure. I don't want to speculate beyond the facts we have right now. This is top priority right now, our team.ATA.
Okay, we're going to drop this in chat.
So, everyone has this tweet.
This seems to be the thing behind this. Are we Does this Does this article talk about that yet? No.
So, the news hasn't NX. No, the news hasn't caught on to which one it was. So, I'm glad that I saw that in my in my thread intel group.
Thank you, Tuckner, if you're listening.
Um, all right.
GitHub.
Where's Git? Is GitHub talking about this anywhere but Twitter? Let's see if GitHub has said anything else. That was 11 hours ago. No, that's their most recent update.
We'll publish a fuller report. Okay, so that's the most recent from GitHub about the about the incident.
They did say that they were investigating claims of unauthorized access because we saw this pop out first, right? So, Team PCP came out on breach forums or whatever breached. Uh, we are here today to advertise GitHub source code and internal orgs for sale.
No lowball offers will be accepted.
Everything for the main platform is here. I'm very happy to send samples.
There are around 4,000 repos. Now we know it's uh 3,800. What?
Hold on.
Thread actors are using limewire.com to distribute this stuff.
Til that Limewire is still a thing. Had no idea. Please read carefully to understand. As always, this is not a ransom. We do not care about extorting GitHub.
One buyer. We shred the data on our end.
So there, it looks like our retirement is soon. So if no buyers found, we will leak it for free. We are not interested in under $50,000.
Is that really all that GitHub source code is worth? Is $50,000?
That's pretty wild.
That's pretty wild.
Um, this isn't the first time a Trojanized VS Code extension has been spotted on the marketplace.
VS Code extensions with 9 million instales were pulled over security risks posing as legitimate dev tools. Yeah, a lot of them were in the crypto space.
I've talked about this ad nauseium on my videos. If you guys are not new here, you are not new to browser and IDE extensions having malware in them, right?
Like I think everyone knows that there could be malicious extensions out there.
I think the thing that people are needing to like internalize is that legitimate extensions that they have installed can turn malicious and do right.
The MMO here is exactly the same as all the npm extensions.
compromised GitHub account of a maintainer of one of these extensions can then cut a release and the release can in can have malware in it, right?
What up Jay? What up, Bill?
Oh my gosh. What's up, Small Biz?
Small Biz, did you write me this morning? You're sharing an episode of Small Biz Cyber Guy.
It's not DS DNS until it is.
Um, yeah.
Vote check it out. Let's pull it up.
Let's pull it up on stream for everybody in a sec. Small biz. All right. Anything else from this incident we need to learn?
Not yet. Right.
Not yet. Right.
Um I mean that's a big deal and there's going to be ripple effects from that source code going out, right?
All right, everyone. Go uh go listen to this podcast by by Small Biz in chat right now. Can I just click update? I don't have an account here. Sorry. Um small business cyber security guy. I love it. I love it. There you go. A little promo for you. Thanks for hanging out in chat. I'll give this a listen when I get a chance.
You should publish on YouTube as well.
Even if it's like audio only YouTube podcasts for sure. For sure.
Um, yeah. No, thank you for always hanging out. Um, what else?
What else do I want to talk about? Did we Um, it is on YouTube. Okay, cool, cool, cool, cool, cool.
Well, let me pull that up instead of that Pod Radar thing. I don't know what that site is. Um, what's it called? Small Biz Cyber.
Let's search it. Small Biz Cyber podcast did not come up. Did not come up. We got to work on your YouTube SEO.
What's it called?
Um, the small business cyber security guy.
Let's try that as a Yeah. Okay, there you go.
Boom.
Subscribed.
And you put your podcast out here.
updated today. Sweet. There you go.
Cool.
Good job.
More more YouTubers. More cyber YouTubers. More better.
Um, all right. I don't know what else we could talk about on this GitHub hack.
Should we try Let's try to go find this g this uh VS Code extension really quick actually.
Right.
Let's try to find this really quick.
Let's do Let's do a little bit of digging.
So, I'm not familiar with NX Console, but hey, look, they actually did the security advisory on GitHub thing. Oh my god. Did that Wait, wait, wait. We have to go check that AntV one from yesterday.
This one.
Let's see. Refresh security. Nothing.
Nothing. This is the ground zero of the npm worm yesterday and they still don't have a freaking security advisory.
How how do you like hey Ant viz you're like the heart of uh a million weekly download npm worm right now and you have nothing in your security tab on your GitHub repo.
They had something in their org read me.
Okay, they here.
NPM packages related to ANTV were compromised. All affected packages were depreciated. NPM official support was contacted to remove all compromised packages within 4 hours. The related vulnerabilities and security risks have never been fully resolved. Yeah, this is great. But this is on your org page. How about in your repos and like S2 or G2?
This is a 13,000 star repo. Should probably have something. Does it have anything in the read me here? Nothing.
Nothing.
Your build is failing. Nothing. And then security. Come on. We got to let people know what versions were compromised here. You got to you got to put it here for advisory. All right.
Anyway, kudos to NX Console for doing this, right? You go to security and quality. Guess what? compromised version even though it's not there anymore.
Whoa, this was two days ago.
So the the VS Code extension used in the GitHub hack already two days ago publicly said that they were compromised.
Wow.
Wow. That's that's huge, right?
All right. Timeline. The Microsoft Marketplace timeline is as follows.
All right. We have times, but we don't have dates.
Like how many days ago was all this right?
Indicators of compromise.
We have this version number and then these are the payloads.
This kitty cat pie. Basically anything in a kitty folder.
a Python process running cat pi.
Update the NX console to 18100 or later because 95 was compromised.
Kill any demonized cat processes. Delete the persistence artifacts listed above.
Man, these guys are good at like squirreling into your system as soon as they're as soon as they're in. Huh.
There's been a bunch of persistence [ __ ] that we've been seeing from these npm worms, too.
Targeted credentials. Oh, shocked.
Shocked at the credentials that get targeted.
Who would have freaking thought?
I'm being sarcastic. This is every single attack by this group goes after the same bits of information, right?
It's your vault, your npm, your GitHub, then all your cloud stuff and any like other secrets that they can hoover up.
One of our developers were compromised by a recent security incident which leaked their GitHub credentials.
So, this could have been this could be a ripple effect of uh of one of the npm worms, right?
Right. That's what that's telling me.
Oh, did I stop sharing?
Wow.
Wow. So, it actually looks like it could have been. So, even though it was a VS Code extension, it looks like if you go one step back, you're in uh you're potentially in uh in to the npm worm land, huh?
That's kind of wild.
That's kind of wild.
All right, what else do we want to talk about? chat, you're quiet today. It's fine. You're allowed to be quiet. But what else do we want to talk about?
Um, yellow key.
I had some yellow key info up.
H um I'm looking at this. So Microsoft cut a a CVE on that, you know. So, we got that disgruntled security researcher who's sick of uh reporting things responsibly to Microsoft and is now just like publishing things publicly. So, Yellow Key is uh is one of those. This is the Bit Locker bypass. So, it looks like the CVE actually came out. So, let's look at this really quick. So, we have a Bit Locker bypass now as of yesterday.
Um, no way. You were locked out of a laptop and you used yellow key to get back in.
That's such a good idea.
Um, we are aware of a security feature bypassing Windows publicly referred to as yellow key. The PC vulnerability has been made public violating coordinated vulnerability best practice.
Hey, you don't get to say that when the guy has just tried so bad to coordinate with you and you frustrated him so bad that uh he's gone public with everything since then.
What's up, Tanker? Which hack? The GitHub hack.
It's pretty bad. It's pretty bad.
Um we just went through it. Do you have any specific questions? we can kind of pull it back up if we need to. But um we're issuing a CVE to provide mitigation guidance that can be implemented to protect against this vulnerability until the security update is made available. So the mitigation refers to uh yeah before a patch you can mount the winre image on each device from an elevated command prompt. Run cmount mount the system registry hive of the mounted winre image modify boot execute. Oh my god, who the hell is going to do this and not just wait for a patch?
This is insane.
Um, specifically you prevent the FSTX autoreovery utility from um automatically starting when Win launches. With this change, the transactional NTFS replaying the deletes this any um no longer happens.
But wait, you clever security conscious person exclaims, "If winre partition is unencrypted, what stops an attacker from simply splatting back a vulnerable winre partition image?" You are right. You can indeed do this and you'll get a command prompt when winre is entered. However, the modification of winre will cause the trust relationship between bit locker and winre to fail. And as such, while you are at your handy command prompt, you will not get an automatically decrypted bit locker partition partition.
If this guidance is too sloppy, um, this guy's provided the script that'll do it.
Interesting, interesting, interesting.
Um, I mean, this is just a just a disaster, right? And this is why they want coordinated vulnerability disclosure because this mitigation just stinks. Um, so they don't want to have to put this out. They want to just put out a fix.
But yeah, the same researcher put out Blue Hammer, Red Sun, and Green Plasma.
Someone said they're going through the colors of the Microsoft uh window here, which blue, red, blue, red, green, yellow. They went around, so who knows what's going to be next. Um, while the exact circumstances that triggered the spree of exploit leaks are unclear, Nightmare Eclipse, that's the researchers handle, previously said that these disclosures are in protest of how Microsoft handled the disclosure process for other security flaws reported in the past.
Yeah, small business, you're not the only person to think that.
It seems a little too convenient, right?
That yellow key works as easy as it does.
You're not the only person to be like, "Is this a onpurpose back door?"
I don't know. I don't know the answer to that question.
I don't know. I don't know.
Um, all right. That's nuts.
Oh, and it's easy. Yeah, it's like too easy, right? It's too easy.
Did we talk about the SISA creds yesterday on stream already?
I made the short last night about it. I can't remember if we talked on stream about it already.
God, my blo Oh, we did. Okay. My blog, my RSS feeds are kind of sloppy right now. I feel like a lot of sponsored content came out on the news sites in the last day or so.
Uh, what is this?
What is this?
One password teams up with OpenAI to stop AI coding agents from leaking creds.
One password says AI coding agents uh should never hold persistent secrets.
Introducing a just in time credential model for codecs.
This is this might actually be really good idea.
One password partnered with OpenAI protecting enterprise creds.
How does this actually work? AI coding has become Yeah. Duh. Every action that AI coding agents take against the database API today. These credits typically live in environmental Yeah. in ENV files, scripts or hardcoded repositories where they could be. Yeah, this is like why we're dealing with a lot of the mess that we're dealing with right now.
One password introduced environments MCP server for codecs. It gives codecs access to creds directly inside coding workflows while keeping those secrets out of prompts code and model context. Credentials are issued just in time and scoped to the task.
This might actually be a really good idea because like yeah, if if you guys do a lot with cloud code and even like MCPS and stuff, you know that, right? Like you wind up giving it, it's like, oh, well, you got to set that as an environment variable. Well, what do you do? Right? You generally just like give it to uh like you give it to cloud code and you're like, yeah, stick this in an environment variable. It's I know a lot of people do that, right? So then what happens then? Claude has the secret.
You're of the opinion open anthropic and now Google are just following a script of one does something bad, the other two raise prices, then both of them do something bad. Open AI raises prices. I like this.
I like this. I think you're I think you're not too far off.
It's a cycle of getting people off one onto the other. Yeah. I mean, we are currently like the beneficiaries of the arms race going on over there, right?
They're they're certainly uh spitting the same features back and forth at each other. This might I I have to test this, but this is a good idea in theory, right? So you don't have to stick a bunch of creds in environment variables or in code or in uh even like hidden files a lot of people do. Um, so the fact that you can vault your secrets and then give just in time access, that's the part that I would want to evaluate is like how do you actually enforce?
Where are they saying this here? Credentials are issued just in time and scope to the task while keeping them outside of model's context window.
How do you enforce that?
You know what I mean? You can't just like ask the agent nicely, you know? So, like, how do you enforce that it's scoped to the task?
That's what I'd have to test. Either way, good idea that it's kept in the vault and not in a file or an environment variable.
Yeah, I mean, I like this. It's a It's a good idea.
All right, I need to grab a drink and a bite to eat because I'm feeling a little under overcaffeinated, underfed. So, I'm going to run and grab like a banana and something.
And I'm going to um leave you guys with a bit of a babysitter and my good friend Low Level and he's going to talk about the problem with AI agents.
Um and then I'll be right back in like two seconds. Okay, Ed, sorry if you're here. I'm making you watch yourself, but that's just where we're at. Uh I need to go grab something before I pass out.
nightmares. The last few weeks, my nightmares have included the following things. AI agents and postinstall scripts. Now, what I'm experiencing today in real life is some combination of the two. Update to Gemini CLI and run Gemini CLI trust model because of a 10.0 CBSS CVE in Gemini CLI. The combination of my two nightmares has manifested in real life and I'm not sure how to feel about it. Let me be very clear. I think that using AI to do PR code review is actually a very good thing. Using AI assisted tooling to look at PRs and give a summary of the change is actually a really good way to reduce the amount of debt that people have to deal with.
However, if you use those tools in a wrong way or if those tools have a vulnerability, that's where the entire castle comes crashing down. For example, big organization Red Hat, they're actively right now using a workflow that does a PR review using Gemini to review the poll request that somebody submits.
Again, a good thing, but what happens if there's a vulnerability inside of Gemini? To do a pull request in CI at the end of the day, you have to be using the Gemini CLI or the rungemini CLI workflow that already exists. The problem with these is to use them in a headless mode, to use them in a way that you can use in a CI/CD deployment, they have to run in YOLO mode. YOLO mode is literally the mode that allows you to run arbitrary commands on the system, which again is by is by design when you're doing Gemini CLI in CI/CD. It has to run this way so that the CLI can run arbitrary tooling, which is fine if you explicitly enable-OLO.
But what happens if your pull request includes a malicious Gemini settings.json? Settings.json is a very normal, very benign JSON file that configures your agent. You enter Vim mode. Maybe you want to use the GitHub theme because you hate yourself. Maybe you want to run a set of tools inside the Docker sandbox. Wow, the tools option allows you to run in a sandbox.
That's incredible. But in classic tooling fashion there is a hook and the hook comes in a variety of forms. One of them is before tool but the other is before agent which means after the user submits the prompt but before planning before any AI agent is run it will run a before agent hook. And that hook can be a command. And it could be a a command name security check that arbitrarily runs any command on the system, which again is fine if you as the author of the code are the one that's authoring the command. But here's the big issue.
When you do a pull request, guess who controls the code? You. Potentially you.
But more importantly, the hacker, right?
The evil person is in charge of the code. So what could happen here again before they fix this vulnerability is a hacker could submit a malicious pull request and then a GitHub workflow would fire and again this is literally just Red Hat. I'm using them as an example.
They didn't get hacked. I'm just showing you that workflows like this do exist.
You can submit a poll request. The poll request workflow, the Gemini PR review will run and again this is a a pull request target if they get open. So it'll run on open and then you will fire the PR poll request review using Gemini.
But the issue is up until this was >> Did you all behave with the babysitter?
Thanks, Ed, for babysitting everyone.
We scope permissions to the task is one of those things you're just allowed to say even though it's meaningless. What up, Zach? That's what like that that news felt like a press release for sure.
And I'm just like that's not in like you have to enforce that. Like you have to enforce that. All right. Sorry I left you with the babysitter. I was about to pass out. I needed calories. Um, I skipped breakfast and I was like, "What is happening? Why am I feeling like doodoo kaka?"
Zack, how you doing?
How's startup life?
Do we want to finish this video? Are you guys liking this video? Chat's quiet today.
Um, I watched a bit of it earlier, so I don't need to like watch it over because I just like played it for you guys. But this is um, all right, let's keep going.
>> Author of the code are the one that's authoring the command. But here's the big issue. When you do a pull request, guess who controls the code? You.
Potentially you, but more importantly, the hacker, right? The evil person is in charge of the code. So what could happen here again before they fix this vulnerability is a hacker could submit a malicious poll request and then a GitHub workflow would fire and again this is literally just Red Hat. I'm using them as an example. They didn't get hacked.
I'm just showing you that workflows like this do exist. You can submit a pull request. The pull request workflow, the Gemini PR review will run and again this is a a poll request target if they get open. So it'll run on open and then it will fire the PR poll request review using Gemini. But the issue is up until this was patched, you were able to run any arbitrary commands within the context of Gemini settings.json, which would run inside of the CI/CD runner as the organization. Which means that by getting arbitrary code execution inside of the CI/CD runner, you can potentially extract their tokens, their API keys, anything that was living inside of the environment that your that your payload was running in. Now, continuing on the theme of nightmares, let's talk about team PCP. If you're not aware, team PCP is the threat actor that is behind a majority.
>> Yeah, we just can't stop talking about them, right? They're like super active right now. Well, they said they're close to retirement. I don't know what that means, but >> of the large scale supply chain attacks that have been happening for the last couple of months. These include light LLM. These include Shrivy tool. This includes a check marks tool, which is a software.
>> This includes github.com. Low levels video came out before GitHub got hacked.
>> Analysis tool, right? A software security tool. And apparently Telmnix, another one that I haven't heard of.
These all originally were derived from some compromise of CI/CD. Right? Again, it's this weird pattern where companies are using good development tooling.
They're using good security practices.
And because they're using them, a bad assumption about the way that we're using them is causing huge downstream effects. Now, I'm not saying that this tool is the reason why these these exploits happen. I'm not saying that team PCP exploited vulnerability in Gemini CLI. That's not what I'm saying at all. What I am saying though is this reliance on CI/CD which likely now includes AI tooling with settings files that are not properly sanitized is a largecale pattern that we're seeing which could be enabling actors to do this kind of compromise. Right? Again we we all of these hacks have something to do with a compromised CI/CD pipeline or the use of a compromised CI/CD action.
Right? I think the the trivia action got compromised.
>> Yeah. Yeah. Yeah. Yeah. So, like this is why I just like keep keep keep keep keep bringing up this uh this blog post put out by Ramy over at Whiz, right? It's just like my god. Unfortunately, we're just not seeing people actually doing a lot of this, right? The stats just show that 80% of repos just do not have the kind of hardened permissions in GitHub to protect against these kinds of attacks that we have. And this is when I stop blaming users and start blaming the company. If if at best 20% of your users are doing things right and in reality it's like you really really really want to be in like these three, right? All repos for selected actions is is still a little broad. So you really want to kind of be in in here.
So like in reality you have zero to 1% of your users scoping things down in a hardened way.
At that point it's GitHub's fault, right?
Have you guys ever heard like the MFA adoption rates on some popular sites?
It's not good. People do not opt into security features. People do not opt into like friction that makes their job hot harder just in case. It just doesn't happen.
Let me uh make myself smaller so you could see Ed's beautiful face >> which caused the LM compro compromise for example or I think the Axios compromise right the compromise of the Axios workflow was done because Axio used tool under the hood. In March of this year team PCP leveraged an attack that took advantage of an Aquabot service that allowed them to compromise the trivi action repository. Following that, also in March, Aqua Security trivia, which was compromised by team PCB that was able to use some vulnerability in their GitHub action to compromise their GitHub action in kicks and a which eventually led to downstream effects. Now, it's very important to highlight that the way that CI/CD works under the hood is when a payload is getting ran by the CI/CD, there has to be a runner that runs it. Now, a lot of the runners are ran by GitHub, right? By default, when you run a workflow in GitHub, it is a GitHub hosted runner for you. But, it's also very common for large companies or companies want to have like a certain kind of thing run on the runner to run a self-hosted runner.
The payload will get picked up by a local binary on your infrastructure and it'll pull it down and run the workflow on your behalf. It's a very common thing to do. Now the issue with this again is if you design your workstream around the fact that the code running in your runners is trusted and this kind of exploit the like Gemini CLI bug is exploitable that code execution in your runner. If you don't properly protect the data or expose trusted data inside of those runners, you're going to have a bad time. Your API keys could get picked up. Your environment variables for other processes are at the same privilege level that contain things like database credentials or API credentials could also get compromised. For those of you watching this, you may be asking like what what do I do about this? Right?
What do I do with this pattern of supply chain getting attacked in Gemini CLI and potentially other tools being used in this way that could be malicious by a threat actor when they're doing a pull request, right? Ultimately, I think the only correct response to this is you have to assume everything is compromised, right? Assume that what you're doing is going to lead to a compromise in some capacity. And as a result, if someone were to land in a place like your local GitHub runner or if someone were to land in your pull request environment that is maybe cloud hosted, what about that could lead to a further compromise, right? Like if you're running a self-hosted runner, do you >> It's like everything we're reading about right now is ripple effects of the same people doing the same things, >> right? And so like yeah, I mean they're just telegraphing their MO. They're not even just telegraphing their MO. They're using the same like attack to go and attack the next person, attack the next person, and attack the next person. And it's all hinging around GitHub. And then the fact that GitHub got hacked today from it is just pure irony.
I see the hi Matt chat. It just says LinkedIn user. I'm sorry. I don't I don't see who. Um I'm not catching who from LinkedIn just said hi. I forgot that I was even live on LinkedIn right now. Um, so that's the first chat that came through. I forgot that I left the LinkedIn and Twitter uh things checked on my live stream. Most of the people are over in YouTube or Twitch security through obscurity is used most >> expose any in like any interesting credentials in other processes that run at the same level as that runner. If that's the case, use the Linux user scheme, use the Linux permission model and create new users for those processes so that maybe they can't run forever so that they can't run and steal your credentials. Also, use proper sandboxing. I'm hoping that if you're doing self-hosted runners, you're also using Docker or something similar that prevents a compromise from getting outside of that local, you know, basically true root jail that Docker sets up. Now, if you're running Docker containers as root, that's a whole other conversation that we should have about you not doing that in the future. But ultimately, that's where this goes, right? Pretend that everything is compromised. If something gets compromised, what are you going to do about it? Also worth noting that Google did submit mitigations for this. I think what happened is they made a new flag where Gemini trust workspace is not enabled by default. So, if your workspace genuinely does run only on PRs from trusted collaborators, you can turn on Gemini Trust Workspace, bad, it's all good. Um, otherwise you need to use the new version of the Google GitHub actions run Gemini CLI workflow that in versions 391 and 0 and 40 preview 3 basically don't trust the workflow settings by default. And it's important to note that some people do pin specifically to a certain Gemini CLI version. Uh, you need to up that pin to actually get the new version because every version before these versions was >> Yeah. So I mean this is uh All right, let me switch this back before I switch screens. Um, great Vid, good job. low level. Um, so the I mean this is just everywhere right now. I um let me pull up I had a thread get a lot of attention yesterday and I think it got a lot of attention because uh it's not like there's a universal answer right so we could even see so uh I I posted this thread everyone using cloud codeex I guess you know we could even say Gemini CLI right like uh what Ed was just talking about how are you enforcing them to not pull new and potentially mis malicious packages from npm and pi. This isn't exactly what he was just talking about, but I mean it's just related. It's all like we're all just using these agentic CLI things nowadays. So this was uh like how are you enforcing again like what Zach just said in chat that we were kind of laughing about the the one password blog that's like scoped and permissioned to the task. It's like, yeah, but how are you enforcing that? A lot of people are saying the word sandbox, and it's like you're that that word means something.
Sandbox means something and you're not actually talking about a sandbox. A lot of people are talking about like a guardrails.md file or a you know security.md or like like whatever it is or like I just told the agent to never do this like tell the agent to use this other package manager instead of npm.
Um, and so that's why I asked this is because like how are you enforcing enforcing not suggesting not like some line in a in a in a aentic markdown file, right? And so it seems like there's uh a few options. There's no universal answer. It seems like data dog has a supply chain firewall which I did not know about.
SCFW by uh by data dog.
So you just you do uh SCFW in front of your normal package manager it seems.
SCFW run npm install.
Um so this is one. So then but I had a question about how do like again cloud code install this on your machine all future installs requests to mpm pip will get routed through it. No that's like not true by default though right how's it going to blocked pulls from a variety of sources to know when a newly updated package is malicious. Our research team also analyzes what's the difference between this and the SFW1 socket. Yeah, he didn't answer. That's another thing. Um, can we get a GitHub workflow? Can this be used in a GitHub's action workflow?
These are all really good questions. So, I didn't know about this data dog one, but like what he says here is not true, right? Unless I'm missing something like install this on your machine and then boom, all requests for packages will get routed through this from now on.
You have to run this command.
And what I'm saying is claude code will just build its own package JSON and run npm.
So like how do you enforce it?
Um okay post installation steps to get the most it's recommended to run sc configure command after installation.
This will run you through uh environments. So you all commands for supported package managers are passively run through this. Okay. So there is a configuration to make sure that this happens right you can yeah someone in chat you can use hooks. Yeah, I was getting there, right?
But like by default, just installing this doesn't like auto route everything through, right?
Unless I'm missing something. By default, this uh is in keeping with the goal of blocking 100%. Wait, will refuse to run inspected subcomands with an unsupported version?
All right. So maybe somewhere in this configure situation there is an enforcement mechanism that I'm not aware of because then like couldn't you then just not write SCW run npm install because couldn't cloud code then just do this is what is what I was getting at.
So then like someone in chat just said um yeah a lot of people were just like you don't. The answer is we're not.
Akaido has another one safe chain.
So this is uh similar to what we were just looking at right bunch of different package managers.
You install this install safe chain and then what?
Verify the install.
So this is interesting because then it this doesn't this isn't a new command.
This is still in the npm command. So I like that better.
Right.
safe chain has a minimum package age uh and all of this kind of stuff, right?
So, this is another option. Akaido um and then we have memes. Yes, Casey.
This is how we're protecting against it.
Tuckner was the one that I kind of hooked on to, right? because they've got this socket firewall which is just SFW. But again, my question was like, yeah, cool. You can install this, but then you would have to like run SFW npm install instead of just npm install.
So I said, couldn't claude just like not use that, right?
like could if you if you were like talking to a clawed agent wouldn't like it just not do it right and so then he said oh you just create an alias so like the commands on the machine for PNPM and npm are just whatever so I was like okay this makes sense to me I kind of like this but then someone said, "No, you want to use pre-tool hooks."
And that's what that's what uh Franchesco is saying in chat as well, right?
What do I think? Hey, what do you think about the new Mdash? I I'm really, really, really, really interested in Mdash. I'll talk about that in a sec.
Let's get to the end of this uh this topic. I'll bring that up in a sec. I'm super interested. I've heard really really good things through the grapevine about it. Um, so yeah, this person came out and said, "Use uh pre-tool hooks, which will intercept all npm commands and redirect to SFWPM. Most agent harnesses support hooks these days. Ask Claude to add the hook for you." This is what everyone says, right?
Uh, unsure about codeex enforcement, though. This was my my one thing about hooks was isn't this per agent right like Claude manages its own hooks codeex manages its own hooks Gemini manages its own hooks right so like you have to create the hook for every agent right but then hooks can do this.
So, this makes sense to me. This makes sense to me. I'll tell you, I did I just did uh this for today, right?
And like I think that this is probably good enough even without hooks. I think agent MD and rules enforce agent to go through. Yes. I'm so nervous about that though, right? Because that's not like I've seen over and over again agentic tools have like rules and stuff in an agent MD file or in like a guard rails MD file that wound up getting ignored at some point.
You know, like look at the the head of AI safety at Meta that deleted their entire email box with open claw and it's like what? My agent MD file said to never do anything like that, you know? So, it's like context windows are a thing and some of these instructions that are loaded via agent MD get fall out of context windows.
Agent installation in the machine block.
Yeah, there's probably some layers here.
Defense and depth. Yeah. So, I went with this because I think that like there's not going to be a lot of basically what would have to happen here for this to fail is the agent would have to realize that an alias fired instead of the command that it thought to fire. And the agent would have to be so gung-ho that like it wants to do it the real way, not the alias way, that it would go and try to get around this, right?
AI is going to hack us all. MYTHOS.
>> MYTHOS is going to hack us all.
Um, I think that this is probably good enough advice. And then maybe the hooks as like a second layer, right?
I think that's my I think that's my uh my recommendation. Why not do this?
I I haven't evaluated socket versus Akaido versus data dog enough to understand who or why any of those are better, right? Uh socket seems pretty on top of things. Uh it's a free firewall.
Oof. Oof. Oof.
Oof. Oof. Big. Oof.
Oh man.
I don't even know if I want to pull up some drama. Zach, you're you were about to get me your Oh, man. Zack, I'm so tempted to pull your tweet up. I'm certainly sending it to some homies. Oh my gosh, Zach, I don't know if you're still here, but Oh man, major oof on uh No.
Oh. Oh, the gang's all here, you guys.
We're quiet this morning. We got Francisco, Brandon, Portbuster. How's everyone doing?
Um, oh my god, Zach.
Do it. Do it. Do it. Do it. Okay, I'm I'm officially peer pressured.
I'm officially peer pressured into this big old Oof.
Oof.
I am sending this to some homies though.
Oh no.
Uh, so I saw that this spam was going out yesterday and like I'm usually pretty tolerant of people advertising, especially their free tool. I'm pretty like like Socket does this a lot, right?
And I like the Socket guys and so I'm usually pretty tolerant of this, but this is a bad look, man. This was the malicious version and Zach went and tested the thing that I mean this this is the incident they're talking about specifically too, right?
like the incident that they're out there being like, "Hey, you could have used our tool to catch." And like that is the root cause of the incident.
Odd does a lot for uh the security and AI community. You know, I think Unprompted is an awesome conference. I don't know Gotti super well, but I think he does a lot for the community. That's not a good look.
Have I seen Zack XBT tweets?
Which ones? Yeah, I to I I passed around a Zack XBD thread.
Um, I passed around an Oh, man. Zack, that Oh god.
Oh man, that's that's bad. That's bad. I mean, when I delete on the Google button, it doesn't really delete.
Click it harder. Click that delete button harder.
Um, oh wait, okay, wait, wait. Someone asked me about M Dash. Let me I had it up.
So, I have a little bit of inside baseball here that says this is actually super cool.
Has anyone in chat gotten their hands on this yet?
You can apparently apply to get your hands on this, right? So, this is their new harness.
So, uh I am officially camp harness.
Okay, here's here's here's where the Matt J like line of thought. Yeah, this is M Dash. This is this is uh this is how my line of thought went. I thought that we were going to see like a tapering off. I don't know. I'm like doing it backwards.
I thought we were going to see a tapering off of the uh of the capabilities of Frontier models, right? This is what I thought a couple months ago. I was like, you know, models are going to keep getting better, but like not exponentially so. And like really and I was calling it scaffolding at the time like people weren't really calling it harnesses but I would say like context management and uh and scaffolding and like getting the right context to the right model at the right moment scoped tight is going to be like the future and that's like where all these startups were popping up right all the AI pentesters and socks and all this kind of stuff I was like okay this is a bunch of scaffolding around the models and and that's where the magic is going to be and then February 5th came along and Opus 46 came out and I was like, "Oh, nope. Never mind. The curve is not bent yet. The Frontier models are still getting exponentially better, right?" And it was like, "Oh [ __ ] like Opus 46 can do a bunch of stuff out of the box that required hardcore talented people making amazing scaffolding or harnesses." Uh, and now just Claude for $20 can do a lot of that, right? So, I was like, I am wrong, right? I'm wrong. like frontier models are getting that much better then I'm kind of coming back around that the yeah the frontier models are getting exponentially better but harnesses are still incredibly important.
So we looked at I think it was like this is the best blog that I read. If you guys missed yesterday's stream I went over this blog. So go back and go back and watch the VOD. I'll put this link in chat again. This is one of the best blogs of the year uh for a few reasons.
It just talks about their CloudFlare's experience with Mythos and and exploit chaining and PC's and whatever. But the real real value here is they talk about how just like pointing even mythos at a repo is marginally successful versus holy [ __ ] what they can do with a harness. And then they even go through and talk about their whole harness and like what it is like what their harness actually looks like. It was a really good blog post and they they don't quite stick the landing but these couple of paragraphs I think are some of the most important to read in the industry right now. Right. The la I'm going to read them again even though we did this yesterday. The loudest reaction to Mythos preview from other security leaders has been about speed. You can scan faster, patch faster, compress the response life cycle. And I I oh my god, I'm like I [ __ ] love these two paragraphs because this is just faster whack-a-ole. But faster whack-a-ole is still faster whack-a-ole. It's still just whack-a-ole, right? More than one team we've spoken to is now operating under a 2hour SLA from a CVE release to patch.
That's still whack-a-ole though, right?
This is still vulnerabilities. You're still just trying to find and fix vulnerabilities. But what they talk about, he goes, "This instinct is understandable. When the attacker timeline shortens, the defender timeline must shorten with it. But faster is not going to be enough. We think a lot of teams are about to spend a lot of time, effort, and money learning that the hard way." Oh my god, I'm like vibratingly excited about this conclusion here.
Patching faster does not change the shape of the pip the pipeline that produces the patch.
Read it again. Patching faster does not change the shape of the pipeline that produces the patch or produces the bug.
If regression testing takes a day, you cannot get a 2-hour SLA without skipping regression testing.
If the bug you ship when you skip regression testing tend to be worse than the bugs that you were trying to patch.
We learned with an early version of trying we tried to let the model write its own patches. We watched a few go out that fixed the original bug while quietly breaking something else the code depended on.
The harder question is what the architecture around the vulnerability looked like. I literally did this. I took over apps at my last job and I stopped like I was like you guys are not vulnerability scanning anymore. We're not like we're not doing it well enough or fast enough. This doesn't matter, right? Like, no. Like, like, let's stop these vans from being written, right? Like, what can we do to write guard rails that make the vans not go out the door to begin with instead of just finding them faster? Like, what can we do? You don't like marketing claims for Microsoft? Uh, the marketing is getting in your head, my man. Um, what marketing is getting in my head?
That's a bold claim. Uh I think I I tend to talk directly to practitioners uh and not trust marketing blogs is like generally my mo. But what the if you're talking about the Cloudflare blog or if if are are you having like a side thought about the Microsoft blog that I just zoomed away from really quick?
Um the Cloudflare blog. this isn't they I I'm annoyed that they don't really stick the landing here because they the conclusion that this person comes to is that the defenses that sit in front of the application and block the bug from being reached is the is the actual more important thing and that's very convenient because Cloudflare puts out a w that's the same conclusion that I come to I think that's a layer right I think I think this the defenses that you put in front of the application is a layer my take is uh this is is much more important. Patching faster does not change the shape of the pipeline that produces the patch. So how do you shape the pipeline that produces the code?
What kind of security guardrails do you put in that place to make it impossible for the developer to write the bug to begin with? This doesn't mean WFT, right? I don't I don't sit there and trust WF. Okay, sorry that was a side tangent from uh this because I think this is more data that harnesses are more important and I completely agree this is a a marketing blog. I think the first time I read this I said that but I've seen enough enough evidence enough times Cloudflare's blog now Mozilla put out their blog about their capabilities with a harness and Mythos and you compare that to like curl which they didn't give curl mythos access they just said hey we'll run mythos on curl and they found like a bug I think there's some lessons to be learned running mythos without talking at least transparently about the harness that they've created around it versus the people that are coming out and being very transparent about the harnesses that they've created and the success that they're having with AI models finding vulnerabilities because of the harness.
Did YouTube just die?
Are you Are you guys still here? Is YouTube still here?
Are you Are you guys still here? Yeah.
[ __ ] Reream, man. Reream is saying YouTube has zero people.
[ __ ] Reream, man. I there's not a piece of software that I use daily that I hate more than Reream.
Oh my god, it just went to zero. It said viewer zero and I was like, did my stream just die? No.
No, it just [ __ ] said this. What up, Ron?
Speaking of not finding vulnerabilities and making vulnerabilities impossible to write, Ron was one of the node brains behind that actual idea and execution.
So, Ron Good to see your name pop up. Um, I just want to know what path Microsoft is on and I'll do the opposite. I like it. I like it.
Um, so this is super interesting. So, uh, Matt says better CI/CD. I not necessarily better CI/CD. So, I understand why you said that because, uh, the word pi the word pipeline came out, right?
We talk about, uh, this this is probably why you're asking better CI/CD. I think that's probably part of the answer.
One of my hot takes that I by the way I'm an appsac guy, right? I sold Dast and SAS like as a career not sold I like provided dast and SAS solutions as a career for like a large portion of my life, right? And one of my hot takes is that secure by default web frameworks coming out did more for application security than any application security vendor, vulnerability scanner, anything WTF ever did.
Right? Angular and React becoming more popular did more for eliminating classes of vulnerabilities that were in the OOS top 10 for 15 [ __ ] years than any scanner ever did. We got really good at scanning for cross-ite scripting and it still was everywhere for 20 years.
You know how much harder it is to write cross-ite scripting in React? You have to write dangerously set inner HTML is the name of the API call. It is so much harder to shoot yourself in the foot as a developer and write insecure code in modern web frameworks than it is in like raw dog PHP ornet. Right? That's what I'm talking about with this. So yeah, I think like you know CI/CD stuff, better CI/CD stuff is definitely part of it, but we had that when we were writing shitty code. You know, all that is was again faster whackable. You weren't making it any harder for developers to write insecure code. Okay, that is the goal here. Now, what's the goal? How can we have coding agents that don't shoot themselves in the foot? Because a lot of people are going to be using coding agents. Now whether we all like it or not, you could sit here and and put your head in the sand to be like AI's hype and this is all [ __ ] But whether we like it or not, the best engineers on the planet are still even like using claw code or codeex or whatever now, right?
So what is the ver like in my in my life, my version of that was secure web frameworks and then guard rails that you could put. So even with secure web frameworks, there was other vulnerabilities that weren't like cross-ite scripting or SQL injection that were still easy to write, right?
Things like SSRF was like something that was easy to write even in a modern web framework. So how could you as a security engineering department put something out that made it harder to write those vulnerabilities? So now put on the agentic AI uh hat on what instead of a guardrail, what's your what's your harness? And and I'm not even saying vulnerability discovery harness, but if you look at this model, it looks pretty similar to a lot of other things. This is just a vulnerability discover discovery workflow. So what's your secure code development workflow look like, right?
you're probably designing what you're doing and then coding it and then you know making sure that you uh are using all of the security best practices or guardrails or whatever it is. One of the things that I uh liked to say at my last gig was I wanted to treat the lack of a guardrail as a vulnerability. Even if it wasn't an exploitable vulnerability, if you didn't use the right way to do it, which we knew was safe, I was going to consider it a vulnerability, right? That was like a cultural thing that we had to try to like get through. I think you have the same thing here with security harnesses. I don't know. Maybe I'm maybe I'm too harness pilled. But uh that's where I'm at. That's where I'm at with this. I looked at this is one of the better blog posts I've seen in the year.
And not because they're glazing glasswing or Mythos. I think they're being very real about Mythos's capabilities. I think Mythos's vulnerability identification capabilities are very similar to Opus 4647 and some other tools that aren't even AI related. But where it shines is in chaining, right? Exploit chaining.
And so where that shines in your world would be reduction of false positives because it's not going to be able to produce a valid PC and valid exploit of chaining a bunch of vols together if those vans are are false positives.
So now Cloudflare has like a bar that they're setting for themselves that says, "Hey, any report that we get from our own [ __ ] needs to come with a PC and a fix, right? So they talk about a lot of the lessons learned here and this is very the reason I'm I'm I tend to believe this and the reason I tend to not think that a lot of this is marketing, okay, is a I know people I I know people who I've touched in real life. I've shaken their hand. I've bought them a beer. I trust them who have gotten their hands on this and are telling me the same thing. Okay? You know, so I'm not forming my opinion based solely on marketing blogs. First of all, second of all, the blogs that we're seeing come out of companies that are having success with Mythos in Project Project Glass Wing are saying the same thing and they don't have the same incentives, right?
Let's let me find um it's in a tab somewhere that's gone. Um um here Mozilla's like these are security researchers at Mozilla. This is not marketing. Okay. This is Mozilla coming out talking about their use of Mythos and you see the big spike here.
Microsoft is king at marketing. You can check Cyber Gym for the models used in the harness. Yeah. Yeah. Yeah. Totally.
What happened to get we talked about that at top of stream. They got hacked.
I'll uh I can bring it back up in a few if you have any questions about it. Uh you you uh feel free to ask, but uh they or you could find my Twitter thread about it. Uh so Firefox is saying a lot of the same things, right? So they um they are part of GlassSwing. They are using Mythos. You can literally see in their stats, February is when Opus 46 and 47 came out, right? So already an uptick. And then April, they is when Mythos and Glasswing happened, right?
And the explosion of bugs. But whatever.
Cool. This this chart went viral. The thing that I absolutely love in these posts is they start to talk about the actual harness that they are using to actually get value here. And the thing that they say is they already had a very very detailed fuzzing protocol and bug identification validation and self-reporting uh system that they just were able to plug Mythos in. So Mozilla already the reason Mosilla was so successful with Mythos was not because Mythos is Mythos, right?
>> Mythos.
>> I'm saying it too too many times to not hit the soundboard, right? It's not because Mythos is the all- knowing super AAI hacker that that Firefox is having such success with it, even though it is a very good at finding specifically memory bugs, which are what browsers are known for finding.
It's because they already had this hyper mature workflow. This blog is from 2021, bro. This blog is pre-I being a glimmer in our eye. Mozilla's got a workflow.
What does this look a whole lot like, everybody?
Doesn't this look very similar? Recon, hunt, validate, ddup, trace, feedback, report. This is the mythos AI powered.
Oh my god, whatever. Here's a blog from 2021. What does it look like, right? Hunt, triage, uh, DDUP, uh, you know, every everything, build instrumentation, like it's like the same workflow, right? But just based on fuzzing.
And so this is my this is my thing. I think that Firefox has been successful because they learned a lot of these same lessons. Let's go back to the Cloudflare blog really quick. The same lessons here. Narrow scope produces better findings. Instead of just saying, "Hey, go look at this repo, find bugs, saying look for command injection in this function. Which do you think is going to be more successful?"
Right? I think any tool is gonna have like AI or not, the more scoped down you can get the better, right? It's just even more true in AI land because of context models and because these things just go off the [ __ ] rails and it's non-deterministic and it's just going to go off on rabbit chases, right? But if you give it a file and you say look for this specific type of vulnerability in this file, which is what Mosilla said they did, which is why I'm not thinking that this [ __ ] is marketing, right? We have multiple security engineering teams successfully finding bugs that they weren't able to find in their previous processes, finding things and there and the successful ones are coming out and saying the same things. They've built a custom harness. The key feature of such a harness, given the right interfaces, instructions, it can run reproducible test cases and dynamically test hypotheses about bugs in code, right?
And again, they were doing a lot of this pre- Mythos anyway, and Mythos just leveled it the [ __ ] up. At first, we supervised the process terminal to observe the process in real time and tune the prompts and logic. Once this was working well, we parallelized the jobs.
multiple ephemeral VMs each task to hunt for bugs with a specific target file, right?
In their other blog, they have like their red team blog. Anthropic has their red team blog and they talk about this Firefox use case and they talk about this that Firefox gave file by file to Mythos with their harness and that's when they started to see the real value and now you got Cloudflare saying the same thing. So, I think this is the I think this is the lesson to be t taken away from all this is if you're not currently building a harness that can break this stuff down, uh you're not you're you're not doing it right. You know, I think everyone should be running code through these model. Even if you're not coding with agentic agents and you're still handcrafted, you know, weaving your your your yarn, uh, running it through the models to find issues just makes a whole lot of sense. But instead of just saying, "Hey, model, go find code," having a harness that does this, right? Scopes it and says, "Hey, your you your job, what's that what's that Rick and Morty meme?"
Um, what is the uh I don't even know. I've I've like never actually watched an episode of Rick and Morty. I just know like memes, right?
It's like what is my purpose? You pass butter, right? This is your job. Uh, what is your purpose? Your purpose is find command injection in vulnerabilities. You give an agent exactly one job, right? What is your purpose? Your purpose is to pass butter.
Your purpose is to find a single type of vulnerability in this file right now and then that's it. I'm never going to ask you anything ever again.
It's cool and anthropic. Finally found a use case for Firef Man. I was Firefox main for years and years and years and years.
a very hacked version of Firefox uh was my main daily driver forever because I was so anti uh anti- Chrome spyware.
I miss it. I miss it. I do. Anyway, there you go. That's my soap box.
Sorry, I didn't even take a [ __ ] breath during that.
All right. What else we got?
You want me to check CyberJ? I can check Cyberjim.
I've pulled Cyberjim up before.
Yeah, this is the M Dash thing, right?
Yeah. Yeah, I pulled this up when that M dash blog got out and I was wondering why we weren't seeing some other stuff on here. Right.
We got Mythos GBT55 GLM51 is super interesting that that's on here already.
What was I?
Oh man, I don't even remember what I expected to see on here and didn't I forget.
What was I expecting to see on here?
Best Matt content when his ADHD hits, dude.
Dude, real. It's real.
It's real, though. That wasn't too shiny squirrel. That was just pure passion. I am passionate about appsac if not anything.
Opening eye it's first time that dropped uh cyber gym score. Yeah.
Never did before.
Um all right.
What else we got today?
Yo, Port Buster, are you still here?
If portbuster, if you're still here, uh, what was that Zack XBT thing and ironic?
That might be a good way, a good next little segment here.
Check out the diagram for harness rules and CI firewall. Uh, did you just tweet me?
Is this what you're talking about? Yeah.
What do we got?
We got Claude Codeex over here, here. Here.
All right. Rules and skills product specification don't use bad package. PRD block rules do this harness block presession hooks. Okay, so Claude Codeex presession hooks. So the user is talking to this that you also have rules and skills.
So you have presession hooks, you have rules and skills and then rules do this dev machine block GitHub package manager is over here.
package CI.
Yeah, I think I get what you're saying.
It's just layers, right? Different places to block and enforce different things.
I don't know. I still I still think that for the average bear for the average bear I think for the average bear I think this plus the hook saying hey Claude make a hook to enforce This is probably the move, right?
This I think this is what I'm going to recommend to people.
I think.
Um, yeah.
All right. Someone uh Portbuster in chat said there's some Zack XBT stuff.
I've been following a bunch of his bits lately.
What I'd miss. get a passing along homemade candle making process but those package get compromised constantly so checking against a source of intel. Yeah.
Yeah. Yeah. I mean I am kind of putting my eggs in the socket is going to be fastest to find the malware on their basket for sure.
They've proven they've proven pretty fast so far.
I think they caught this most recent one within six minutes. Right.
Looks like the Akaido one and the data dog one are really popular too.
I don't have I don't have a a reasoned opinion between socket Akaido and data dogs like free firewall tool.
Zach, I don't know if you're here or if you have an opinion between those three either Um, what'd you miss? GitHub. Yeah, if you guys like are coming in because of the title, like we talked about it at the beginning of stream. We could talk about it a little bit more.
Um, not on a technical mer. Yeah, that's where I'm at, right? I'm like on vibes choosing socket on Twitter posting a wins. Yeah. Yeah.
Yeah. It'd be an interesting benchmark, right? How fast do each of them legitimately block the bad things and not like your other kind of embarrassing tweet uh of marking the bad thing as safe?
I want to see. I I I stirred the pot in a group chat with your tweet. Let me see. I didn't And then I immediately put my phone down and never looked at it again.
Oh man. Okay. I just I just like pulled the pin out of that grenade in there.
Brutal. Check out the harness one for Blue Shield. It's open source. Okay, cool.
Matt stirring the pot and putting the phone down as like a dev pushing a change on Friday and logging off.
Boom. Boom. N Francisco, uh, I have some friends that want to chat about your boot camp experience with me and you. Would you mind if I DM'd you and maybe set some time up?
Haha, someone is on the other side of this one. Zack, no. Uh but I have uh in a group chat that I'm in with like some CISOs and and stuff. One of them is like um one of them does I guess is a colleague is a colleague of of them and no they're not don't worry they're not defending they're not defending but uh basically yeah one of the one of the co-authors of that mythos um ready security program thing that that he did with I'm I'm really good friends with and we're in a group chat and I just dropped your tweet in there and ran away and some of the other CESOs are in there were like I so no one's on the other side of that don't worry they said the same thing that I did that like hey uh he's doing a lot for the community right now he's like bringing a lot of people together right now which is like good is a good thing Yeah. Yeah, I got it.
Don't worry. I knew I'd be a controversial calling him out by Zack. Zach shy away from a controversy.
Zack shy away from a controversial tweet.
Not the Zack I know. What up, Kilobyte?
Good to see you.
Um, I think a few of you joined late and are asking about the GitHub thing because I probably didn't update my title. Um, all the news stories are just talking about how GitHub confirmed that they are hacked. They lost about 3,800 repositories of their own code out. Uh the thing that the news stories just didn't catch because I don't think it was public yet which uh which I found on Twitter was we figured out the extension the VS Code extension that um the VS Code extension that was the root of the GitHub breach is this one. It's this NX console one. Um, and then if you go to the NX consoles um, security advisory about it, a it came out two days ago. So they came out and announced that they were pushing a compromised VS Code extension before we knew about the GitHub breach, right?
Important timeline bit of information there. Um, and then they have IOC's in here which are good, but the rest of it is all just team PCPMO, right? It's all the same information that they steal every time they get in. And then the thing that I don't see enough people talking about right now is that the root cause of the VS Code extension being hacked looks like, and they're not saying it here, but it looks like it's an npm. It was the npm worm. One of the developers of the VS Code extension compromised by a recent security incident which leaked their GitHub credentials. Doesn't that sound a whole lot like the uh the npm worm? Right.
So, it I think that this is all a ripple effect of just team PCP stuff in general, right? They're not saying it here, but it looks like this was npmworm stuff, right?
And then that let them instead of pushing npm worm stuff to this repo, they pushed a malicious version of the VS Code extension into this repo which then furthered furthered their uh exploits.
Yeah. Yeah. We So that's how we all found out about it was team PCP listed the GitHub Py uh code for sale. Yeah.
Yeah. Python packages as well. No, I keep saying npm worm just as a shorthand. You're right. And even Ruby gems. So it's not even just npm and pi.
You're right. I should stop shorthanding it that to that supply chain worm.
Supply chain worm. You are correct.
You are correct.
Um so yeah, anyone who was just joining that for my title, there you go. What up, Shai Kilobyte? I hope you're having a good week. Feel free to send invite anytime after 2 p.m. PST. Okay, cool.
Cool, cool, cool. I'll uh I'll DM you for an email, Francisco.
Check the write up there. Didn't I just have the write up or a different one?
Oh, I see. You just tweeted me.
Um, sorry. Uh, who is Phoenix Security? I don't know.
Phoenix Security GitHub internal repo. Boop boop boop. Um, oh, this is your write up. Sorry, I didn't know your company name. Got it. Got it. Got it.
Uh, GitHub is not formally named it, but the strongest candidate is this NX1. Yeah.
Yeah.
Published to the VS Code marketplace on May 18th. That's two days ago.
The extension carries roughly 2.2 million installations. It was live for 11 millions. They say that they have evidence that 6,000 people downloaded it.
in their Twitter thread.
So they said Microsoft indicated that 28 installs of the malicious version based on our own analytics we think that potentially 6,000 installs even though it was only alive for 11 minutes.
which is kind of crazy, right?
Yeah, good write up. Thanks for sharing.
Good stuff.
Came out after you wrote the article.
Yeah. Yeah, for sure. That's the uh the issue with doing news.
Um, I wanted to try to find the uh XBD.
Is that XBT?
Um, yeah, this one.
I think Portbuster was talking about this thread, right? This thread actor flexing money. I will not be playing his videos.
Just incredibly uh vulgar. just oh my god the way that this guy talks um was h it's just atrocious. But anyway, apparently went live and did a ban for band, which is apparently just like people bragging about how much money they have in their wallets, which then got them traced, right?
So then Zach is obviously got a screen recording of this band for band. He's a former cryptogrifter. I didn't know that. I had a I have a good opinion of uh his investigations and stuff.
Uh his wallet received $5.3 million from this theft. By the ban forb, 1.6 had already been spent or laundered. So he he basically tracks all these like wallet activity.
A criminal complaint against this guy was unsealed for his role in the 185 Bitcoin theft. He's facing up to 40 years. Co-conspirator number one is this this guy Dritton hasn't been formally uh charged yet.
Ironically, Dritton previously did a ban forband with Lick, which led to my January 2026 investigation of a $46 million theft from the US government by John and later his arrest. John posted one of Dritton's old wallet addresses and now deleted Telegram posts in retaliation.
Based on my own assessment, the address looked accurate as Driten moved funds to the same laundering service within minutes of the 185 uh Bitcoin theft.
Dritton lives an extravagant life, regularly posting on Instagram, sharing it with other threat actors.
I assisted one of the affected parties for the investigation by uncovering the onchain activity linked to them, however, held off posting until the charges became public.
um his friends have kept getting arrested without him. I think this is particularly due to him of being a minor up until recently and law enforcement just holds off to prosecute minors. He just turned 18, so here you go. Here you go. What a thread. No, I will not be playing the vids. What's up, portbuster?
I was wondering if you were still here.
I will absolutely not be playing these videos on uh on stream on memecoin. K is one that makes buy calls to a group of people usually through a Telegram channel. So, Portbuster, are you saying there's an ironic uh video about that that thread?
Nah, just tweets. What he might make?
Oh, okay. But didn't that thread feel like an ironic video? Is that what you're saying?
If you guys don't know what we're talking about, this ironic channel is actually great on YouTube about going through different cyber uh cyber crime stuff in this in this kind of like really good fast-paced like style.
We've watched a bunch of these on uh on stream.
Hacking Instagram models to ask them out. What a title that is.
This Minecraft kid stole 238 million in Bitcoin.
It's insane.
Insane. These are good videos. These are super good videos.
Yeah, it might come up. Yeah, I would be surprised if it didn't, right?
Man, this guy has been on a tear lately, too. His vid his channel has blown up.
He is on a clip, too.
One, two, three, four, five videos this week.
I I got to talk to him. I wonder if he scripts these because they're tight, too.
They're pretty funny.
He's just also like, why not ride the uh the AI hater train?
Do I want to watch any of these?
Ex Google CEO just expose the whole AI [ __ ] show. Is he just talking about the uh commencement speech?
It feels scripted. Not a bad thing. I appreciate the refresh.
Yeah. Yeah. It's hard to be that tight without being scripted, right?
What up, Roman? Yeah, I'm not I'm not uh saying uh scripted is bad either. I've been toying with scripting some of my videos and parts of my videos. Generally, not a script guy, but I've been trying. I've been trying.
All right. Um, what do we think? One video before we sign off. One little react.
We could do it.
Is there a good one?
Let's see.
One more react. Let's do it.
Um, someone said, "Coffeezilla was talking about Trump mobile leaking customer info."
And I didn't hear about this story from any like cyber news story.
I didn't realize other people wrote scripts until like three weeks ago and constantly felt bad. Everyone was so much better at speaking flawlessly.
Zach, until extremely recently, not a single video I've ever done has had a script. I had a script for that iOS one because it was such a tight partnership with that sponsor.
Um, and we've been working on it for months. So, I didn't really want to off the cuff that one.
Um, so yeah, like usually sponsor work I'll maybe script a little bit because generally they would like um a say in it, but the vast majority of my YouTube videos are not scripted, which again, like you is probably a bad thing.
Um, thank you. I got a lot of weird comments about that video. I mean, everyone was talking about the background music and [ __ ] We were just trying a new thing.
like my my editor Nord was just trying, you know, new production styles and, you know, visuals and sounds and stuff. So, you know, we're going to experiment.
But, yeah, I think that's going to set the bar for me for like those kinds of things from the future. So, basically, if a vendor wants to sponsor a video like that, like, cool, here's the here's the bar, right? Do you did you do anything really cool that like I can interview your experts on? Like because that's way better than just me yapping about stuff.
Thanks, Zach. I appreciate you.
Yeah, it did better than my average video, but not great. Um, it still has time. YouTube algorithm is weird.
Sometimes it'll like chill for a few days.
Um um we could pull it up. I don't care about sharing my analytics.
So like yeah, better than my average by a pretty large clip.
Um and no no paid reach at all.
Sometimes with the sponsored ones, they'll they'll want to throw some money behind it.
Um, but this one's pure organic.
$40.
Uh, I think this metric is one of the ones I really got to get up. I think the videos that wind up doing really well are over 10% on on uh on this. Like the click for the thumbnail and title.
That's the hard one.
Um, and yeah, I caught some air on some other sites, too, which was cool. Yeah, that clickthrough rate's rough, right?
It's the average CPM for a channel like mine. Is CPM this?
Is that what you're talking about?
15.
I don't know if that's good or bad. I have no idea. I make like no money from like actual YouTube, you know what I mean?
Like I I make like tens of dollars from from YouTube.
So, you know, that's not that's not ever going to be a thing. Um, my sponsors pay well because the value of my audience is high. Even if the size of my YouTube audience isn't high, you know what I mean? I've got sponsors that have closed like six figure SAS deals off of a video that got a thousand views.
So, when I can when I can point to that, that's better than pointing to a million view video when the million view video could be like teenagers in Myammar or whatever, right?
Um, all right. Let's let's I I don't know anything about this one. So, let's uh let's see >> to let you know that Trumpmobile.com is leaking customer information. And I know that because sadly I am one of those customers whose mailing address, email address, you know, everything short of credit card number is being leaked via a security exploit that I'm not going to go into too much detail to explain, but but it's not complicated. I mean, exactly how it works was explained to me. I'm not a computer expert, but even I can understand the mechanics of it, meaning it's very lowhanging fruit.
Basically, this past weekend, I was reached out to among many other people who have Trump mobile accounts to let us know that our identification was being served up. This was by somebody who said they had no interest in doxing me, but they just wanted to let me know that this was happening. This person had my order information, my mailing address.
They had other people's information as well that they shared with me just to prove it was a real, of course, blurring out the actual address data. From what I can tell, the person who contacted me, they're just interested in getting this fixed. They contacted the Trump mobile.
Uh, I can tell you what the security flaw was just by looking at that and hearing all that. Uh, this is just an open API with no authentication that just returned all that information.
That's it. It's just someone there's an API request on that website that you could just hit and it just returns all that [ __ ] That's that >> team. They didn't respond. After seeing this, I conferred with another famous YouTuber who's also a Trump mobile, you know, orderer. They were also concerned their information is on there. So we reached out also to the Trump mobile team thinking maybe you know somebody with more kind of reach will hopefully be able to escalate this. We have received no response from the official team. Uh so basically how we feel is there's a public interest in letting people know do not order on Trump.com unless you're ready for your information to be leaked. It's basically that bad and also raises concerns given that Trump mobile is offering a cellular service. I don't know how much of a view they would have into people's browsing histories, call history, location data, but I would assume they keep some of that data. And if that is the case, I'd be very concerned given how much or should I say how little uh protection they give to your basic customer information, which should be obviously like under lock and key. Now, among other things that were discovered while realizing that, you know, my address is out on trump mobile.com being served up to anyone who knows this security exploit, we also found out that the real number of customer orders is much lower than we thought previously. Uh it had been reported that 600,000 people ordered the T1 phone. Turns out that number was basically made up from thin air. But actually looking at the customer, you know, unique IDs, it looks like the real number of actual customers on this website was more like roughly 10,000 unique customers with roughly 30,000 unique customer like phone orders. I don't know if that also includes like Trump mobile itself as a cellular service plan. I'm not exactly sure, but looks like about 30,000 different orders went through. Much lower than previously reported. About 5% actually what was previously reported, which might explain why this has been seemingly such a low priority for Eric Trump and the people who are involved in this. It seems like there have been delays, changes, all sorts of stuff.
looks like they're trying to back out of this thing only to then later say, "No, we're actually going to deliver it." At this point, I don't know if it's more just to get this off the legal liability ledger because it doesn't seem like there's as much interest in this device as was previously reported. And in some ways, it's good because it means the blast radius might be about 10,000 customers, which is still bad to be clear, uh, but much lower than was previously thought. So, I just wanted to let people know as one of the people affected, this sucks. I wanted to get it fixed before going public about this.
Uh, and now it looks like unfortunately we just have to report on this. if you're someone from the Trump mobile team and you're wondering how this explo.
>> So, uh I like hey we were us in the security community uh wearing a bit of egg on our face here because uh this is how I found out about this. I didn't even see the YouTube videos. I saw my buddy Evan say, "Uh, why did I learn about the Trump security breach from freaking Penguin who watched coffee? Security media is lacking." So, what did I say? I am ashamed. I guess that's me. I'm uh I'm security media, right?
Um anyway, that's not that wasn't that fascinating of of a thing. leaky API.
Um, what was what's Prime's video? Oh, yeah, yeah, yeah. Let's watch this. Prime keeps talking about security. Prime, you're too much you're too much better of a YouTuber than me to start making more security content than dev content.
Like you're too like you're way too good to turn into like a full-time security channel. Please, please. I have a family to feed. I'm just kidding. He can do this. But uh Prime's really good. All right, let's watch this >> tweet from last December when Next.js said, "Hey everybody, you better upgrade. Uh if you don't, well, there's kind of a remote code execution on pretty much every version of Next.js.
So, hey, but server components are really cool, though." And of course, everybody upgraded only to be met yet again just a couple days ago. Hey, guess what everybody? You better uh upgrade.
Uh because well, if you don't upgrade, you will simply have um a denial of service, a middleware proxy bypass, another middleware proxy bypass, another denial of service, another middleware proxy bypass, a serverside request forgery, a middleware proxy bypass, a cross-ite scripting, a second cross-ite scripting, a denial of service, a cash poisoning, a second cache poisoning, or potentially a fifth middleware proxy bypass. Hey, you know what I'm talking about? AI, man. Isn't AI pretty sweet?
Like, look at that. Yo, like that's AI, bro. That's what we're getting out of this. Hey, honestly, React's more secure now. You just got to upgrade. Either way, I'd like to call myself a bit of a Nostradamus. As a person who's written a data fetching library, let me just tell you, it's really easy to screw it up.
Now, obviously, the force upgrades will continue.
>> What did he say in 2022?
>> As a person, >> just wait until we all discover how bad server components are. I have a sneaking suspicion that we're about to see all the problems with Falor, a data uh of fetching library that I wrote once.
>> Who's written a data fetching library?
Let me just tell you, it's really easy to screw it up. Now, obviously, the forced upgrades will continue until morale improves or you finally switch over to using HTMX, which by the way, the Lord's library, and it works really well with AI. So, >> this is how I feel about the supply chain stuff. The supply chain worm will continue until morale improves.
>> Just throwing that out there. Okay. Now, obviously, there's quite a few vulnerabilities here. So, we are going to take apart the very tippy top one, the highest one, which is actually a bug that's within React. But before we do that, we got to get the bag. Hey, is that H? Uh uh uh uh uh uh uh uh.
>> Now, there's no information on the actual exploits, at least given out publicly officially, but there is this beautiful slop in which has reproduction steps for pretty much every single one of them. All >> I've not heard that term yet.
>> MYTHOS.
>> Mythos out here creating slot repositories full of vulnerabilities.
Must be Mythos. Must have escaped the lab. Oh my god, the AI superhacker is out here.
>> Listed out nicely. Now, we're going to go to the very tippity top one that I showed you before. And it gives you this beautiful piece of code right here. And if you jump into the Y, you can actually read what it's about. It's just taken straight from the actual CV website, which is going to say this. Next.js app router consumes React decode reply action bundled from React server DOM webpack to parse React server components reply server action bodies. Prepatch React walk the reply graph during model resolution without any depth, cycle, or row count limit. An unauthenticated attacker can post a cyclic/deeply nested form encoded reply body to an app router page with the next action header and force the server to spin CPU/stack overflow for tens of seconds per request. In other words, you're effectively doing a DOSS. You're denying the server's ability to process any other request cuz remember JavaScript.
Yo, we're single threaded pretty much as this thing just spins and does nothing.
Your CPU's pegged and you have pretty much no insights as to what's happening.
And you can even get a stack overflow if you provide enough of these encoded items. So what are these encoded items?
Remember I said it was a slopository?
Well, here's part of the example of the slot repository. Inside of this beautiful bash file, we also have some >> Have you guys heard that ter that Oh my god.
Slot repository.
Oh gosh, I had not heard that before.
It's so great.
>> Beautiful Python going on right here. I mean, nothing tells me that an AI has written something than code that looks like this. This is this is what makes AI happy. Okay. If AI has the ability to be in bash piping out to Python, I mean, it is one.
>> Oh my gosh, I didn't even realize what he was talking about. Do you guys see that?
It's literally piping out to Python in a bash script.
You see the commands around it and then there's like random code.
>> Happy mythos. Honestly, kind of making Dario proud right now. And so then it produces this value right here over and over again. And it does this whole next thing right here. So it says, "Hey, all right. I'm going to create a dollar sign f with a value in hexadimal. And I'm then going to create an object that references this next value also in hexodimal." Now, you're probably thinking, okay, I don't even have any idea what that means. Well, that's not a big deal because guess what? This isn't our first time inside this code. So if you go over to this parse model string function, it actually is doing the parsing. Now remember in regular userland, typically people from websites send up JSON. Oh no, no, no, no, no, no.
Not in React. See, in React land, you have your client, right? Big old C client here. Let me increase the size. I went down in size. Oh my gosh.
Embarrassing. Can I say that?
Embarrassing. Okay. A little too big, but whatever. Uh, your client and your server communicate back and forth. Now, typically in your normal world, probably >> guys, in order to be a better YouTuber, do I need to start drawing on screen?
Seems like all the good YouTubers draw on screen.
I do.
Yes. Okay. I tried it early in my YouTube career. If you go watch some of my early YouTube videos, I was like doing it on an iPad.
No, it's like you got to like make a green screen like thing on an iPad in OBS and like whatever in MS Paint. I was just like Apple Pencil on a like on a blank iPad and it would just like draw on my screen around my face. But then I stopped doing it because and this is embarrassing.
I uh was using my iPad as my second monitor.
My my old YouTube studio before the everything you see here today, you don't see it, but like was my laptop and a webcam and then I had my iPad sitting over here as like a second monitor because I like shared a desk with some people and I would just kick them out when I had to film and I had a USB Blue Yeti microphone or whatever. Okay. And I'd have to like I'd have to choose. Do I do I want to draw on screen for this video or do I want a second monitor? And now ladies germs I uh I have monitors. I have real monitors now. Do with a spyroraph.
Should I spin art? Should I spin art about vulnerabilities?
Listen, we're in the big leagues. We're in the big leagues. I'm going to do it.
I'm going to bring my iPad back.
I have it. I have my iPad. It's sitting in my backpack right now. I lost my Apple Pencil, though. That's the tricky part with Apple Pencils. They just kind of fall right off. Instead of making stuff after editing, you just say what you have to say. You're like, "Let me draw this up." Another 20 seconds each time. Zack, you've been studying the game, man. You're a student of the game, Zach. iPad maxing. Oh, no.
All right. I have I have like You guys want like a little teaser? Brian, should I tease them the news as of this morning? Need to You need the voice over while you work on a pottery wheel like from Ghost. Oh my gosh, you guys are right. Theo's like 40. That's true.
Brian, should I tease the news?
So, maybe starting a podcast, this is the teaser, okay? Maybe starting a podcast with another much more well-known YouTuber than myself.
Um, and we were literally just talking this morning about it, and we were laughing about exactly what we're talking about right now. And we were talking about how a lot of this stuff is meant to be like clippable and consumed in clips.
And I was like, "Oh yeah, I like don't even really watch like Theo's podcast. I don't watch Theo's podcast, but I catch clips or you know the standup. I like I watch like the clips out of the standup more than I watch the standup, right?
And there's like a bunch of comedy podcasts and stuff like this, right?"
And we were both said like we don't know why like we know anything about Clvicular.
We're like who the hell is Clevicular and why do we know anything about him?
And it's like oh it's because like the clip algorithm is forced upon us. So anyway, we have to like reverse engineer when we start our podcast. were like how do we inception everybody like clvicular has to like they don't even know that they know about us but they know about us all right drawing on the screen step number one oh yeah your normal job you're using JSON so you can just call like JSON parse better wrap a little try catch around that or else your server explodes but you get the idea pretty straightforward your client does the exact same thing but not in react server components land the special meanings almost always start off as a string it starts off as a string with a dollar sign from there it has some sort of control character like hey what kind of action are you >> poly market hits on Matt saying clvicular on his stream. Man, I got to get in on this insider training of words that Matt says on stream asking me to perform. If I remember correctly, it's actually this code right here, a subclass B for blob. This is actually how the previous one had remote code execution is by calling this function right here, which ended up returning a function in which was actually specified as part of the input and being stringified as a function into an actual JavaScript function, which allowed the user just to say, "Hey, here's what I want you to execute. I control this string and you turn it into JavaScript for me and I can do whatever I want on your machine." It was not good. Not good at all. But this time it's an uppercase F. Again, jump right here. You can see the uppercase F. So it's setting something up. And what this does is this says, "Hey, I have a reference. You are referring to some object somewhere on the server. So I'm going to decode it for you." And so it does this get outlined model call right here. Well, outline model will simply go off and do the hydration, do whatever it needs to do except if this model has already been resolved once before. Now, this is where this beautiful loop comes in right here.
Because if you look at this, who am I referring to? I'm going to refer to the next one in line unless if we've gone all the way around. Then I'm going to make a nice little ring right here. So that way the last element refers to the first element. So when we get here and we've already initialized the model, it's going to call this. Hey, we need to initialize this chunk specifically. So it actually points to the correct object. Now inside of initialize model chunk, what it's doing, it's going to revive the model. I assume this is like the hydration process, like hey, here's all the stuff that exists on the server.
So go off and do it. Now, when you're reviving the model, if the value I passed into you was a string. Oh my gosh, it's a string. So it's going to go here and recall parse model. So you can kind of guess what happens here. We parse model to get outline model to initialize model chunk to revive model to parse model string. And we're just going to keep on doing this nice little >> All right, good. He's still a developer YouTuber, everybody. Guys, this is great news for the channel. This is This is still This is still a dev video. This isn't a security video.
Gosh, no. Sorry. Security security creators, we can't we can't talk like this. We can't go into this. Okay.
>> Circle as much as we can until bad things happen. In fact, it only takes 53,000 times around this loop for my stack to be exceeded. I bet your servers probably are some cheap EC2 instances or something and they probably don't get nearly as deep with the stack. Now, the crazy part about this is that the user doesn't even need to be authenticated.
They just simply need access to this payload and you need to be on an old enough version of React. And so therefore, they can just send you this message and boom, your computer, that one single message, one message means your server up in the clouds completely off. It's going to crash the process.
But before it crashes the process, it's going to take hundreds of milliseconds, if not longer, to process through everything first. You see, back in my day, React used to just be a Vue library. In fact, way way back in the day, it used to say, "Hey, we're the V and model view controller MVC." Now, I know those days are long. Those are the bygone days of Yori at this point.
Effectively, React/nex.js just does everything. I I just have a question.
Okay. Honestly, I don't really understand the entire appeal of server side components to begin with, right?
Your client goes over here, it makes a request, and all of this is to prevent yourself from having the N plus1 query problem. And you can also get some kind of cool page dynamic caching because the first moment you hit a suspense like component, it Oh my gosh, look at that line. That was a perfect line. Once you hit that first suspense, whatever the initial HTML that comes across the wire, that thing can be cached by a CDN and then all the follow-up stuff is only user specific data. Like, is that is that the entire reason why people use React server components? Am I crazy?
This is a lot of engineering just to avoid you thinking about how to load your data. I'm just going to throw it out there. I feel like you you could just you could just do this instead. You know, you could just load the data you need. I know. Novel concept. All right.
Well, looks like that's it. I just kind of wanted to yap about this for a little bit cuz I thought these this was pretty interesting. There's also one with cross-ite scripting and how it does some, you know, dangerously skip uh HTML, which is very funny, by the way.
Super super funny to see React.
>> What did I tell you? Right. Cross-ite scripting. You have to write dangerously set inner HTML.
>> The library in which you're not supposed to have to think about HTML and being able to do or like removing any of the escaped characters or anything like that. You don't have to think about any of that. Instead, you just hand it to React and it renders it correctly. And it just turns out you can't hand everything to React because some of the items underneath the hood, well, they're actually using set HTML dangerously and they weren't properly escaping things.
Very, very hilarious. Anyways, so if hey, if you're using React, you you better upgrade because even if you're not using XJS, you still got that problem I just showed you right there.
That's pretty serious, huh? Can I tell can I tell you like a little story that I'm a little ashamed of? Uh in 2016 when Netflix was flirting with uh with React and putting it on the television, I was a part of the initial performance uh side of things. And uh when comparing a very skinny app that has virtually no features to an app that's completely filled with features and has a decade of legacy code, you may, this may surprise you, but the uh the skinny one was faster. And so people kept pushing it.
And I'm not going to lie to you guys, during my dark days, right before I became jaded, but I I thought React was really great in 2016 and then I used it a whole bunch and then I saw what happened and then I I stopped liking React after that. I can't help it.
>> Yeah. I mean, this is everything, right?
Like we we went through a thread about this with Kubernetes, too, right? It's like, oh man, it's like super [ __ ] complicated, it turns out. Um, but it is magic when it's magic. All right. You know how he has a button that he hits when he talks about old guy [ __ ] and he's all of a sudden the old guy that yells at Cloud? I think I'm gonna make this version. Okay, I'm just gonna straight rip him off. Um, and uh, and I'm gonna make this version where I'm gonna float my little head. Okay, I'm going to be like here. Okay, I'm going to make an OBS of like of me up in there. Come on, grandma. Let's get you home. We used to write code by hand.
Mythos. What's a mythos?
I'll coober your nets. I don't know. I'm gonna I'm gonna make my version of that because I I also am certified and you guys make fun of me a lot for [ __ ] I talk about from, you know, basically the 1900s. And uh and so I think I need a bit of ank meme as well. UN that's what I'm going to name it when I make that screen in OBS. I'm going to name it. UNC screen.
Qbasic was your first language. Visual basic was my first language. Which is first when it was QBasic or Visual Basic?
Qbasic.
Oh, 1991 on MS DOS.
Visual Basic was the successor to QuickBasic.
Okay. Okay. 1991.
Uh yeah, I wrote my first code, like legitimate code in ninth grade around that time.
Um which was in some year.
Yeah, the Twin Towers were still around. We'll go with that.
Um, you're young. Well, I I've been I've been accused of a lot of things. Being young is generally not one of them.
I miss Doss and Apple, too, in the garage.
Lunchtime. Man, I am feeling like I I went and got that protein shake and that banana because I thought that that's what it was. I like keep getting like waves of like I'm going to pass the [ __ ] out. So, I think I'm gonna go home is what I think I'm gonna do, but I really need My team is yelling at me to record [ __ ] and Brian is sitting in chat right now. So, Brian's gonna be like, "Go [ __ ] record [ __ ] Matt, because I'm behind on uh on at least one video.
I should record something." What YouTube video should I make right now? I'm going to bang it out before I leave. We're going to do it. I'm going to muscle through it.
I can make it live. You guys want to stay on stream and I'll make one. I gotta make something. Should I make SISA leaked videos uh leaked keys for GloveCloud? That was a really good short. Should I make this whole GitHub thing being the next wave of npm? Should I do both? I should probably do [ __ ] both, shouldn't I? I should probably do GitHub and SISA, huh?
The problem is I have an editor now who is not uh gonna get this [ __ ] out today, right?
Because he's like a good editor. I'm a bad editor, so I put [ __ ] out the same day because it's bad. He's a good editor. Turns out that takes time.
Problem is, these are both kind of like news. Gove cloud thing. GitHub hacked.
GitHub hacked. So, yeah, I got to make both, right? Okay, we're going to make both. You guys aren't going anywhere.
We're going to do it live. All right, [ __ ] it. We'll do it live.
Sorry, I got to hide chat then and browser.
I gotta hide chat. Okay.
All right. We're gonna do it live.
METHOS, >> YOU CALLED FOR IT. All right. Uh well, I don't have to hide chat until I'm like ready to go, right? So, you guys can hang in and and talk to each other.
Oh, no. I'm live on LinkedIn and Twitter right now, too. I don't know if anyone's watching those things. That's like a very different vibe to stay live on those channels while recording a video.
Can I turn those off without stopping stream?
Let's try it. Boop. Boop. I can. I just went off on LinkedIn and Twitter. All right. Now it's just us. All right. It's just us, everybody.
Bye-bye, Twitter and LinkedIn. Sorry, I didn't say bye. I don't think anyone's [ __ ] watching on those things.
Anyway, what did I get on Twitter? Like 400 views on Twitter while I was live.
All right, LinkedIn and Twitter. I don't know why I just decided I was going to start flipping those switches and go live over there anyway, but we're over two hour mark.
Hey, Bill, if you're doing like the if you're doing your thing, turn it off here. I don't know if you could do that, Bill.
Bill was yelling at me yesterday for I I I had like some four or five hour streams and Bill was like, "Bro, trying to transcribe those is not fun." All right, GitHub hack.
Let's do GitHub hack first because I know about it. All right, we got this.
We got this.
We don't have that. We don't have that.
Don't have that.
Where's this thing? Here's this thing.
Okay. It's really just these three screens is all I really need. Right.
All right.
This is all I need. All right. I'm sorry. I'm sorry, Bill. Chat wants me to to do it live. I'm going to do it live.
All right, let's turn off.
I haven't I haven't recorded a YouTube video live on stream in weeks. I feel like I don't know what I'm doing. What do I do with my hands? What do I do with my hands?
I would go get some more coffee if I wasn't feeling like I was going to pass the [ __ ] out. Something's up.
Something's up. But we're going to bang it out. I got to do this and a short for Vanta.
All right.
Go in focus mode.
Go in focus mode so notifications don't [ __ ] me up. Let's go ahead and quit. Um, Slack.
Uhuh. Uhuh.
All right, let me just tell the team All right. All right. All right. I feel like I'm going to pass out often. So, you feel you. I don't. Random lightheadedness. Not Not a good Not a good sign, right? I'm sure I'm healthy as hell.
Um, all right. Sorry. just like letting the team know that I'm filming some [ __ ] Making sure that nothing's going to blow up on me.
Oh man, we had a massive storm last night um in Austin and I'm seeing like damage stuff come up.
All right. All right. All right. All right.
I forgot my daily peptide. I don't take [ __ ] peptides. Maybe I [ __ ] Maybe that's the [ __ ] problem. Maybe I'm not on enough like old guy drugs.
I have lost a ton of weight le recently and so I like just don't eat as much.
And so I thought that's what it was. I was like, "Okay, I just [ __ ] haven't eaten anything." So that's why I'm feeling shitty.
You just started peptiding. Which peptides are you on, Francisco?
If that's like, is this a HIPPA violation? You don't have to [ __ ] answer this question.
Just [ __ ] ignore me.
Crying tides. Roman, you're too young, right? The young kids aren't taking peptides, are they?
You need to ask your wife she's in charge.
Dude, don't wind up in a documentary that you're like catching [ __ ] your wife is just injecting random [ __ ] in you. Um, I need more burritos. Yo, you just picked my lunch. I'm gonna get a burrito. I'm gonna go to Cabo Bobs and get a burrito bowl.
They are for sure. Yeah, I'm going to do a burrito bowl for sure. You kind of miss Austin sometimes, but you don't want to visit during the summer. Dude, knock on [ __ ] wood. We have not gotten hot yet. It's this is well past when we got hot for the last few years.
So like we've had a lot of rain. I'm taking it. I'm taking it. You should visit during the summer. It's it's crazy. But like you the the trick is everyone just goes in the water. So no one works, right? You don't work. What is job?
Avoiding Texas summer is a good idea. Yeah. Yes.
Yes. Okay. Listen, I'm not like a Texas like cheerleader, okay? But Austin's a [ __ ] cool ass city and coolass ass cities are still cool in the summer. And it just so happens that like we have tons of really [ __ ] beautiful like public pools and springs and swimming holes and all this kind of stuff. So it's just like don't go outside if you're not swimming is like what I tell everybody. It does suck though because I really like rocking and cycling and stuff. I like doing cardio outside. I don't I [ __ ] hate the treadmill or like a stationary bike or like a rower.
It's just like I'm so bored, right? Um, so I like to just like put on a weighted backpack and like walk and oh my god, it's a completely different exercise when it's 98 degrees outside and the sun is beating on you. It's like, oh, this is like a nice, you know, normal walk.
And then you put the weighted backpack on, you're like, oh, it's like a zone 2 cardio thing, right? My heart rate is like 125. Like, cool, because I put the backpack on. And then it's [ __ ] summer and your heart rate is like 150 and you're doing the same walk and you're like, "Oh my god, this is no longer like a casual zone 2 workout.
This is like life or death."
All right, I'm banging this video out.
Let's do it. What's the hook? What's the hook?
I don't know. I'm just going to start recording because I'm overthinking it.
I'm overthinking it. I'm not going to script this. We're going to roll with it.
Okay. What other Hold on. I am overthinking it. What other things? So, GitHub's hacked is just the latest of Shy Hallude hacks, right? So, let's bring up like sockets blog, right?
Wh typo.
That could have been worse. Um, whoa.
Did they just launch a new [ __ ] website?
Oh my god, they launched a new website literally since yesterday because they raised all this new money.
Okay. Uh, Mini Shahid. Okay.
You're fresher in CS. What should be on the road map? What's up, Roit?
Um, wrote it, we're about to record a YouTube video. I I don't really have like career Q&A time um on me. Thank you for visiting stream.
I would be happy to answer your questions when I'm not about to record a YouTube video because as Francisco just said, I get squirreled.
Uh, listen to anything that Beacon Cow says when it talks to New Career. He's killing it in the new career game. By by the way, Roman, any news on your interview?
God, I'm so ADD.
Microsoft says, "Use our AI to secure your network, but they can't secure themselves." O, Brandon, O.
All right, you guys. You guys have fun talking about career stuff. Um, I need to keep you off screen.
Um, and then Okay. Any other writeups that I should bring up in this video about Shy Hallude? Or is this socket one probably pretty good?
This is probably pretty good, right?
Okay. So, what's what's the order of operations? We're going to do this, this, this, this, this. Okay, got it.
What's the hook? What's the hook?
Um, all right. We're gonna stop overthinking it and just record. How's my mic?
My god.
You This one time I recorded like a 45 minute session and my mic wasn't working.
They snubbed and did you dirty?
I have a job wreck cooking for more money in my current internship. I'll be converting this summer. That's cool.
What do you mean they did you dirty?
They like they didn't offer you the job or they lowballed you or some [ __ ] What's the hook here?
I think shy hallude is too niche of a term, right? You want the hook to be like normies.
Oh yeah, here's like another funny part here, right? is like, "Guess who owns npm, everybody?" Right.
Okay. Basically, hyped me up at the very end. Decided to go with another dude.
It's the [ __ ] worst after that many interviews that you went through. It's [ __ ] worse.
DM me who this is because they're on my [ __ ] list now that they [ __ ] with you.
That sucks.
All right. All right. All right. All right. Wait, wait. Full new swag. All new swag in the vid.
Pull the pull the shirt off my shoulders here a little bit. All right.
Boom. Boom. Look at that.
I'm like wearing it all unnaturally now because I want to show it on screen.
All right. Um, we're good, right? Let's do it. We're going to record.
Something's got to give with this supply chain malware.
The latest victim as of this morning is actually GitHub themselves.
Which is ironic.
Whoops.
Where is that? There. [ __ ] It's this one. Okay.
which is ironic because GitHub actually owns MPM and both of these at are at the heart of some of the biggest malware campaigns that we've seen in years that just show no signs of stopping whatsoever.
So what do we know about this GitHub breach? First of all, we saw that the thread actors team PCP which are behind the npm pi pie worms that we are just chasing right now.
The latest version of which is called mini shyude. Shyude the worm from Dune.
This mini one because when it first started it was smaller than the first iteration of this worm. It's hard to still continue to call this mini shyude by the way.
And the threat actors put up on some breach forums that all of github.com's source code was for sale. They were saying they would take about $50,000 for around 4,000 repos of GitHub's code.
This was the first that we all saw of this potential hack. And then GitHub came out on Twitter and said, "Yes, we're aware of the claims and we are investigating." Well, that was uh a few hours ago and then they came out and said, "Yep, confirmed. Uh we can say that we have been breached."
They said the more accurate number of reach repos is around 3,800.
and they said the root cause was that one of their employees downloaded a poisoned VS Code extension.
If you are a if you are a member of my channel, this will not surprise you. I just can't stop making videos a about these npm worms, but bactly use to get into it. One of which is about malicious extensions.
We saw Verscell get breached not too long ago because one of their employees downloaded a Chrome extension that wound up being malicious. Between browser extensions and IDE extensions, thread actors have your number. They can get code on your machine.
So, there's kind of a few ways that extensions wind up being bad and and malware, right? A, you download just a malicious extension that really has no other purpose, but to be malicious and you're tricked into it somehow.
This is what we currently see going on a lot in job interviews. You're in a job interview and they say, "Hey, we need you to download uh this IDE extension in order to proceed with the coding part of the exam." And that's actually just malware. And because you're in in an interview, you'll do anything they say.
These things are targeting specifically the cryptocurrency world and the extensions that they get you to installed are very related to Ethereum and stuff like that.
One of the other major ways is the otherwise legitimate extension turning malicious. And there's a few ways that that can happen. One, these extensions go up for sale, right? The developer is trying to make a buck and exit the game.
They put them up for sale. the thread actor acquires the extension and they're just buying access to your machine at that point if you are a user of of that extension.
Sometimes this is on the order of magnitude of hundreds of dollars, right?
So this is very very cheap broad access to a lot of people.
But that's not what happened this time.
What happened this time is well in the official news coming out from GitHub or any of the news sites they haven't named the extension but we think the the highest likelihood of the the root cause extension is this NX console one and Jeff here is the uh from the team that puts out NX console and NX dev tools and they said that they're talking with Microsoft who by the way owns GitHub who by the way owns npm and Microsoft said that they have evidence of 28 installs of this malicious version 18.95 of NX console.
The developers of NX console say that they think that there's over 6,000 installs of that malicious version. The malicious version was only up for about 11 minutes based on the timeline, but it has that many users that in that 11 minutes they have evidence that 6,000 people downloaded the malicious version.
If we go to their GitHub repo and their uh security advisory, this was actually two days ago. So meaning two days before we all knew about GitHub being hacked, the actual root cause extension came out and said, "Hey, by the way, we're compromised. Do not use this version of our software."
But then here's where just the irony gets thicker and thicker and thicker. A, this is just like a really good uh security advisory. I'll put it in uh the description down below because they've got the indicators of compromise like this kitty cat uh payload here. But if we go all the way down to the root cause, what does this look like? One of our developers were compromised by a recent security incident which leaked their GitHub credentials. So what happened? A developer of this extension had their GitHub account hacked. What does that sound like? Sounds to me and it's the same threat actor as team PCP.
Sounds to me like team PCP's npm worms, which by the way, if you look at all the stuff that the npm worm steals besides propagating itself.
Here's the list of secrets that Shy Hallude or Mini Shy Hallude or Team PCP are stealing in basically every attack and every compromise that happens. Right at the top of the list, GitHub tokens are one of the things they're after.
Why? Because they can use the GitHub tokens to propagate to additional repositories. This is what's making it a worm. But the entire time that they've been worming, sorry, accidentally scrolled there. The entire time that they've been worming, they haven't actually used that we've seen public evidence of all of these other secrets that they're stealing in every compromised machine.
There's a few things that are kind of keeping me up at night with this attack right now. number one like they're yes they're like worming through stuff but currently the only people that really need to worry about TPCP shy hallude mini shy halude whatever are developers because that's where the worm is going there you're installing an npm package that's what gets the malware on your machine normal people aren't installing npm packages developers install npm packages but there's nothing technologically stopping team PCP from using their access to instead of just propagating their worm into another GitHub repo.
Those GitHub repos are code on applications that normal users are using. So why couldn't they also then inject malware into uh you know a web app that is using this npm package and instead of just stealing the developer of that npm or the developer that downloads that npm package's secrets, they're propagating into web apps that have that code running on them and then can start stealing sessions or data from actual users.
Number one, we haven't seen a lot of that. Number two, this GitHub hack is actually a ripple effect that we haven't seen them do yet. They basically used the GitHub token of one of their victim accounts. They realized that that account actually gave them access to not just npm packages, but also a VS Code extension developer once they realized what they had.
and then they pushed their malware into that VS Code extension which then got them into a developer at GitHub's account and were able to steal a bunch of the repos. We also don't know if there was 6,000 other people downloaded this as per the author of this extension. It's a very low likelihood that GitHub is going to be the only victim. Team PCP has publicly come out and they even briefly open sourced their shy hallude source code and in the readme they actually said hey yeah this is vibecoded. So they've come out and said that they are using AI to write their malware write their worms. So that would also lead you to believe that they're probably using some AI powered tools to do their data excfiltration and other trade craft to move as quickly as they're able to move if they only have access for maybe minutes to hours because they only have uh access meaning to an npm package that they've published on the order of minutes right now.
Right? We're all on such high alert on npm or pi or ruby gems. They're so active. We're all on such high alert that any malware that hits these repos is found within minutes to hours at this point.
And then it's what's the speed of GitHub and npm actually taking that stuff down so more people don't download it.
That's one like level of how long they have access. The second level is anyone who downloaded it. Right? So that VS Code extension was only up for 11 minutes, but a developer at GitHub pulled that down within that 11 minutes. How long was GitHub compromised before they realized that let the thread actor actually exfiltrate those 3,800 repos?
And who else who knows what else they could have done? Like they had malware on that machine via that IDE extension.
There's nothing stopping them from just accessing source code from there.
Malware is malware.
they could have done a lot more damage and to not just GitHub. So again, we've been hearing a lot about the npm and pi worms. We haven't heard a lot about ripple effects. I think this is one of the first ripple effects and I think that this is much less severe than it could have been. $50,000 up for sale for some source code. Forget I mean it's a bad bad day for GitHub there. I've been there when source code goes out the door. You have days of rotating secrets.
You have your job at GitHub right now, right? It's been like 12 hours since they even found out about this breach.
Their job is to make that source code as not valuable as possible.
So all of the secret sauce or environment variables or anything else that could be useful in that source code, they are currently I know for a fact sitting in a war room trying to unpeel, right? Let's figure out what we need to rotate. What do we need to rewrite so it doesn't work like this anymore? What kind of vulnerabilities have we not patched because maybe low likelihood of exploitation, but now the likelihood is just shot through the roof. If people could just see that that vulnerability exists in source code and there's other information besides code that people store in repositories, lots of architecture do documents. I know a lot of companies build a lot of their technical infrastructure around GitHub.
So there could be entire wikis and repos filled with just sensitive documents about GitHub's inner workings that have nothing to do with source code or secrets or API keys or anything else that might be kicking around in there.
So I could have literally made a video pretty much every other day for the last couple weeks about these npm worms. I've already made like three videos on this channel about various npm worms. I think this tipped into the different enough uh category to to start talking about the ripple effects here.
But there's two other things I want to show before I sign off about what you guys need to actually be doing about it to protect yourself.
Number number one, and I've put this in a video before, but whiz, this is not sponsored.
Ramy is just a legend. Shay, I don't know you, but Ramy just great blog about how to harden your GitHub actions workflow. This is one of the ways that these thread actors are getting initial access into uh various GitHub repos in order to propagate their malware. was one of the initial attack vectors for uh this Trivy and Axios malware campaigns.
I think Trivy was actually the initial access and then Axios used Trivy and I mean we're still literally right now dealing with the ripple effects of these attacks that started with an attack on this GitHub action stuff.
There are tons of hardening things in this guide and they have tons of stats of whiz customers and just like other stuff about code security about how at best 20% of repos they see are are setting the right secure permissions.
Like 80% of repos that they study have very way too broad permissions that would allow these types of attacks. Once the attacker actually can get a foothold in these bad permissions are what lets the blast radius actually happen.
like all actions permitted on all repos.
80% of repos have all actions on all repos. We should be much closer to local only action like specific actions permitted on specific repos literally 0%.
Certain actions permitted on all repos 2%. That's not even the best. Selected actions on selected repos 1%. So like at best 20% of people doing things better, but really you're looking in this 0 to 1% range is like where they are like pointing people to go.
So go through this guide. We're not going to go through this whole guide.
Maybe this this deserves a whole another video. How to protect yourself against shyoo probably deserves a whole another video, but I'll put this guide in the description.
This is if you're like an org running a GitHub or the other thing that I would point you to if you're just a developer or maybe you're just even someone using the new Agentic coding tools. You're a citizen coder, right? You don't really know how to code, but you're using coding AI tools like Cloud Code or Codeex or Gemini or whatever it is. What is to stop you from accidentally pulling one of these malicious packages? I put a thread on Twitter. I'll also put this in the in the description below. This the the thread has some good tips in it. It also has some fire memes in it. But there are a few uh people that are putting out free, you can call them firewalls for different supply chain packages that are keeping the malicious packages out basically within minutes to hours of we us knowing about malicious extensions. These tools will make sure that your package managers don't pull them. It looks like Data Dog has a pretty popular one.
Uh Akaido has a pretty popular one.
And then and then this thread actually talks about socket security puts out a uh it's called SFW socket firewall. Uh looks like you can just install it pretty easily like this. And then my question to socket was great you could install this but then how do you make your uh your AI agent actually enforced to use it? And it looked like uh you could even alias, right? You could just alias PNPM or npm uh to use and pip to use SFW or any of the other free open firewalls that are in this thread.
And then if you want to take it a step further, it looked like a popular recommendation in this thread was to use hooks. This is like things that are built into all the major coding agents.
Now you could say there's like these pre hooks and you can uh enforce your coding agents to actually use PNPM or SFW or Akaido or data dog instead of just you know the raw npm install stuff.
I officially put this supply chain stuff up. I I've been saying like everyone's top priority is help desk fishing, uh voice fishing, SMS fishing. If you don't have an answer for what the big cyber criminal groups like Scattered Spider Lapsis, Shiny Hunters are doing, go look at their playbook. They're telegraphing their playbook from they're screaming from the rooftops what they do to hack companies. I I've been saying forever that's priority number one. If you don't have that solved literally nothing else matters. They're bypassing EDR. They're bypassing 2FA. They're just calling your help desk, getting all these things reset, going around them, and doing whatever they want to do. I'd say this is inching into tied for first place priority in terms of understanding how your software supply chain and your dependency management is not pulling down malware. It literally took GitHub one developer had an extension that probably was on auto update that pulled down a malicious version. That developer didn't do anything wrong. had an extension installed in their IDE in VS Code that was on auto update because in those 11 minutes there's no way that that developer pulled that stuff down manually. Auto update on a legitimate extension GitHub's hacked. If this doesn't mean that this is should inch its way to the top priority of your list, your IDE extensions, browser extensions, npm packages, pi packages, Ruby gems, your supply chain in and around your code, the thread actors are screaming that this is what they're targeting right now.
Get on it. If this was helpful, please do all the YouTube things down below.
Means a lot to me. And follow for more cyber security news.
All right, we did it.
We did it.
You could tell it's not scripted because it was bad. No, I'm just kidding. It was probably pretty useful, but not tight.
Let's get that up in G Drive so my editor has it.
And then we'll do the SISA one. The SISA one's just going to be a rant.
Yo, I have too many Google accounts and I like signed in this time that I like was on my computer. I signed in with the wrong Google account first for like my G Drive stuff, but it's just been such a pain in the ass since um raw YouTube files. Uh let's get this up.
New folder.
All right.
Boom.
All right.
You thought it sounded great. Thanks, Roman. F G G Willickers.
You can't even tell I'm almost passing out.
Do you have to do surprise shots for your thumbnails for your editors? No, I haven't done mimi ones. I kind of like he's got like a clip of me. I think it was like natural in a video. I think I just like went like this and he he's been using that. I don't know, man. I we we are not good at thumbnails.
You saw my you saw my click-through percentage in my metrics, right?
Not great. Not great.
I got to figure out my thumbnail game better.
Um, all right. Is anyone yelling at me?
Uhup.
I'm just telling my team to stop yelling at me. I'm recording. I'm recording.
Everyone chill. Everyone take a breath.
Matt's recording.
It's a good week when Matt records.
All right, look at this. I'm gonna I did a live stream and I'm going to record two videos and we're going to stop in under probably three and a half hours. That's great.
All right, sis. Sis sisa sisa.
Let's do it.
This This sucker.
I have things to say. I have things to say.
Uh, my Did you guys see the short on this? I kind of went a little spicy, which I think is why it's doing so well. I was like, the flaming corpse of the cyber security industry is how I started the video. Oh [ __ ] it's doing really well on Instagram. I didn't even look I haven't even opened Instagram in hours.
Um, Tik Tok's been a little [ __ ] for me lately.
Yeah. What the [ __ ] Yo, like so metrics like for short form video on Tik Tok, all the metrics on this scream that this thing should be going gang busters, right? So, for you non-content creators, here's here's like the the the metrics that matter. So, the amount of likes you get to views, like the percentage of likes to views, if it's over 10%. So, like currently it has 6,500 views and 682 likes. That's over 10%. It would need 65 650 likes.
So, uh that that's like an incredible good signal. Basically, if like it gets views and people aren't engaging with it, it's like they're scrolling past it, right? Then the other thing, it's a long video. It's like two and a half minutes long. It's like that's that's way longer than like the one minute like that they like to, you know, publish. 15% of people watch the whole video. That's huge. That's huge for a long video.
Huge.
I don't understand why this hasn't hockey stickked on TikTok. I do not understand.
Those metrics scream like the shit's gonna go well.
Sorry, you guys get the creator [ __ ] sometimes.
the flaming corpse of what is left of Sisa. Is that how I start the YouTube video, too? Probably how I should start the YouTube video, too. Huh?
Basically, what I'm getting at is every time you think you [ __ ] know what you're doing in video and I'm like, "Oh, yeah, look, the metrics are good." It doesn't. I No one knows. We don't know. like this one.
Everything says that this one should be going gang busters and it's not. So, I don't know.
All right, we ready? I'm going to bang two out. Two for two for this one's easy because I only need the Krebs article.
Sorry, I got distracted.
Let's do it.
All right, just continue to clear my plate so that I can keep recording.
Everyone back off. I know, I know, I know, I know. I run a company and things need to happen.
What is this? Hold on.
Team PCP is now teaming up with Lapsis.
GitHub auction $95,000 for their repos framed as no extortion single buyer supply chain story. What does Lapsis have to do with this?
It was $50,000 two seconds ago.
If teamc concerns as a lapses affiliate the github extension breach attribution shifts overnight.
So I'm I'm confused.
Oh my god. It's so like attribution is just fraught. A fool's errand.
A fool's errand.
All right, let's do it.
I don't think there's any updates on this one, right? No.
All right.
All right. Sorry chat. Gotta make you disappear again. Everyone say bye. Bye.
Did you guys Did you guys in chat have you have you seen this story yet? Did you already see my short or is this going to be fun for you?
This is like one of the crazier [ __ ] stories.
It's going to be fun for you. Okay.
You have not seen it, Roman. You're fired, man. You're fired.
You don't have alerts for my shorts, Roman.
What kind of intern are you?
the one that I currently give no work or money to.
Oh man, someone wrote, "Damn, how could GitHub have gotten popped with a malicious VS Code extension when Mythos already solved cyber security?"
>> Mythos.
How come sometimes I have to like push?
>> Sorry for not watching you sleep, man.
I wouldn't be surprised.
It's my money and I need it now. Yo, is JG Wentworth still in here? It's like someone someone else in chat's name. Did you see John Oliver did a JG Wentworth like video? I'm not. No, I can't. I'm not going to squirrel. I was literally thinking about the guy in chat whose name is 877 JG Wentworth. He's like one of my frequent chat homies and I saw John Oliver do a video about JG Wentworth. I was like, "Oh, damn. It's my homie." All right. All right. All right. All right. Lock in.
The flaming corpse of the cyber security.
I got to start like this again, right? I have to do this again. Okay.
The flaming corpse of what's left of CISA, the cyber security agency of the US government, just got breached or just did a data leak, I guess you could say, in one of the more embarrassing ways I've ever seen. This is just kind of a ridiculous article that we have to go through for so many reasons.
So, right off the bat, it was a researcher at a security firm, GitG Guardian, that found a GitHub repo that I don't know if someone at CISA thought that naming the repo private made it private, but just what a screenshot this is. Private SISA public. So, this is a public repo that got pushed and it's just absolutely filled filled with secrets that should not be public about internal CIS systems.
And the only reason that you and I know about it and we're talking about it right now is because the researcher reached out to a bunch of people and just could not get anyone to respond to them about this. And they realized what they were sitting on was so sensitive that they had to reach out to Brian Krebs, the journalist that could help make this public and get this information removed from the freaking internet. They were just trying to do the right thing and get this stuff not out there anymore.
Then the actual information in this repo is also just incredibly embarrassing like credentials and files including plain text passwords in CSVs logs of all sorts of internal systems including access to AWS govcloud systems. If you don't know the government uses their own version of AWS they don't use the same data centers as you and I. No, no, no, no. We couldn't possibly co-mingle such sensitive information with us. So they have GovCloud. It's its own thing. It's basically a dupe of AWS just for the government which is got even more protection so that it's not part of the you know crazy cloud that we all use that if two things are on the same server people are still scared that we can read other things on that server.
No, but we do publish keys to these things just in public GitHub repos.
Passwords stored in plain text in a CSV.
Backups in Git, explicit commands to disable Git secrets detection feature.
Oh yeah, hold on. We didn't even get to this. They have evidence in the commit history that shows that the CISA administrator disabled the default settings in GitHub that block users ability from publishing SSH keys and other easily identifiable secrets to public repos. like this is built into GitHub because so many people constantly push SSH keys, API keys, things that are easily reaxible, right, with that that GitHub could stop from going out to public repo that is a feature nowadays because it's so prevalent and that was actually disabled as a protection.
The researcher thought that this was fake as they analyzed this because they were like there's no way that this is actually out here. And I want to jump ahead a little bit because we do have a quote from a SISA spokesperson which listen I am shocked shocked that someone is still on payroll at SISA that is a spokesperson because they have just absolutely gutted this place with budget cuts over the last few years. But they say currently there is no indication that any sensitive data was compromised as a result of this incident. Which I guess password CSVs are not sensitive data these these days. I I I think what they probably mean is that it doesn't look like anyone besides the researchers uh got a hold of this and actually used this information as part of like a data breach. So this is just like a data leak that we get to all read about in the news, but they're saying that there isn't ripple effects. Okay. And then they go on to say, "We hold our team members to the highest standards of integrity and operational awareness and we're working on additional safeguards to prevent future occurrences." Excuse me. It is really, really hard to look at that quote in the same article as we disabled the feature in GitHub that would have prevented this. We pushed plain text password. Why do plain text passwords exist in any CSV anywhere? And then if we go down the people actually analyzing the passwords, where is it?
Here you go. I don't even need to scroll from the we hold our team members to the highest standard paragraph to see that the the plain text passwords which shouldn't have existed in a CSV file anyway, but they were easily guessed passwords for a number of internal resources and many of them were a password of the platform's name followed by the current year.
I mean, I just can't like this is early 2000 security stuff going on here. The researcher said such practices would constitute a serious security threat for any org, even if those creds were never exposed externally, noting that threat actors often use key credentials exposed in internal networks to expand their reach after establishing initial access. Yeah, this is just insane. This is why this is so embarrassing.
So, yes, it seems like we have evidence that this was actually a contractor that was trying to like duplicate their work between machines, though they said like we don't have a lot of uh breadcrumbs in the git history to determine like which machine was used for this, but it just kind of smells like a contractor that was trying to do some government work on a different laptop and was using GitHub to sync all the important stuff between those two laptops and just happened to do so publicly.
But then another researcher uh that was part of this actually tested the AWS keys to the GovCloud system which I would have been terrified that the helicopter would have landed on my roof and people would have been breaking through the windows if I used leaked keys to try to get on to AWS GovCloud.
But this guy with absolute guts that just went in and were like, "Well, I just want to validate that these keys are actually a thing because what are my I did a short on this yesterday and what are my comments filled with? This must be a honeypot. There's no way that this is legitimate." Well, here you go. You got this researcher logging into GovCloud. And then what did he see when he got in there? Uh, he was able to touch the Artifactory system for GovCloud.
He validated the exposed credentials could authenticate to three AWS GovCloud accounts at a high privilege level and he used plain text creds to CIS's internal artifactory. So this is a internal repo of all of the images and code packages that they're using to build the rest of their software. So he could have used these creds and instead of just stealing information could have impacted the actual build artifacts of a bunch of internal CIS systems to have laterally moved established persistence a whole bunch of nastiness.
So, it literally took Krebs and this other uh firm Seralis notifying SISA to get the GitHub account taken offline. I don't know why that original researcher couldn't get a response, but of course, if you see an email from Brian Krebs, you best be answering it because it's not a good day for you.
Even after the GitHub reboot was taken down, the exposed AWS keys continue to remain valid for another 48 hours. This is embarrassing. This is embarrassing.
I've been incident response at high level at organizations like this when source code goes out the door when secrets go out the door. 48 hours of known creds not being rotated is insane.
Creds that you know were leaked and public is insane. That is incredibly slow. Okay, incredibly slow. I am not a fan of like dunking on people during a breach or a data leak. It's not that's not me. We've all been there. Security is hard. Budgets are hard. This is crazy. This is this shows a lot about just like the basic security hygiene of the cyber security agency of the government. That's their job is to help other agencies raise their security bar, right?
What is what is show what is this showing us? I mean I I'm sorry I'm freaking out again like don't throw stones, you know, we've all been there.
This is all hard. This is even if this GitHub repo never went public. What this showed us about the internal security practices of what's going on behind the the firewall, right, is is ridiculous.
Is ridiculous. Even the speed of response tells us a lot.
I know that if I worked anywhere and that we got an email from Brian Krebs with a list of of AWS keys that they had just used to get into our AWS accounts.
How do you not have a pager and that stuff shut down within minutes? I have no idea. I have no idea. I've worked for places with much smaller budgets and much less at stake than what is at stake for SISA. Uh, and I got the page at one o'clock in the morning and had that crap turned down and responded to. 48 hours to get a few AWS keys rotated when you got the cyber security investigative journalist knocking at your door telling you that the emperor's got no clothes.
I'm losing my mind. This is embarrassing. There's not even a lesson to be learned here. The lessons to be learned here were learned 15 years ago.
Usually I talk about a breach. I'm like, "Hey, this is what modern threat actors are doing. This is what we got to do.
Supply chain malware and like they're fishing our help desks and like you got to really up your game in all these areas." The lessons that we could be learned from this data leak were learned in 2008. I don't I don't understand what's going on.
I'm sorry if you work at SISA and this hurt your feelings. I'm sure there's tons of really good, talented employees that are still there because they believe in the mission and they've survived the budget cuts. Uh, hug ops to all of you. Uh, this is crazy. This I I wish we got more than those couple lines from the spokesperson that said, "We hold our teams to the highest standard," which nothing in this article points to anything close to the highest standards that you would expect from an agency like this.
Do all the YouTube things down below.
Follow for more cyber security news.
All right.
What's up, chat? You're back. I turned you back on.
[ __ ] nuts.
[ __ ] nuts.
Knucking futs.
All right.
Um, welcome back MJ. It's a proper titty twist. Guy, I really don't like making those videos. I really really don't. I'm not even [ __ ] around at the end of the video. I don't like breach porn doesn't do it for me. You know what I mean? Like, you don't you don't want to just be the guy that's like, "Look at this [ __ ] company that did security wrong this one time." You know what I mean? We've all done it. We've all done it.
We've all all all done it. That's bad though.
That's bad. I mean, they say like we think assisted contractor was using this GitHub to synchronize files between work laptop and home computer. The fact that there aren't so many layers that wouldn't allow that to happen is insane.
You know what I mean?
The fact that there aren't just so many layers that like would fit like that would make this whole thing fail is insane.
You had me on mute. It looked like I was freestyling. Oh boy. Spit hot fire. Top five rappers of all time. Dylon. Dylon.
Dial. Dylon. Dialon. Spit hot fire. Dial spits hot fire.
It's a combo of bad practice cover up and laxidasical recovery. Yeah, dude.
Yeah, dude.
The agency has lost nearly a third of its workforce. I mean, it's hard to [ __ ] blame him, right? Like, what could the morale be like over there right now?
It's like, could you imagine anyone working at Meta right now?
That's insane, right? like knowing all the layoffs are coming and like you know same with this right who who the [ __ ] is working at CISA going yeah my job is safe here did I hear Mark do Oh no, I didn't listen to that. Is that on Twitter or something? Where is that?
Is this it? Let's listen to it. layoffs are top of mind, but there were also some um so in other news, I know layoffs are top of mind, but there were also some updates this week around um and a question around employee device tracking. So, can you share more on employee device tracking?
>> I know layoffs are top of mind, but like can we just quickly uh change gears and talk about how you're training internal AI models to replace all of us by watching all of our keystrokes and mouse movements?
who the [ __ ] is working here?
>> Um, I think the way that it was announced left folks Yeah. So, okay, let's let's talk about what we're doing.
Um, you know, like Alex just said, going into what makes these AI models great, right? There's basically a few key ingredients. There's getting the research and the architecture good.
There's having good infrastructure which is both the quantity of compute but like as important if not more is is also just like how efficiently can you use it? How reliable is it? What like what is the the quality of that? And then the third piece which is in in some ways it's hard to say that any of these are more important than the other because they're all necessary is effectively the data and what knowledge it learns. Um, so we're in a phase where basically the AI models learn from having really from watching really smart people do things.
And if you're trying to get it to be able to be able to do certain capabilities, having it be able to observe really smart people doing those things is is very important. So there are a few you got you guys hear what he's saying, right? Of course, we need to observe our really smart people if we're ever going to get an AI model to do the things that our really smart people do right now so we can not have the really smart people around anymore, right?
examples of where we're trying to do this across the company because one um one basic insight and hypothesis that we have is that a lot of data generation across the field is done by these like contract companies. Um and Alex knows a bunch about this because he ran one before coming here but um in general the average intelligence of the people who are at this company is significantly higher than the average set of people that you can get to do tasks if you're working through the contract. um through these contractors. So if we're trying to teach the models coding for example, then having people internally u build tools that or or solve tasks that um that help teach the model how to code we think is going to dramatically increase our model's coding ability faster than what others in the industry have the capability to do who don't have thousands and thousands of extremely strong engineers at their company. So that's one example. Another thing that that our that our system needs to be very good at is using computers. So the way that you get a system to be good at using computers is by having it watch really smart people use computers. So that's basically the essence of what we are trying to do here. Um we are we're rolling it out in a way that is like you know it's like we we're basically we're not like actually no human or anything is like looking at or watching what your um what people are doing on their computers. the content is sort of um you know stripped out um in like as as as much as is as possible um guys everything you do on your corporate machine of of course people can watch of course right yes humans can look at it Like, and like also why would it be any like more comforting? Like if if you have a problem with that, like why would you have less of a problem with like the AI thing is watching everything you do on your computer?
>> It's like none of the data is being used for like looking at what people are doing or surveillance or performance tracking or anything like that. purely just like we are using this to feed a very large amount of content into the AI model so that way it can learn how smart people use computers to accomplish tasks. Um I think that this is going to be a very big advantage um if we can do it. So anyway, that's what we're trying to do. Um I think that there are going to be >> So he literally didn't say anything to it wasn't like hey just like clear this up because you know you guys might not feel a certain way about it.
You know what I mean? He just was like, "Yeah, that's like the thing that like you have a problem with. That's what we're doing.
Um, uh, I have a take that I've seen.
Here's another reason I don't like this guy. And some of you in here know this already.
This guy's like, "It just makes an outrageous amount of sense for companies to use the work they're paying employees to do as training data. Otherwise, you would have to generate fake work and pay more people to complete the fake work."
Of course, this guy, this guy really bugs me, man.
It makes an outrageous amount of sense that companies would use the work that they're paying for Oh man, this guy bugs me.
Wait, where'd it go?
I lost it. I can't keep clicking around.
Here it is.
probably other things around the company where we basically try to enlist the fact that we have uh just like a very high quality set of people to teach the AI systems to do different things that we need to get them to be able to do over time. Um so this probably isn't the last thing like this. Um and there but I think it's this is like an interesting strategy I think that we want to uh we want to see how well it does. At this point it's um somewhat of a hypothesis.
will actually be able to complete the loop to see how well um these kinds of things actually improve it. If they don't, we won't do more things like it.
If they do, then we'll probably do more things like it. So, um so that that's the that's kind of the basic thing. Um in terms of how we communicate about this, I mean, this stuff is tricky. I think we're >> Yeah. Not just first Tanstack and now GitHub tan GitHub because of Tanstack.
The VS Code extension that the developer at GitHub downloaded was popped by the npm worm because of Tanstack.
>> Yeah. I mean I I think like when I was looking through the the details of this, there's like all these things that we could have done better. So that yes I mean yes acknowledged and we we'll we'll try to improve this. The the kind of core tension on this is that um we want to communicate as clearly as possible about what we're doing while not having all of the details of things that we think are going to be strategically differentiating leak immediately to the two competitors. And so I think part of the challenge, >> yeah, he he has an issue, right? Cuz his company's a too big and morale is too low that of course every announcement that goes out to the company is immediately leaked, right? He's got so many people there that like are not happy to be there, right?
Like, you know, I I worked at smaller companies with like less morale problems where like leaks happened occasionally, but like I mean, this was probably within moments of this [ __ ] happening.
So, he knows like Zuck knows that an all hands of internal employees is basically a press conference at this point.
>> Is like we are a pretty big company. If we post stuff publicly, it leaks. Um, some things matter more if they leak than others, right? Like if we're building something in our, you know, ad system, for example, or our infrastructure that's like bespoke to us and it's not something that other people are going to copy and it leaks, it's like not that big of a deal, right?
Maybe it's kind of annoying. I think we know that AI is like one of the most competitive fields, right, in like probably in history. So anything that can give us that can make our the quality of our thing better um is generally not something that I think it is in our strategic interest as a company to lay out the details in a lot of detail knowing the physics of the situation is that that stuff is going to leak. So I I think you will have to um we're we're just going to have to navigate that and it's going to be a little bit different on a thing by thing basis in terms of how we communicate.
But I I actually think it is like not strategically in your interest for us to communicate everything like in all the detail that we normally would on this.
Um but I think we do need to try to make sure that we get this right. Um and and and communicate enough so that people understand what's going on. So um this I think will be a continued thing that we're trying to navigate.
>> This is this is insane. Could you imagine working someplace that you can't trust enough of the people around you that like so many things just have to be a need to- know basis at your own company?
Like how much does that suck, right?
That like you don't have just like a co-worker environment that like that can be transparent like everything has to be need to know.
It's part of the the complexity of of trying how do we navigate running the company through what is just this incredibly dynamic period. I think that there's like lots of things that I think people would like more certainty on than we have lots of things that people would like more details on that it's not necessarily like it's not that any it's bad for any one person to know but it is bad if it leaks and and I I don't know how we how we how we exactly navigate that. So that's that's the basic situation on that.
>> That's rough.
That's rough. That's a rough place to be.
What are the quote What are the quotes on this? Just flaming him.
Yeah, he's just getting dragged.
Man, that's brutal.
That's brutal. Ranger Foundry. Uh, if you go watch top of stream on VOD, you can catch some more. We and I just recorded a a dedicated YouTube video about the topic. So, we've talked a lot about the GitHub thing already. I'll give you the I'll give you the quick once over since you're here and I appreciate you being here. Um, GitHub some thread actors put said on a a forum that they were selling GitHub's repos. GitHub said they were investigating last night. This morning they said, "Yep, this happened. It's because a developer downloaded a poisoned VS Code extension." Uh they didn't say which VS Code extension, but we think that it's this one, NX Console.
Uh and then these guys came out with like a writeup, and their write up says that one of their developers got their GitHub accounts uh cred stolen.
Uh and then I I I even just saw after I recorded it that uh I mean that looked like it it's it looked and smelt like npm worm. Um, but I I then saw someone say Tanstack.
Uh, let's see if I saw some I saw another tweet say that I can't find it, but yeah. Anyway, I I I thought it was the npm worm for sure, but then someone said that uh the NX console hack was because of Tanstack, so that's why it's crazy.
Oh my god, the best tweet of the week.
Oh my god, so good.
Oh, it's just so good.
H, come on. This is Museum of Twitter.
Francisco, did you see who I pulled up and their reaction to uh the Zuck thing?
Jay, it's GitHub saying they're investigating unauthorized access and someone replied to them. Holy [ __ ] how' the attackers find a large enough uptime window to get in?
Just Museum of Twitter.
You were looking away. Yeah, it was Austin.
Yeah, it was Austin. It makes outrageous amounts of sense for companies to use the work that they're paying employees to do as training data. Of course, he had a [ __ ] take on this, didn't he? Just of course.
Of course.
Oo, Austin Larson liked my tweet.
All right, guys. I'm going to go try to fix my feel like shitness.
I don't know why I've like had like waves of being lightheaded all day.
I've hydrated. I've ate. What is flow state and 200 jewels even mean?
Jay, I don't even know what you just did. I've never seen that alert before.
I don't know what a jewel is.
What was that?
I'm guessing that cost you money, so thank you.
I literally don't know what that was. Is that YouTube's answer to bits? Twitch's bits. I appreciate you.
What up, Coyote? Sorry, I'm wrapping stream. I know you just got here, but I'm wrapping up. I'm gonna go [ __ ] maybe eat something. There is no sun today. We got crazy storms blowing through Austin right now. Did I show you guys the radar last night? It was like the craziest storm that I'd seen in years.
Look at this [ __ ] Boom. Look at that.
On the radar last night. We got [ __ ] God, man. Branches everywhere.
Branches down.
Your flout. Your flight rerouted.
Wow.
Dude, Storm was nuts. Nuts.
Um, I'm not going to watch it on stream because I'm getting off, but I'm really interested in in Theo's >> um Theo's most recent video, Google can't be trusted.
Uh, super interested, intrigued in the title, intrigued in some tweets I saw about it. So, I'm going to watch that later today. Just letting you guys know what I'm going to be watching.
We'll do a LinkedIn about it for sure.
Also, it's pronounced Brown. No one calls me Coyote. I got you. Okay, Brown.
Coyote just was more unique part of your name.
I got you, though.
Um, all right, sweet. I'mma go. I'm gonna maybe eat some more food, lay down. I don't know. I I haven't had the lightheaded thing since I recorded those two YouTube videos, but like right before that, I was like, "What the [ __ ] is going on?"
Oh, you went to Tampa Bides, dude. I see pictures from there. It seems like one of the bigger bsides ever. So, I hope you had fun.
All right, guys. I will be live tomorrow um morning. We're gonna we're going to do the newsletter. We'll we'll we'll put a bow on the news for the week. Um and then as I teased earlier, yes. Uh it sounds like I'm launching a podcast uh with another big YouTuber that you guys know. Uh we're going to do it on a new channel. It's going to be its own thing. It's not going to be on my channel or his channel. We're starting a new thing. We might record the first one on Friday. Get kick the tires a little bit. Um we're going to see what the format is and all this. We'll probably do um some news and some guests, right? Um and so uh yeah, I'm excited about it. We're going to do uh yeah, we're going to do the podcast thing. So that'll be cool. Um, so keep an eye out for that. Maybe next week, the week after to announce it. We're going to see how recording goes. Um, how recording goes this week. So, um, appreciate you guys. If you caught just the end of stream, VOD is up and, uh, and I'll see you guys tomorrow morning. I'll be live normal time. I know I started late today because I had to talk to a customer in Dublin who can only do the mornings, but tomorrow morning should be normal time. So, I'll see you kind of in the first part of
相关推荐
Ubuntu Touch Q&A 190
UBports
241 views•2026-05-17
Learning k8s ep. 3 - The end of the VM
devcentral
102 views•2026-05-15
Iterators and Generators: Real Use Cases
jsmentor-uk
188 views•2026-05-17
TCS NQT Coding Questions Solution (One Shot) | TCS NQT Preparation 2027 | TCS Actual PYQ 2026
knacademy20
2K views•2026-05-17
The 4 Bit AI Training Trick
explaquiz
414 views•2026-05-19
Image to 3D World Workflow 👀
badxstudio
843 views•2026-05-16
Why Learn Algorithms in the AI Era
bitsandproofs
245 views•2026-05-17
NFA - Transition Diagram and Transition Table
nesoacademy
198 views•2026-05-19
