Trending on GitHub
Be careful if running any kind of AI thingamajig on your laptop - put it in a sandbox with strict permissions. I havenβt looked into this in detail.
GitHub - microsoft/BitNet: Official inference framework for 1-bit LLMs
github.com/microsoft/Bi...
For the org management account.
I certainly hope you are reviewing all IAM policies written by AI. π€
Then it needs to deploy a bunch of stuff in other accounts.
I had it write the role creation script for the root account in a dedicated project. It read the other project requirements and code and ALL the permissions needed by every other role.
In the role policy creation script.
This AI chatbots π€ do while vibe coding:
I have a complex bootstrap script to set up an environment for my batch job framework. It needs to create accounts with a role in the root account. And that is all it does in the root account. That is in my requirements.
Here we go again.
I donβt have the patience to rewrite all this here. Join me on April 10th to discuss AI.
infosec.exchange/@teriradiche...
What are the chances this is really Apple Support? And why is my Mac trying to connect to ip addresses instead Mountain View California right now instead of domain names. Donβt have time for this. 64.233.176.254 @google @apple
You cannot trust code written by AI. But you can still use it to write code faster.
Latest - building my whole batch job framework with AI now. Obviously going to need a lot of review. But will allow me to run my pentesting jobs more easily on new targets and pentests.
VPC endpoint costs add up fast. I wish there was a way to reduce the costs of those without changing or downgrading the security of the architecture. Maybe if they could be a standard AWS pay only for what you use pricing model they would cost less.
One thing I noticed when I logged in today and asked Kiro to review the code across the four projects I broke this into is that it launched four subagents to review the code. I suspect this will produce better results and quicker analysis.
This turned out to be more complicated than expected of course. Gonna be a minute. The LLMs wrote really insecure code. Blogs coming.
A Script To Monitor Application Network Connections π How would you spot a reverse shell such as was used in Lexus Nexus breach? I vibe coded this script to see parent and child processes with application paths, process names, IPs, ports, IN or OUT.
teriradichel.substack.com/p/a-script-t...
Kiro CLI (opus actually) told me it was βjust thinking out loudβ and this amuses me too much. Iβm delirious from AI overload. π€
Yubikey Push To Run A Lambda Function πβοΈπ€ Leveraging a framework to kick off deterministic or AI agent batch jobs and workflows
teriradichel.substack.com/p/mfa-to-run...
Wondering why if Netgear is a US company when I go to login it is directing me to cognito-idp.eu-west-1.amazonaws.com
They donβt always report issues that only affect a few customers. Also not sure if it was me or my network. Weβll see how it goes today.
Lexus Nexus Breach Involving AWS Secrets Manger, RDS, ECS πβοΈ
Taking a look at the root cause of a breach on AWS, what is actually relevant, and how it may have been prevented
teriradichel.substack.com/p/lexus-nexu...
Never underestimate the value of the OGs.
Took a look at the health dashboard and does not show anything is wrong,
But I did notice Amazon was down today due to deployment issue. Hmm.
I got the commands from Google aimode which was working fine. So I think it was something specific to AWS. I even turned off my firewall to try those actions *gasp* and did not work.
Other parts of AWS console were slow but working. Finally I just opened CloudShell and ran commands to stop all instances and verified stopped.
Looking at the network traffic I can see my browser is trying to reach sa regions when it should stay in us-east-x. I also saw us-west-2 and ca.
I also saw a bunch of denied traffic to sa GuardDuty and other domains with sa in them and the global console domain.
For some reason I could not get to the AWS EC2 dashboard just now to stop an instance. I was trying over and over and looking at all the network traffic.
I had also just created a new account and could not add MFA to it. It kept rejecting my Yubikey. The screens looked different.
This test cost me $75. I thought I had deleted all the resources the same day. Turns out I missed some in an alternate region.
Iβm doing some testing here. I would *never* trust AI to deploy resources based on a prompt if I wasnβt researching something. Use AI to build deterministic scripts to deploy infrastructure on AWS. Then test and verify they work correctly before you use them in production.
Then it proceeded to set up an EC2 reserved instance associated with that service (yes really) in a region I wasnβt operating in.
I set up a script to deploy resources under a certain cost threshold. Turns out the AI intelligent brain thought it was good enough to just pick the first result in the price list for that service. Which was something cheap for a particular service.
But rather than tell me that itβs not possible, I got back plausible results with a spot check. It never told me what I was requesting was not possible. It just gave me a script that does something related.
Next, I had AI write a script to calculate the cost of running any AWS command. You canβt. (I added to to my AWS wishlist on builder.aws.com)
I think I told it to figure out and use the current region in the prompts. Can double check but will be creating a specific SCP for my lovely and creative agents.
