GenAI

mcp-scan – Real-Time Guardrail Monitoring and Dynamic Proxy for MCP Servers

November 17, 2025

mcp-scan is a dynamic proxy and guardrail monitor for MCP servers, providing real-time traffic inspection and enforcement for agents and tools.

Buffer

GenAI› Read More

Red Teaming LLMs 2025 – Offensive Security Meets Generative AI

November 5, 2025

Offensive red teaming of large language models (LLMs) in 2025 – actionable tactics, case studies, and CISO controls for GenAI risk

Buffer

GenAI› Read More

mcp-scanner – Python MCP Scanner for Prompt-Injection and Insecure Agents

October 31, 2025

mcp-scanner: Python tool to scan Model Context Protocol servers for prompt injection, jailbreaks, and insecure tool patterns.

Buffer

GenAI› Read More

LLM Black Markets in 2025 – Prompt Injection, Jailbreak Sales & Model Leaks

October 8, 2025

Explore how LLM black markets in 2025 trade prompt jailbreaks, model leaks & exploit tools, insight for red teams, CISOs & threat intel.

Buffer

GenAI› Read More

AIPentestKit – AI-Augmented Red Team Toolkit for Recon, Fuzzing and Payload Generation

September 29, 2025

AIPentestKit bundles AI helpers for red teams: Burp plugins, payload and wordlist generators, webshell bypass tools and a tasklist analyzer driven by large language models.

Buffer

GenAI› Read More

HexStrike AI – Multi-Agent LLM Orchestration for Automated Offensive Security

September 22, 2025

HexStrike AI orchestrates LLM agents to run 150+ offensive security tools, automating reconnaissance, exploit selection and campaign execution.

Buffer

GenAI, Hacking Tools› Read More

LLAMATOR – Red Team Framework for Testing LLM Security

September 12, 2025

LLAMATOR is a Python framework for red teaming large language model systems with preset attacks, multi-client adapters, and reportable results.

Buffer

GenAI› Read More

PyRIT – AI-Powered Reconnaissance for Cloud Red Teaming

August 4, 2025

Use PyRIT for automated reconnaissance against Azure environments with GPT-4 integration. A unique red team recon tool built by Microsoft.

Buffer

Countermeasures, GenAI› Read More

Argusee and Agentic AI in Cybersecurity

June 11, 2025

Explore Argusee, a multi‑agent AI tool that found CVE‑2025‑37891 in Linux USB. Understand how agentic AI is transforming vulnerability discovery and SOC automation.

Buffer

GenAI› Read More

MSSQLand – Lightweight MS-SQL Interaction Tool for Lateral Movement and Post-Exploitation

MSSQLand is a .NET Framework 4.8 utility designed for interacting with Microsoft SQL Server database management systems during red team operations and security audits. Built for constrained environments where operations must be executed directly through beacons using assembly execution, the tool enables operators to traverse linked SQL Server instances, impersonate users, and execute actions without needing complex Transact-SQL (T-SQL) queries. The project was released in March 2026 and fills a critical gap in SQL Server post-exploitation workflows where traditional database tools are unavailable or impractical.

Unlike SQL Server Management Studio (SSMS) or Python-based tools like mssqlclient-ng, MSSQLand is optimized for lateral movement scenarios where an operator already has initial SQL Server access but needs to pivot through linked instances or escalate privileges via impersonation. The tool automates the tedious process of manually crafting Remote Procedure Call (RPC) and OPENQUERY statements across linked server chains, allowing red teams to focus on execution rather than syntax debugging.

Features

Linked server chain traversal with automatic OPENQUERY and RPC Out handling for multi-hop SQL Server scenarios
User impersonation via EXECUTE AS USER to escalate privileges within database contexts without needing system-level permissions
Configuration Manager (ConfigMgr) support for exploiting and enumerating Microsoft Configuration Manager deployments (formerly known as SCCM/MECM)
Connection testing mode that validates credentials without executing queries, ideal for a minimal OPSEC footprint during reconnaissance
Clean Markdown-compatible output tables suitable for direct paste into engagement reports and documentation
CSV export format option for automated processing and integration with other toolchains
Assembly execution ready, built with Cobalt Strike, Havoc, Sliver, and other C2 frameworks in mind
Multiple authentication methods, including Windows authentication, SQL Server authentication, and Kerberos tickets (via external tools)

Installation

MSSQLand is distributed as a pre-compiled Windows executable. Download the latest release from the GitHub Releases page and transfer the executable to your target environment or beacon working directory.

# Download from GitHub Releases
# https://github.com/n3rada/MSSQLand/releases

# For operators compiling from source
# Requires Visual Studio with .NET Framework 4.8 SDK
git clone https://github.com/n3rada/MSSQLand.git
cd MSSQLand
# Open MSSQLand.sln in Visual Studio and build for x64 Release

The tool is designed for assembly execution from C2 frameworks. No installation or registration is required on the target system, making it suitable for operations in restricted or monitored environments.

Usage

This repository does not provide a global --help flag in the traditional sense. The following usage information is reproduced verbatim from the README and GitHub documentation.

MSSQLand.exe <host> [options] <action> [action-options]

# Connection test only (no action executed)
MSSQLand.exe localhost -c token

# Execute specific action
MSSQLand.exe localhost -c token info
MSSQLand.exe localhost:1434@db03 -c token info

# Linked server chain traversal
# Format: server:port/user@database or any combination
# Semicolon (;) separates servers, forward slash (/) specifies impersonation
MSSQLand.exe localhost -c token -l SQL01;SQL02/admin;SQL03@clients info

# Configuration Manager actions (cm- prefix)
MSSQLand.exe sccm-db.corp -c token cm-devices
MSSQLand.exe sccm-db.corp -c token cm-scripts

# CSV output for automation
MSSQLand.exe localhost -c token --format csv --silent procedures > procedures.csv

The tool supports flexible host specification, including optional port numbers (default 1433), user impersonation contexts, and database contexts. Linked server chains use semicolon separators and support bracket notation for server names containing delimiter characters. Port specification only applies to the initial host connection; linked servers use configured names from sys.servers.

For detailed action-specific help, use the -h flag with a search term or append -h to an action name. For example, MSSQLand.exe -h adsi shows all Active Directory Services Interface-related actions, while MSSQLand.exe localhost -c token createuser -h displays detailed help for the createuser action.

Attack Scenario

A red team operator gains access to a Windows system during an assumed-breach engagement. The operator discovers that the compromised user account has SQL Server authentication credentials stored in a configuration file. The target environment uses linked SQL Server instances across multiple tiers (web database server, application database server, reporting database server) with trust relationships configured between them. Traditional lateral movement paths via SMB or WinRM are heavily monitored, but database connections are considered normal administrative activity and generate minimal alerts.

The operator loads MSSQLand via Cobalt Strike beacon assembly execution and performs a connection test to validate credentials without triggering database audit logs. The test confirms access to the web tier database server. Using the info action, the operator enumerates linked servers and discovers that the web tier server has an RPC Out trust configured to the application tier server, which in turn links to a reporting server with elevated privileges. The operator constructs a linked server chain using the -l flag, specifying SQL01;SQL02;SQL03, and executes commands through the chain without needing to manually craft nested OPENQUERY statements.

From the reporting server context, the operator discovers a Configuration Manager database. Using MSSQLand’s cm- prefixed actions, the operator enumerates managed devices, scripts, and deployment packages. The cm-devices action reveals high-value targets, including domain controllers and executive workstations. The operator extracts device records, identifies targets with recent check-in timestamps, and uses the information to prioritize next-stage objectives. The entire reconnaissance and lateral movement phase completes without generating suspicious PowerShell or WMI events, as all activity flows through legitimate SQL Server protocols.

Red Team Relevance

SQL Server lateral movement remains underexploited in many red team engagements despite its prevalence in enterprise environments. Linked server trust relationships frequently span security boundaries, allowing operators to pivot from low-privilege web application databases to highly privileged reporting or Configuration Manager instances. MSSQLand removes the primary friction point in SQL Server post-exploitation: the need to manually construct and debug nested T-SQL queries while operating through a beacon or constrained shell.

The tool’s assembly execution design makes it particularly valuable for C2 frameworks where interactive console sessions are limited or monitored. Operators can execute complex multi-hop database traversals with a single-line command, reducing engagement time and minimizing the detection surface. The Configuration Manager support is especially relevant given that SCCM/MECM databases are high-value targets for privilege escalation and infrastructure mapping, yet often lack the hardening applied to Active Directory or endpoint management systems.

MSSQLand also addresses OPSEC considerations that plague traditional database tools. Connection testing without query execution allows credential validation without touching audit-logged tables. The clean output format integrates directly into reporting workflows, reducing the post-engagement effort required to document database access paths. For operators who regularly encounter SQL Server instances during engagements, MSSQLand provides capabilities similar to what BlockEDRTraffic offers for EDR evasion, what SmbCrawler provides for SMB share enumeration, or what CredNinja delivers for credential validation: a focused, practical tool that solves a specific operational problem without requiring extensive T-SQL knowledge.

Detection and Mitigation

SQL Server audit logging should be configured to capture connection attempts, privilege changes via EXECUTE AS USER, and cross-server queries using linked servers. Organizations should monitor for unusual linked server traversal patterns, especially chains that originate from web-facing database servers and terminate at privileged infrastructure databases. Access to the Configuration Manager database by non-administrative accounts warrants immediate investigation, as these databases contain sensitive device inventory and deployment information.

Network segmentation should restrict database server communication to legitimate application tiers. Web tier databases should not have direct RPC Out trust relationships to reporting or management databases. Where linked servers are required for business functionality, implement the principle of least privilege by restricting linked server login mappings to specific service accounts with minimal permissions. Disable xp_cmdshell and other extended stored procedures unless explicitly required and audited.

Blue teams should deploy database activity monitoring solutions that detect OPENQUERY and EXECUTE AT usage patterns inconsistent with normal application behavior. Anomalous login times, source IP addresses outside expected ranges, and rapid sequential queries across linked instances are reliable indicators of post-exploitation activity. For Configuration Manager environments, restrict database access to designated SCCM infrastructure servers and alert on any connections from workstations or non-administrative hosts.

Frequently Asked Questions

What is MSSQLand and how is it different from SQLRecon?

MSSQLand is a .NET Framework 4.8 tool for interacting with Microsoft SQL Server instances during red team operations. Unlike SQLRecon, MSSQLand was built from the ground up with object-oriented programming principles for easier extensibility and modular action development. It simplifies traversal of linked server chains and user impersonation without requiring operators to manually craft complex T-SQL queries.

Does MSSQLand work with Cobalt Strike and other C2 frameworks?

Yes. MSSQLand is designed specifically for assembly execution from C2 frameworks, including Cobalt Strike, Havoc, Sliver, and similar platforms. The tool requires no installation or registration on the target system, making it ideal for operations in constrained or monitored environments where traditional database tools are unavailable.

Can MSSQLand traverse multiple linked SQL Server instances?

Yes. MSSQLand automates linked server chain traversal using the -l flag with semicolon-separated server names. The tool automatically generates the necessary OPENQUERY and RPC Out statements, allowing operators to pivot through multiple SQL Server instances without manually crafting nested T-SQL queries. For example, MSSQLand.exe localhost -c token -l SQL01;SQL02;SQL03 info chains through three servers in a single command.

What authentication methods does MSSQLand support?

MSSQLand supports Windows authentication and SQL Server authentication, and can work with Kerberos tickets when used with external ticket injection tools. The tool also supports user impersonation via EXECUTE AS USER to escalate privileges within database contexts without requiring system-level permissions on the target server.

Does MSSQLand support Microsoft Configuration Manager (SCCM) exploitation?

Yes. MSSQLand includes comprehensive Configuration Manager support with cm- prefixed actions that align with Microsoft’s official PowerShell cmdlet naming convention. Operators can enumerate managed devices (cm-devices), scripts (cm-scripts), packages, and other ConfigMgr infrastructure to identify high-value targets and prioritize next-stage objectives during engagements.

How does MSSQLand maintain OPSEC during database reconnaissance?

MSSQLand includes a connection testing mode that validates credentials without executing queries, allowing operators to verify access without touching audit-logged tables. The tool also provides CSV export options for automated processing, reducing the need for interactive console sessions that might generate suspicious activity logs. All operations flow through legitimate SQL Server protocols rather than PowerShell or WMI, minimizing detection surface in monitored environments.

Conclusion

MSSQLand addresses a practical gap in red team tooling for SQL Server post-exploitation. Its focus on linked server traversal, user impersonation, and Configuration Manager enumeration makes it directly applicable to real-world engagements where database access exists, but traditional lateral movement paths are blocked or monitored. The tool’s design for assembly execution and its minimal OPSEC footprint align with modern C2 workflows, and its clean output format reduces friction in both the operational and reporting phases of engagements. For red teams operating in Windows enterprise environments, MSSQLand is a focused addition to the lateral movement toolkit that complements broader frameworks without requiring extensive database expertise.

You can read more or download MSSQLand here: https://github.com/n3rada/MSSQLand

Credential Stuffing in 2025 – How Combolists, Infostealers and Account Takeover Became an Industry

Stolen credentials are now the single most reliable entry point into enterprise networks. Compromised credentials accounted for 22% of all confirmed data breaches in the period covered by Verizon’s extended credential stuffing analysis accompanying the 2025 DBIR, making it the most common initial access vector for the third consecutive year. Credential stuffing, the automated replay of stolen username-password pairs at scale, requires minimal skill, costs almost nothing to run, and succeeds at rates that make it economically rational to run campaigns against thousands of targets simultaneously. Multi-factor authentication (MFA) remains the single most effective control against it, yet deployment gaps persist across sectors that should know better.

The Credential Supply Chain

Credential stuffing depends on a supply chain that runs from infostealer malware through dark web markets to attack tooling. Malware families, including Lumma, RedLine, StealC, and Acreed, scrape browser password vaults, saved cookies, and autofill data from compromised machines. The harvested data is identical to what tools like DumpBrowserSecrets extract during post-exploitation: saved passwords, session cookies, OAuth refresh tokens, and autofill entries pulled directly from Chrome, Edge, Firefox, and every other major browser. Attackers package that raw material into structured files known as combolists, formatted as email: password pairs, cleaned of duplicates, and categorised by service type or geography before selling them on.

Combolists trade freely across dark web forums, Telegram channels, and dedicated cracking communities. The initial access broker ecosystem documented throughout 2025 has normalised validated credentials as a commodity. Fresh lists built from recent infostealer logs command significantly higher prices than aged database dumps because they have higher validity rates. The Verizon analysis found that only 49% of a user’s passwords across different services are distinct. That figure is what makes credential stuffing economically viable: breach one service, and there is roughly a 50% chance the same password works elsewhere. Across millions of accounts, that probability becomes near-certainty.

The tooling that drives attacks is openly available. OpenBullet and its successor, SilverBullet, are credential-stuffing frameworks originally released as penetration testing utilities, now standard tools in account-takeover (ATO) operations. They automate the full attack loop: loading combolists, rotating through residential proxies to dodge rate limiting and IP blocks, sending login requests that mimic legitimate browser behaviour, and logging successful hits. Attackers also buy and sell custom configuration files, known as configs, that define the authentication flow for specific target services. Unofficial marketplaces offer configs for specific banking portals, SaaS platforms, and enterprise single sign-on (SSO) providers alongside combolists and proxy subscriptions.

Three Case Studies from 2025

In late March 2025, coordinated credential stuffing attacks hit five major Australian superannuation funds simultaneously: AustralianSuper, Rest Super, Hostplus, Australian Retirement Trust, and Insignia Financial. As BleepingComputer reported on the coordinated attacks, attackers compromised over 20,000 accounts across the five funds, with four AustralianSuper members losing a combined AUD 500,000. The attackers used combolists from prior unrelated breaches. AustralianSuper offered MFA but did not enforce it at login, a gap that regulators identified as the primary enabling factor. Retirement funds make attractive targets because account balances are high, withdrawals are slow to reverse, and many members check their accounts infrequently.

In April 2025, VF Corporation notified customers of a credential-stuffing attack against the North Face online store. BleepingComputer’s coverage of the April incident confirmed that attackers used credentials from earlier unrelated breaches to access accounts and exfiltrate names, email addresses, shipping addresses, phone numbers, purchase history, and dates of birth. Payment card data was not exposed, as a third-party provider handles payment processing. The April attack followed a March incident that exposed 15,700 accounts across The North Face and Timberland. It was the fourth credential stuffing incident against VF Corporation brands since 2020. The pattern reflects a structural problem: tens of millions of customer accounts, high password reuse rates, and authentication systems not designed to detect low-and-slow validation campaigns.

The Change Healthcare breach in February 2024 remains the most consequential recent example of credential-based initial access. The ALPHV/BlackCat ransomware group entered UnitedHealth’s Change Healthcare subsidiary through compromised Citrix credentials on a remote-access portal without MFA, as confirmed in Congressional testimony from UnitedHealth’s CEO. The attackers moved laterally through the billing network and deployed ransomware that shut down payment processing for healthcare providers across the United States for weeks. The incident produced a $22 million ransom payment and an estimated $872 million in reported disruption costs in the first quarter alone. One set of valid credentials on one unprotected endpoint caused one of the largest healthcare-sector disruptions in US history.

Detection and Evasion Techniques

Modern credential stuffing campaigns specifically target the detection mechanisms most organisations have deployed. Attackers bypass velocity-based controls that flag high volumes of failed login attempts from a single IP by rotating through residential proxies. They distribute attempts across thousands of IP addresses so each one generates only a handful of requests, staying below alert thresholds. Third-party CAPTCHA-solving services handle challenge pages, some of which are automated via machine learning and others through human labour farms. Tools that emulate legitimate browser environments, including correct JavaScript execution, realistic mouse movement patterns, and authentic request timing, defeat browser fingerprinting.

The MITRE ATT&CK framework categorises credential stuffing under T1110.004 (Brute Force: Credential Stuffing). Defenders should monitor for several specific signals: unusual geographic distributions of authentication requests, spikes in failed logins spread across a wide IP range rather than concentrated at a single source, and successful logins from IP addresses tied to residential proxy services. Account logins from devices or browsers with no prior history on the account also warrant investigation. The Verizon analysis found that credential stuffing accounted for a median of 19% of all authentication attempts across SSO providers, meaning roughly one in five login attempts was not legitimate.

One underappreciated detection gap is the window between credential exposure and organisational awareness. Dark web monitoring tools available to enterprise teams in 2025 make it operationally achievable to track stealer log markets and paste sites for corporate email domains. Many organisations still treat that monitoring as optional rather than a core detection layer. Credentials circulate in combolists for months before the affected organisation becomes aware, and attackers exploit that window systematically.

Regulatory Response

The 23andMe case produced the most visible regulatory outcome tied directly to credential stuffing. A 2023 attack using combolists accessed approximately 6.9 million customer records. The UK Information Commissioner’s Office fined the company £2.31 million for failing to implement adequate security, specifically the absence of mandatory MFA for accounts holding sensitive genetic data. In March 2025, as Wired reported in its coverage of the 23andMe bankruptcy, the company filed for Chapter 11, with the credential stuffing incident and its downstream legal consequences cited as contributing factors. Regulators in the UK and EU now reference the case as evidence that weak authentication controls constitute a material governance failure, not a technical oversight.

CISA’s 2024 guidance on phishing-resistant MFA explicitly identifies credential stuffing as a primary threat driver. It recommends hardware security keys and passkeys using the WebAuthn standard as the only controls that fully eliminate the credential reuse vector. SMS one-time passwords and Time-based One-Time Password (TOTP) codes provide partial protection but remain vulnerable to adversary-in-the-middle (AiTM) interception, a technique increasingly applied against accounts whose value justifies the extra effort.

CISO Playbook

Phishing-resistant MFA enforced across all externally facing authentication endpoints, including VPN portals, SSO providers, and remote desktop services, eliminates the primary path for exploitation. Password screening against known-breach corpora at login and account creation, using services such as the Have I Been Pwned API, removes credentials already circulating in combolists before attackers can validate them. Rate limiting and progressive account lockout on all authentication endpoints, including API login flows that teams frequently overlook, cuts the volume of attempts that reach the validation stage.

Bot detection that analyses behavioural signals, including request timing, device fingerprint consistency, and session cookie behaviour, provides a second line of defence against campaigns that have already bypassed IP-based controls. For organisations on legacy identity infrastructure, a full platform replacement is not the immediate priority. Enforcing MFA on the externally facing authentication layer, regardless of what sits behind it, addresses the highest-risk exposure first. The Change Healthcare incident is the clearest available proof of what one unprotected endpoint costs at scale.

There is no technical solution that eliminates credential stuffing entirely. Password reuse persists, infostealers continue operating at scale, and combolists will keep growing. The practical objective for defenders is to raise the cost of a successful attack on their specific environment above what attackers can profitably tolerate, and to detect the attempts that do succeed before they compound into something worse. Given that 22% of breaches in 2025 started with a valid credential, organisations that treat authentication hygiene as routine maintenance rather than a strategic priority are already in the breach statistics.

Frequently Asked Questions

What is credential stuffing, and how does it differ from brute force?

Credential stuffing uses real username-password pairs stolen from previous breaches and automatically replays them against other services. Brute force generates password guesses from scratch. Stuffing is faster, quieter, and far more effective because it exploits password reuse rather than attempting to crack unknown passwords. A combolist of 10 million verified credentials will outperform any brute-force dictionary attack against the same target.

What is a combolist, and where do attackers get them?

A combolist is a structured file of email-and-password pairs compiled from data breaches, infostealer malware logs, and dark web markets. Attackers source them from initial access broker forums, Telegram channels, and dedicated credential marketplaces. Fresh lists derived from recent infostealer campaigns are the most valuable because their owners have not yet rotated the credentials.

How do attackers bypass rate limiting and CAPTCHA during credential stuffing?

Attackers use residential proxy networks to distribute login attempts across thousands of IP addresses, keeping per-IP request volumes below detection thresholds. CAPTCHA challenges are handled by third-party solving services, either via automated machine-learning methods or by human labour farms. Tools such as OpenBullet and SilverBullet emulate realistic browser behaviour, including JavaScript execution and mouse-movement patterns, to evade browser fingerprinting controls.

Does multi-factor authentication stop credential stuffing?

Phishing-resistant MFA using hardware security keys or passkeys under the WebAuthn standard fully eliminates the credential reuse vector. SMS one-time passwords and TOTP codes reduce exposure but remain vulnerable to adversary-in-the-middle interception. The Change Healthcare breach, which resulted in $872 million in disruption costs, occurred on a Citrix portal with no MFA. Enforcing MFA on every externally facing authentication endpoint is the single highest-impact control available.

What are the most common targets for credential stuffing attacks?

Enterprise SSO portals, VPN gateways, e-commerce account login pages, financial services platforms, and healthcare provider systems are the most frequently targeted. Retirement and superannuation funds have emerged as high-value targets in 2025 because account balances are large, members check accounts infrequently, and MFA enforcement has historically been optional rather than mandatory.

How can organisations detect credential stuffing attacks in progress?

Key signals include spikes in authentication requests distributed across a wide IP range rather than concentrated at a single source, successful logins from residential proxy IP addresses, account access from devices or browsers with no prior history, and unusual geographic distributions in login activity. Continuous monitoring of dark web stealer log markets for corporate email domains provides early warning before credentials are actively exploited. The Verizon 2025 DBIR found that credential stuffing accounts for a median of 19% of all SSO authentication attempts, so baseline volume analysis is also a viable detection layer.

This article covers techniques used by both attackers and defenders for educational and research purposes. The tools and marketplaces described are documented by security researchers and law enforcement agencies.

DumpBrowserSecrets – Browser Credential Harvesting with App-Bound Encryption Bypass

DumpBrowserSecrets is a post-exploitation credential-harvesting tool from Maldev Academy that extracts secrets across all major browsers from a single Windows executable. It is the successor to their earlier DumpChromeSecrets project, which is now deprecated, and extends coverage from Chrome alone to the full range of Chromium-based and Gecko-based browsers in common enterprise use.

Modern browsers are credential vaults. Chrome, Microsoft Edge, Firefox, Opera, Opera GX, and Vivaldi all store saved passwords, session cookies, OAuth refresh tokens, credit card numbers, autofill data, and full browsing history in local SQLite databases and JSON files on disk. On a compromised Windows host, that data is frequently the fastest path to lateral movement, cloud account takeover, or persistent access to enterprise SaaS platforms without ever touching LSASS.

Where tools like Mimikatz target Windows credential stores such as LSASS and the Security Account Manager (SAM), DumpBrowserSecrets focuses entirely on the browser layer, where credentials are increasingly stored as enterprises adopt SSO, OAuth, and browser-based SaaS workflows. The threat model has shifted: a developer’s browser session today may hold active tokens for GitHub, AWS consoles, Okta, Slack, and internal tooling simultaneously.

How It Works

DumpBrowserSecrets consists of two components that work together: a compiled executable (DumpBrowserSecrets.exe) and a DLL (DllExtractChromiumSecrets.dll).

For Chromium-based browsers using App-Bound Encryption (Chrome, Brave, and Microsoft Edge), the challenge is that Google introduced App-Bound Encryption in Chrome 127, tying cookie and credential encryption keys to the Chrome application identity. The encryption key, stored as app_bound_encrypted_key in the browser’s Local State file, can only be decrypted via Chrome’s elevation service through the IElevator COM (Component Object Model) interface.

DumpBrowserSecrets handles this by spawning a headless Chromium process, then injecting the DLL into it via Early Bird APC (Asynchronous Procedure Call) injection, a technique that queues shellcode execution before the target process’s main thread begins. The DLL runs inside the Chromium process context, uses the IElevator COM interface to decrypt the App-Bound Encryption key, and returns the decrypted key to the executable via a named pipe. The executable then parses the browser’s on-disk SQLite databases and decrypts stored data locally.

For Opera, Opera GX, and Vivaldi, which use DPAPI (Data Protection API) keys rather than App-Bound Encryption, the same injection approach retrieves DPAPI keys instead.

For Firefox, which uses Mozilla’s NSS (Network Security Services) library with AES-256-CBC or 3DES-CBC encryption for logins, the executable handles all extraction and decryption directly with no DLL injection required.

The tool includes several evasion features relevant to operational use: compile-time string obfuscation, API hashing to defeat static analysis, PPID (Parent Process ID), and argument spoofing via NtCreateUserProcess with manual CSRSS registration, handle duplication to bypass file locks held by running browsers, and a custom SQLite3 file format parser (SQLoot, introduced in v1.1.1) that replaces the sqlite-amalgamation dependency to reduce the static footprint.

Extracted Data

The following data types are extracted per browser. Encryption models vary: Chrome, Brave, and Edge use App-Bound Encryption (V20); Opera, Opera GX, and Vivaldi use DPAPI (V10); Firefox uses NSS-based encryption for logins and stores other data types unencrypted.

Chrome, Brave, Microsoft Edge (App-Bound / V20): cookies, saved logins, credit cards, OAuth tokens, autofill entries, browsing history, bookmarks.
Opera, Opera GX, Vivaldi (DPAPI / V10): cookies, saved logins, credit cards, OAuth tokens (V10 + Base64 for Opera/Opera GX), autofill entries, browsing history, bookmarks.
Firefox (NSS): cookies, saved logins (AES-256-CBC or 3DES-CBC encrypted), OAuth tokens from signedInUser.json, autofill form history, browsing history, bookmarks.

Output is written as JSON to a file named <browser>Data.json by default, or to a path specified with the /o flag.

Installation

DumpBrowserSecrets is distributed as a pre-compiled Windows executable. No installation is required. Download the compiled binaries from the GitHub Releases page, copy DumpBrowserSecrets.exe and DllExtractChromiumSecrets.dll to the target host, and execute.

For operators who need to compile from source, the repository provides a Visual Studio solution file (DumpBrowserSecrets.sln) with three projects: Common, DllExtractChromiumSecrets, and DumpBrowserSecrets. Build in Visual Studio targeting x64 Release.

Usage

This repository does not provide a global --help flag in the traditional sense. The following usage block is reproduced verbatim from the README:

Usage: DumpBrowserSecrets.exe [options]

Options:
  /b:<browser> Target Browser: chrome, edge, brave, opera, operagx, vivaldi, firefox, all
               (default: system default browser)
  /o <file>    Output JSON File (default: <browser>Data.json)
  /all         Export All Entries (default: max 16 per category)
  /?           Show This Help Message

Examples:
  DumpBrowserSecrets.exe                            Extract 16 Entries From The Default Browser
  DumpBrowserSecrets.exe /b:chrome                  Extract 16 Entries From Chrome
  DumpBrowserSecrets.exe /b:firefox /all            Export All Entries From Firefox
  DumpBrowserSecrets.exe /b:brave /o Output.json    Extract 16 Entries From Brave To Output.json
  DumpBrowserSecrets.exe /b:all /all                Extract All From All Installed Browsers

By default, the tool extracts up to 16 entries per data category. The /all flag removes this cap. The /b:all flag targets every installed browser in a single run.

Attack Scenario

An operator lands on a developer workstation during a Windows assumed-breach engagement. The user is authenticated in Chrome to GitHub, an AWS console, Okta, and the company’s internal GitLab instance. LSASS is protected by Credential Guard and yields no useful information. The operator drops DumpBrowserSecrets.exe and its accompanying DLL to a writable directory and executes the following:

DumpBrowserSecrets.exe /b:all /all /o C:\Users\Public\out.json

The tool spawns a headless Chrome process, injects the DLL via Early Bird APC injection, and retrieves the App-Bound Encryption key via the IElevator COM interface, and decrypts the Login Data, Cookies, and Web Data SQLite databases. The resulting JSON contains active session cookies for all authenticated SaaS services, OAuth refresh tokens that survive password resets, saved plaintext credentials, and autofill data, including internal hostnames and usernames.

The operator then pipes the OAuth tokens to evilreplay for session replay against the target’s cloud services, and uses CredNinja to validate any recovered plaintext credentials against the domain before they are rotated. The entire credential extraction phase completes in under 30 seconds on a live endpoint.

Red Team Relevance

Browser credential theft is one of the most consistent post-exploitation steps in real-world intrusions. The infostealer market, including Redline, Raccoon, Vidar, and Lumma Stealer, is built almost entirely on the same primitives DumpBrowserSecrets implements. The distinction is that DumpBrowserSecrets is built for red team engagements rather than commodity malware deployment: it outputs structured JSON rather than exfiltrating to a C2 panel, and its evasion features are designed to survive EDR (Endpoint Detection and Response) scrutiny on hardened enterprise endpoints, not targeting unmonitored consumer machines.

App-Bound Encryption was Google’s deliberate attempt to raise the cost of this technique when it shipped in Chrome 127. It largely succeeded against older tools that relied solely on DPAPI decryption. DumpBrowserSecrets is one of the more complete public implementations of the IElevator COM bypass, making it directly relevant for testing whether an organisation’s endpoint controls detect or prevent this class of attack.

The tool is also useful for testing the realistic blast radius of a compromised developer endpoint, a scenario that is systematically underweighted in many assumed-breach exercises that focus on Active Directory paths while ignoring the SaaS credential surface.

Detection and Mitigation

Key detection opportunities are: process injection into a Chromium browser process from an unexpected parent, headless browser instantiation outside of CI/CD or automation contexts, reads against browser SQLite databases (Login Data, Cookies, Web Data) by processes other than the browser executable itself, and calls to the IElevator COM interface from non-browser processes.

The PPID and argument spoofing in DumpBrowserSecrets are specifically designed to defeat process lineage-based detection. EDR products that monitor IElevator COM interface calls directly, or that flag headless browser instantiation by process behaviour rather than ancestry alone, will be more effective against this technique.

At the policy level, credential managers that store secrets outside the browser (native desktop clients for Bitwarden, 1Password, or similar) avoid this attack surface entirely. Browser-stored passwords remain the weakest link in credential hygiene in most enterprise environments.

Frequently Asked Questions

Does DumpBrowserSecrets work on Chrome 127 and later with App-Bound Encryption enabled?

Yes. DumpBrowserSecrets is specifically designed to bypass App-Bound Encryption as implemented in Chrome 127 and later. It spawns a headless Chromium process, injects its DLL via Early Bird APC injection, and uses the IElevator COM interface from within the browser process context to decrypt the app_bound_encrypted_key. This makes it effective against current Chrome, Brave, and Microsoft Edge builds.

What browsers does DumpBrowserSecrets support?

DumpBrowserSecrets supports Chrome, Microsoft Edge, Brave, Opera, Opera GX, Vivaldi, and Firefox. Chrome, Brave, and Edge are handled via App-Bound Encryption bypass. Opera, Opera GX, and Vivaldi use DPAPI decryption. Firefox uses NSS-based decryption with no DLL injection required.

What data does DumpBrowserSecrets extract?

The tool extracts saved passwords, session cookies, OAuth refresh tokens, credit card numbers, autofill entries, browsing history, and bookmarks. Output is written as JSON to a file named after the target browser by default.

Does DumpBrowserSecrets require the target browser to be running?

For Chromium-based browsers using App-Bound Encryption, the tool spawns its own headless process to access the IElevator COM interface, so the browser does not need to be open. Handle duplication is used to bypass file locks on SQLite databases that may be held by a running browser instance.

Is DumpBrowserSecrets detected by antivirus or EDR?

The tool includes compile-time string obfuscation, API hashing, PPID spoofing via NtCreateUserProcess, and argument spoofing to reduce its static and behavioural detection footprint. Detection rates vary by product. EDR solutions that monitor IElevator COM interface calls by non-browser processes, or flag headless browser instantiation by process behaviour rather than parent lineage, are more likely to detect it.

What is the difference between DumpBrowserSecrets and Mimikatz for credential harvesting?

Mimikatz targets Windows credential stores including LSASS memory and the Security Account Manager (SAM). DumpBrowserSecrets focuses exclusively on browser-stored credentials, which exist in a separate layer that Mimikatz does not address. In environments where Credential Guard protects LSASS, browser credential harvesting is often the more reliable post-exploitation path.

Conclusion

DumpBrowserSecrets is a technically well-constructed post-exploitation tool that addresses a credential surface that most endpoint hardening programmes treat as an afterthought. Its coverage of the full range of major browsers, correct handling of both App-Bound Encryption and DPAPI models, and inclusion of operational evasion features make it a credible addition to a red team toolkit for assumed-breach engagements where the goal is to demonstrate realistic credential exposure beyond the traditional LSASS path.

You can read more or download DumpBrowserSecrets here: https://github.com/Maldev-Academy/DumpBrowserSecrets

Systemic Ransomware Events in 2025 – How Jaguar Land Rover Showed What a Category 3 Supply Chain Breach Looks Like

Jaguar Land Rover’s prolonged cyber outage in 2025 turned what would once have been a “single victim” ransomware story into a macroeconomic event, with factory shutdowns, government intervention, and thousands of suppliers left exposed. Reporting on the incident described a multi-week production halt, an estimated loss of tens of millions of pounds per week, and visible strain across the wider UK manufacturing ecosystem as summarised by Reuters’ coverage of the shutdown. For CISOs and security leaders, JLR is no longer just a case study, it is the reference example of what a “category-3” supply chain ransomware event looks like.

Trend Overview: From Single Victims to Systemic Events

Across 2024 and 2025, the centre of gravity for ransomware shifted from isolated IT incidents to systemic events that ripple through entire sectors. IBM’s latest threat intelligence index highlights manufacturing as the most attacked industry for the fourth year in a row, accounting for more than a quarter of observed incidents, with many of those attacks involving extortion, data theft, or operational disruption according to IBM’s 2025 Threat Intelligence Index. In other words, the JLR story is not an outlier, it sits on top of a trend where physical production and upstream suppliers are now directly in scope.

At the same time, attackers are professionalising their routes to impact. Valid accounts, access brokered on darknet markets, and exploitation of public-facing applications are now more common than noisy phishing waves as the first step in a compromise. Kaspersky’s incident response data for 2024 shows public-facing applications as the top initial vector, with valid accounts representing more than 30 percent of investigated intrusions, and specifically notes the enabling role of Initial Access Brokers selling credentials to Ransomware-as-a-Service crews in its 2024 incident response report. Those figures match what you already see in dark web listings for VPN credentials, Citrix gateways, and OT remote access portals.

On the defender side, many organisations still treat “ransomware” as a local IT disaster scenario instead of a systemic category of risk. The JLR incident, and earlier automotive hits, illustrate a different reality: a single compromise in a critical supplier or shared platform can interrupt thousands of vehicles per day, disrupt national GDP figures, and drag small suppliers to the edge of insolvency. For readers who follow the economics of exploitation, this pattern connects directly to how access and tooling are traded in underground markets, something we explored in more depth in Inside Dark Web Exploit Markets in 2025.

Campaign Analysis / Case Studies

Case Study 1: Jaguar Land Rover – When Ransomware Becomes a Macro Event

Jaguar Land Rover’s cyber incident did not just stop production for a few days; it flipped the company from profit into a quarterly loss and generated measurable drag on the wider UK economy. Public reporting indicates JLR suffered pre-tax losses of roughly £485 million in the quarter covering the attack, with almost £200 million recorded as direct exceptional costs tied to incident response and system recovery as detailed in The Guardian’s coverage of the company’s results. UK government figures later estimated the wider impact of the outage and supply chain slowdown at up to £1.9 billion in lost economic output.

The cyberattack forced JLR to close factories for much of September, with a phased restart only beginning in October. Supplier liquidity became a policy concern, prompting a government-backed loan guarantee facility worth up to £1.5 billion to stabilise the ecosystem. For CISOs, this is a clean example of a category-3 event: the incident affected enterprise IT, OT, dealer systems, and critical suppliers, and required direct government support to keep the chain intact. It also exposed gaps in cyber insurance coverage and raised uncomfortable questions about how boards evaluate “tail risk” on OT, ERP, and dealer platforms.

Case Study 2: Toyota and Kojima Industries – Historical Template for Supply Chain Shutdown

While JLR is the freshest example, the industry has already seen what happens when a single supplier becomes a single point of failure. In 2022, Toyota halted operations across 28 production lines in 14 plants after a reported cyberattack at plastic parts supplier Kojima Industries, which caused a system failure and forced a full-day shutdown of domestic manufacturing. Public estimates at the time suggested a production impact of around 13,000 vehicles, roughly five percent of Toyota’s monthly domestic output as reported by BleepingComputer’s coverage of the incident. Although operations resumed relatively quickly, the event highlighted the fragility of just-in-time manufacturing when upstream IT systems are compromised.

Toyota’s case serves as historical context for 2025. It showed that even a one-day outage at a critical supplier can have measurable production consequences. JLR’s multi-week shutdown, by contrast, demonstrates how much worse the systemic impact becomes when the victim is the OEM itself, and when the attack lands in a supply chain that spans tens of thousands of jobs and hundreds of small manufacturers with far less resilience than the flagship brand.

Case Study 3: Ferrari – Data Extortion Without OT Downtime

Not every systemic event involves factory shutdowns. In 2023, Ferrari reported a cyber incident in which attackers demanded a ransom related to customer contact details, but production and core operations continued. The company notified affected clients and brought in external investigators, but made clear it would not pay the ransom as described in Reuters’ report on the incident. For many luxury brands, that “no downtime, but sensitive data exposed” outcome is a more realistic scenario than a total OT outage.

Even without visible production impact, high-profile data extortion against brands like Ferrari carries systemic risk. Leaked customer and supplier data has value to criminal groups beyond the initial ransom demand, from bespoke phishing to social engineering against dealers and partners. For automotive CISOs, the lesson is that ransomware and data theft campaigns can create systemic exposure even when the plant keeps running and the only visible symptom is a regulatory notification and some bruised PR.

Detection Vectors and Tactics, Techniques and Procedures (TTPs)

The common thread across these incidents is not a single “zero day,” but a mix of valid accounts, exposed services, and weaknesses in partner ecosystems. Kaspersky’s recent incident response analysis notes that public-facing applications were the primary initial vector in 39.2 percent of investigated cases, while valid accounts represented 31.4 percent, with many of those linked to credentials traded by Initial Access Brokers on the darknet in its 2024 data. That mix maps cleanly to well-known MITRE ATT&CK techniques, including Exploit Public-Facing Application (T1190), Valid Accounts (T1078), and External Remote Services (T1133).

Once inside, modern ransomware crews behave more like patient intruders than smash-and-grab criminals. Coverage of the Akira ransomware group’s exploitation of a long-patched SonicWall SSLVPN flaw illustrates the pattern: chaining an access control vulnerability, weak default LDAP group settings, and misconfigured Multi-Factor Authentication (MFA) to obtain persistent access to edge devices, then pivoting to internal systems for encryption and exfiltration as documented in TechRadar’s summary of Rapid7’s advisory. Defenders who still anchor detection on “ransom note appears” or “mass encryption starts” are already too late for systemic events that unfold over weeks of silent lateral movement.

Industry Response and Law Enforcement

Industry guidance has slowly caught up with the reality that ransomware is now a supply chain and systemic risk problem, not just a local IT issue. The UK’s National Cyber Security Centre (NCSC) recommends treating supply chain security as a board-level topic, with a structured approach to understanding key suppliers, mapping dependencies, and embedding security requirements into contracts and onboarding in its supply chain security collection. For automotive and manufacturing sectors, that means extending visibility and monitoring beyond the plant to logistics providers, Tier-1 and Tier-2 suppliers, dealer networks, and even outsourced IT and finance functions.

On the offensive side of the chessboard, law enforcement has started to target the infrastructure that allows ransomware crews, access brokers, and hosting providers to operate at scale. Europol’s Operation Endgame, for example, focused on takedowns against a global cybercrime network that leveraged malware and botnets as part of the ransomware “kill chain,” disrupting command infrastructure and making it harder for crews to recycle toolchains across victims as described in Europol’s announcement of the operation. These actions matter, but they do not remove the need for enterprises to treat systemic ransomware as a predictable, modelled risk class rather than a string of bad luck headline events.

CISO Playbook: Treat Ransomware as a Category-3 Risk

For CISOs, the lesson from JLR, Toyota, and Ferrari is simple: assume that a ransomware or extortion crew will eventually have a path to your ecosystem, and focus on limiting how far an intrusion can propagate through suppliers and operations. That means treating ransomware scenarios with the same discipline as safety and business continuity planning, not as an afterthought in an endpoint protection strategy. It also means tying security investment back to the real economics of extortion and access markets, something we analysed more deeply in Ransomware Payments vs Rising Incident Counts in 2025.

Map your “category-3” blast radius by identifying which plants, suppliers, and shared platforms would create systemic impact if they were offline for four weeks, then align tabletop exercises to those specific scenarios.
Instrument external access and partner connectivity as first-class telemetry, including identity-centric logging for VPNs, OT gateways, and supplier portals, and treat anomalous access from valid accounts as a high-severity detection, not noise.
Push contractual and technical controls into the supply chain, including mandatory MFA, minimum logging standards, incident notification windows, and joint response playbooks with key suppliers and integrators.

Handled properly, systemic ransomware events become stress tests that the organisation can rehearse and model, not pure black swans. The JLR incident is a painful example, but it also gives boards and CISOs a concrete reference to work from: real losses, real downtime, and a clear picture of what happens when extortion campaigns scale beyond a single victim into an entire industrial ecosystem.

This article is for educational and defensive purposes only. It does not endorse or promote illegal activity.

SmbCrawler – SMB Share Discovery and Secret-Hunting

SmbCrawler is a credentialed SMB spider that takes domain credentials and a list of hosts, then aggressively walks network shares for you. It checks permissions, crawls directory trees, auto-downloads interesting files, and reports likely secrets such as passwords, SSH keys, configuration files, DPAPI blobs, and database dumps. For internal red teams, it is a purpose-built engine for turning “we have a foothold” into “we own the file servers”.

Overview

Every serious internal pentest or red-team engagement ends up abusing SMB misconfiguration. Shared drives still hold plaintext creds, exported mailboxes, unprotected backups, and “temporary” dumps that never got cleaned up. Doing this manually with basic tools and Windows Explorer is slow and noisy. SmbCrawler solves that by automating the boring parts:

Take credentials once.
Feed it hostnames, IP ranges, or Nmap XML.
Let it enumerate shares, permissions, and directory structures at scale.
Automatically pull down files that match secret-hunting profiles into a structured SQLite-backed data store.

The result is an internal discovery and exfil pipeline that you can run in hours, not days, with a repeatable output format you can grep, query, and report from.

Features

From the live README, SmbCrawler ships with a carefully designed feature set:

Flexible target input – accepts hostnames, single IPs, IP ranges or Nmap XML files as input.
Permission checks – tests authentication as guest and as supplied user, share access, and (optionally) write access by creating a temporary directory.
Configurable crawl depth – control how deep to walk each share, with separate profiles to override depth for specific paths.
Pass-the-hash support – operate with NTLM hashes instead of cleartext passwords when necessary.
Interesting file detection – ships with profiles that flag and download likely high-value files (credentials, configs, dumps, keys).
Threaded, pausable engine – multi-threaded crawling with runtime controls to pause, skip hosts or shares, and inspect status.
SQLite-backed output – writes findings to a SQLite database and a structured output directory, plus optional interactive HTML reporting.

Installation

SmbCrawler is a Python tool published on PyPI. The author explicitly recommends using pipx so you do not pollute your system Python. Installation examples from the README:

# Minimal install
pipx install smbcrawler

# Recommended install with binary conversion helpers (PDF, XLSX, DOCX, ZIP...)
pipx install "smbcrawler[binary-conversion]"

The extra [binary-conversion] dependency pulls in MarkItDown so SmbCrawler can convert common binary formats to text before scanning them for secrets. For red-team use, you almost always want this turned on.

Usage

The README’s quick example shows a typical crawl against a file of targets with domain credentials:

$ smbcrawler crawl -i hosts.txt -u pen.tester -p iluvb0b -d contoso.local -t 10 -D 5

That command:

Uses hosts.txt as the target list.
Authenticates as pen.tester in the contoso.local domain.
Spawns 10 worker threads (-t 10).
Crawls each share up to depth 5 (-D 5).

At runtime, you can interact with the crawler:

p – pause and selectively skip hosts or shares.
<space> – print current progress.
s – show a more detailed status view.

The profile system does the heavy lifting. Profiles (YAML) define which files, directories, and shares are “interesting”, where to dig deeper, and which secrets to flag. You can supply your own profiles alongside the built-in defaults to target specific line-of-business apps or internal naming schemes.

Attack Scenario

Objective: turn one compromised Windows credential into complete knowledge of SMB data exposure, plus a curated bag of loot, in a single engagement sprint.

Obtain valid domain credentials via phishing, password spraying or a prior foothold.
Enumerate potential SMB hosts using existing tools (for example keimpx or Nmap scripts) and export them to a target file.
Run SmbCrawler with a shallow depth (for example -D 1) and optional write checks to map which hosts and shares are readable and writable. Save this as a dedicated crawl file.
Use the initial database to prioritise “high-value” shares, then rerun SmbCrawler with deeper depth and tuned profiles against a reduced host set.
From the SQLite database and downloaded files, extract passwords, SSH keys, VPN configs, DPAPI blobs, application secrets and database dumps. Feed those into lateral movement tooling such as NetExec to pivot further.
Optionally, map resulting privileges and paths in Active Directory with BloodHound, turning share-level findings into full graph-based attack paths.

Red Team Relevance

SmbCrawler hits a rare sweet spot between practicality and depth. It is fast enough to run routinely on real client networks, and opinionated enough to surface valuable loot instead of dumping terabytes of junk. From a red-team perspective, you can:

Quantify SMB exposure: “X hosts, Y readable shares, Z with write access, N high-value secrets found”.
Build repeatable playbooks for different client environments by shipping pre-tuned profiles with your engagement kit.
Tighten operational security: SmbCrawler lets you avoid noisy manual browsing and random PowerShell scripts scattered through jump boxes.

It also plays nicely with other offensive SMB tooling already covered on Darknet. Combine share discovery and credential validation (keimpx, CredNinja, NetExec) with SmbCrawler’s deep crawl to show how quickly a motivated attacker can move from “one set of creds” to “everyone’s home drive” in a typical enterprise.

Detection and Mitigation

From the blue-team side, SmbCrawler’s capabilities translate directly into controls you should prioritise:

Audit share permissions regularly – especially “Everyone” and “Authenticated Users” access on sensitive roots and profile shares.
Harden write access – limit where regular users can create directories and files; SmbCrawler’s write-check feature highlights exactly where an attacker could drop tooling or weaponised documents.
Reduce sensitive data on shares – remove or encrypt cleartext passwords, SSH keys, DPAPI master keys, and dumps from general-purpose shares.
Monitor for unusual enumeration patterns – multi-threaded crawlers often create recognisable patterns in SMB logs. Look for high-volume directory listings and repeated access to new hosts from a single source.
Feed SmbCrawler-like data into DLP and UEBA – if you cannot prevent broad read access, at least detect when unusual principals traverse large portions of your file estate.

Comparison

SmbCrawler sits in a crowded but uneven space:

Versus simple scanners (keimpx, basic Nmap scripts) – those excel at credential validity and share enumeration, but they do not deeply crawl content or classify secrets. SmbCrawler keeps going until it finds the actual loot.
Versus manual PowerShell and ad-hoc scripts – bespoke scripts are flexible but rigid to maintain and report from. SmbCrawler’s SQLite output and profile system provide a single, consistent source of truth per engagement.
Versus general recon frameworks (Sn1per, Scanners-Box) – frameworks give you breadth across many protocols; SmbCrawler gives you depth for one of the most abused internal attack surfaces: Windows file shares.

Conclusion

If your internal engagements touch Windows networks, SmbCrawler deserves a permanent slot in your toolkit. It turns a messy mix of SMB servers, legacy shares, and forgotten exports into a structured map of permissions and secrets you can actually act on. For defenders, running it in a controlled way gives you a painful but accurate picture of real data exposure – the same image a motivated attacker would see.

You can read more or download SmbCrawler here: https://github.com/SySS-Research/smbcrawler

Heisenberg Dependency Health Check – GitHub Action for Supply Chain Risk

Heisenberg Dependency Health Check is a GitHub Action that inspects only the new or modified dependencies introduced in a pull request. It analyses lockfiles or manifest changes, gathers health and risk signals from deps.dev and other heuristics, and posts a detailed dependency health report directly on the pull request. It highlights suspicious, low-quality, or unusually fresh packages before they reach your main branch.

Overview

Modern supply-chain attacks increasingly rely on introducing malicious or low-trust dependencies through everyday development workflows. Traditional scanners often run periodically and focus on known vulnerabilities, which miss early indicators of risk. Heisenberg takes a different approach: it hooks directly into the pull request, detects which packages were added or updated, and reviews them in isolation. Running at merge time, it gives reviewers actionable risk signals exactly when decisions are made.

The tool is ecosystem-agnostic and supports Python, JavaScript, and Go dependency formats. It can detect unusual publish timings, maintenance red flags, popularity issues, suspicious scripts, and other patterns associated with supply-chain compromise. If configured, it can also label or block pull requests that exceed risk thresholds.

Features

Delta-based scanning: evaluates only new or changed dependencies rather than rescanning the entire dependency graph.
Multi-ecosystem support: works with poetry.lock, requirements.txt, uv.lock, package-lock.json, yarn.lock and go.mod.
Risk and health signals: pulls advisories, maintenance metrics, popularity data, dependents, and incredibly fresh publishes that may indicate rushed or suspicious releases.
npm script checks: highlights post-install script behaviours that attackers frequently abuse.
Pull request reporting: posts a structured dependency health comment with links to package intelligence sources.
Policy controls: can add a security review label or fail the job if risky packages are introduced.

Installation

The following workflow is taken directly from the Heisenberg documentation and should be placed inside .github/workflows/ in your repository. It monitors standard dependency files and runs the action whenever one of them changes.

name: Heisenberg Health Check
on:
  pull_request:
    paths:
      - "**/poetry.lock"
      - "**/uv.lock"
      - "**/package-lock.json"
      - "**/yarn.lock"
      - "**/requirements.txt"
      - "**/go.mod"

permissions:
  contents: read
  pull-requests: write
  issues: write

jobs:
  deps-health:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Detect changed manifest
        id: detect
        run: |
          git fetch origin ${{ github.base_ref }} --depth=1
          LOCK_PATH=$(git diff --name-only origin/${{ github.base_ref }} | \
            grep -E 'poetry.lock$|uv.lock$|package-lock.json$|yarn.lock$|requirements.txt$|go.mod$' | head -n1 || true)
          echo "lock_path=$LOCK_PATH" >> $GITHUB_OUTPUT

      - name: Heisenberg Dependency Health Check
        uses: AppOmni-Labs/heisenberg-ssc-gha@v1
        with:
          package_file: ${{ steps.detect.outputs.lock_path }}

Usage

Once the workflow is active, the process is automatic:

A pull request modifies a dependency manifest.
The workflow detects the change and hands the specific file to Heisenberg.
Heisenberg evaluates only the added or modified packages.
A health report appears as a comment on the pull request.
Optional: risky changes can trigger a label or cause the job to fail, blocking the merge.

Teams using additional GitHub Action hardening tools, such as Claws, can pair Heisenberg with workflow linting to reduce risks from both automated misuse and compromised dependencies.

Attack Scenario

Objective: demonstrate how a hostile dependency attempt would be detected during a realistic development flow.

Set up a demo repository with the Heisenberg workflow enabled.
Add or bump a dependency known for suspicious activity, poor maintenance, or very recent publishes.
Open a pull request as if performing a routine update.
Heisenberg evaluates only the changed dependency and posts a health report highlighting all relevant concerns.
Point stakeholders to the flagged signals as evidence of supply-chain risk and why automated guardrails matter.

This adversarial modelling pairs well with internal reviews using Darknet’s write-ups on automation abuse, such as Weaponizing Dependabot, helping teams understand how automated tooling can be exploited without proper controls.

Red Team Relevance

Although Heisenberg is built for defenders, red teams can use it to:

Identify weak or unvetted dependency update practices in target environments.
Model realistic compromise paths that depend on dependency injection or typosquatting.
Show how quickly risk would be caught if the organisation had Heisenberg or similar controls in place.

It also pairs naturally with supply-chain reconnaissance tools and GitHub workflow analysis techniques. For example, secret-exposure tools like Veles excel at key detection, while OAuth-abuse research such as GitPhish highlights broader risks inside CI/CD ecosystems.

Detection and Mitigation

Restrict dependency changes to pull requests so that Heisenberg has complete visibility.
Centralise reports so security teams can see patterns across repositories.
Harden GitHub workflows to prevent bypass paths; tools like Claws help enforce safe workflow practices.
Threat model dependency automation using lessons from Darknet’s coverage of Dependabot exploitation and broader CI/CD abuse.
Introduce routine chaos tests using intentionally risky but harmless packages to ensure detection logic remains effective.

Comparison

Heisenberg differs from scheduled composition scanners by focusing on changes rather than the full dependency tree. It gives teams real-time merge-time intelligence without slowing developer workflows. Compared to broader GitHub workflow hardening tools, it focuses specifically on package-level supply-chain risk, making it a complementary part of a complete CI/CD security posture.

Conclusion

Heisenberg Dependency Health Check provides a high-signal, low-friction control to catch risky dependencies during code review. By focusing strictly on the packages developers are adding or updating, it keeps supply-chain risk visible without overwhelming teams with noise. It is a practical upgrade for any team that relies heavily on open-source packages and wants to prevent supply-chain compromise before it enters the build pipeline.

You can read more or download Heisenberg Dependency Health Check here: https://github.com/AppOmni-Labs/heisenberg-ssc-gha

mcp-scan – Real-Time Guardrail Monitoring and Dynamic Proxy for MCP Servers

Red Teaming LLMs 2025 – Offensive Security Meets Generative AI

mcp-scanner – Python MCP Scanner for Prompt-Injection and Insecure Agents

LLM Black Markets in 2025 – Prompt Injection, Jailbreak Sales & Model Leaks

AIPentestKit – AI-Augmented Red Team Toolkit for Recon, Fuzzing and Payload Generation

HexStrike AI – Multi-Agent LLM Orchestration for Automated Offensive Security

LLAMATOR – Red Team Framework for Testing LLM Security

PyRIT – AI-Powered Reconnaissance for Cloud Red Teaming

Argusee and Agentic AI in Cybersecurity

Most Viewed Posts

Search

Recent Posts

GenAI

Footer

Most Viewed Posts

Search

Recent Posts

Tags