DEW #157 - Shai Hulud Goes Open Source, How Anthropic uses Claude and Underground Internet Cables
Do keystone jacks work a mile under the sea?
Welcome to Issue #157 of Detection Engineering Weekly!
✍️ Musings from the life of Zack:
Spring in Maine is finally here, and it feels like a Disney movie at the Allen household with all of the animals coming out. We have two bird nests, a family of deer, and now a woodchuck named Chippy prancing around
Speaking of Maine, I had the most Maine dinner with some friends the other night. They hunted a Moose and cooked Moose steaks for the family. Afterward, we had dessert with maple syrup tapped from trees in their yard. Moose was not that gamey, and I’d try it again!
Sabres lost :( But I’m super excited to watch this young team in the coming years, so if you are a hockey fan, don’t tease me too much because I’m still hurting from the loss
Sponsor: Adaptive Security
The best threat intelligence is generated by your coworkers
Security Operations teams rely heavily on detection rules and threat intelligence to stay ahead of threats. But, the AI of today focuses on social engineering your coworkers, such as deep fake interviews, voice phishing, and impersonating executives. Training your employees to spot and report AI attacks can provide valuable signals that no security product can match.
Adaptive trains your organization to spot, report, and stop these AI threats before they reach your perimeter.
💎 Detection Engineering Gem 💎
Shai-Hulud Goes Open Source by Ryan Simon, Sebastian Obregoso and Greg Foss
~ Note, Datadog is my current place of employment, and the authors here are my colleagues ~
I’ve covered several supply chain attacks linked to TeamPCP and one of their worm-based toolsets, Shai-Hulud. This week, GitHub repositories popped up and were quickly taken down, hosting the potential source code for Shai-Hulud.
The team here did a deep dive on its architecture, how it deploys loaders and malware, its C2 infrastructure, and its credential exfiltration techniques.
The Mutator step, which enables Shai-Hulud’s propagation and worm-like capabilities, is super interesting. There are three propagation mechanisms: one I was familiar with, npm credential publishing, and two I wasn’t familiar with, cache poisoning and developer environment poisoning. Every stolen secret can be used to propagate malware across various developer environments and IDEs, such as Claude Code and VSCode.
The two npm-related techniques rely on insecure configurations for publishing npm packages. For example, if you store npm publishing tokens in your GitHub Actions pipeline, it’ll automatically download the latest version of your release, increment the semver to make it the latest branch, then deploy it, causing the post-install hooks to run, which contain the malware.
“Leaks” of malware source code like this help provide insight into how threat actors think about exploiting misconfigurations and security gaps in their targets. It’s hard to say whether this is the “real one”, but there is threat intelligence floating around social media that TeamPCP & cybercriminal forums are teaming up for a Supply Chain Competition to see who pulls off the most impactful breach with Shai-Hulud.
🔬 State of the Art
Wiring Live Threat Intel into Sigma Detection with Dynamic Pipelines by Mostafa Moradian
Most SIEMs let you manage threat intelligence as lookup tables or reference lists that detection rules can query against. A rule checks a destination IP against a known C2 list; the list is updated by a feed; the rule stays the same. It is one of the more practical parts of how enterprise detection pipelines handle the IOC lifecycle. It’s also VERY hard to manage, and without understanding the underlying engineering required to handle dynamic tables, you can produce stale IOCs for your detections, or worse, miss emerging IOCs and fall victim to false negatives.
Moradian has been building toward the same capability in his RSigma project. I first covered the project in #149, when it was a Rust CLI for evaluating Sigma rules against JSON logs without any infrastructure. By #154, it had grown into a streaming daemon with NATS and HTTP log inputs, stateful correlation windows, and Prometheus metrics.
The latest addition here is dynamic pipelines: instead of hardcoding IOC values in rule YAML, you declare external sources in the pipeline config, and RSigma fetches and injects them at evaluation time. This works very similarly to how I’ve seen SIEMs implement threat intelligence pipelines, but since it’s RSigma, it’s self-contained within its ecosystem.
The practical demo is a firewall detection rule with a single field: DestinationIp: “%c2_ips%”. The pipeline pulls the Feodo Tracker C2 blocklist, a public JSON feed covering Emotet, Dridex, TrickBot, and QakBot updated every five minutes, extracts the IP array, and expands that placeholder before the rule evaluates. If the feed is unreachable, RSigma falls back to the last cached data so you do not lose coverage during a transient outage. The rule author never touches an IOC value again.
I thought this was a neat video by the Anthropic team, featuring a friend of the newsletter, Jackie Bow, on how their internal detection & response team uses Claude! They built a tool called CLUE, which they first featured at BSides SF in 2025. It looks similar to a co-pilot tool from AI SOC vendors, but it's their own internal version. I think it helps make the case for those who choose to go build versus buy, by offering control over which features go in and out of the tool, an integration catalog focused on systems you deploy for your organization, and a tighter feedback loop.
The case against is a capacity-and-cost problem. It is attractive to buy AI SOC-like tools if you are budget-constrained or don’t have the talent to build and maintain one.
Ok, a lot of media on this issue, but hear me out. Odd Lots is a Top 3 podcast for me, and its focus is Finance topics. They bring on amazing guests that talk about everything from the economics of milk to tarriff refunds at shipping ports and even cybersecurity.
I chose this episode because its about the history and economics of deep-sea cables, with a particular focus on Internet cabling. We seriously don’t appreciate how complicated and opaque this process is for the end user. So, if you want to learn about Internet-scale issues, you must learn about the physical nature of operating the Internet!
The Ultimate Guide to Detection Engineering with Censys by Alex Gartner
In this post, Censys detection engineer and security researcher Alex Gartner helps readers understand how to integrate detection engineering concepts into Censys’ internet-wide scanning data. This is especially interesting to me in a few ways:
I’ve rarely read posts on how to integrate Internet scan data as correlation rules with traditional telemetry from the endpoint or network
Understanding how attacker infrastructure can be fingerprinted is a valuable skill in itself; it’s not all just IP address and domain matching
Speaking of IP addresses: threat intelligence is much more useful when it’s clustered and used as an enrichment, and we leave out a lot of interesting threat intelligence indicators
I’ve been a big fan of Censys since they started their company several years ago. And luckily, many of the concepts Gartner discusses are available in community edition accounts. I typically don’t link to vendor blogs that talk about their products unless they offer free or community-edition access, so you can try these concepts out by signing up.
☣️ Threat Landscape
Grafana, an observability company with a large open-source following, disclosed a security breach in which attackers obtained an administrative-level GitHub access token. They don’t specifically say if it’s a long-lived token, which GitHub has urged customers to use, but it’s likely if it survived a CI/CD build run. The group behind the incident, Coinbase Cartel, also likely used a pwn request to take the token and subsequently exfiltrate their entire codebase.
The group tried to extort Grafana with a ransom demand, but Grafana said in their tweet that they refused to pay. This is the right approach, since paying doesn’t guarantee that the thiefs won’t sell it to someone else.
Oh look, a VPS I purchased 8 months ago. by Jonathan Canlas
In this post, Canlas, a detection engineer, stumbled upon a VPS they had purchased several months ago and had accidentally left running. They turned it into a honeypot to understand what kinds of attacks it attracts, using subsequent telemetry to learn more about the research and detection workflow. I appreciated reading this post because most honeypot stories I read follow a formula: a lab that deploys a honeypot. This one, in particular, offers much more insight into Canlas’ experience as a detection engineer and how they approached the deployment through a lens of hypothesis-driven research.
Novel Evilginx Frontend - Lowering the barrier for token theft reuse by Paul Newton
Evilginx is a legitimate open-source framework that helps red-teamers build and deploy phishing pages with easy-to-use templates. There is a pro version where the company behind Evilginx vets prospects to ensure they aren’t evil, but the open-source version gets a lot of traction from bad guys. In this post, Newton was hunting for M365-related phishing kits and found a cleverly built M365-themed management interface. IMHO, it makes the post way more interesting since it’s about this peculiar management tool.
The potential threat actor built this front end to manage stolen M365 tokens at scale. They can switch between victim tokens within a single interface, import stolen tokens from their Telegram bot, and execute attacks with a single click.
A single stolen token grants the operator access to several products in the M365 suite, up to and including pivoting to take over the Entra environment.
When AI doomers or marketers post about the onset of dangerous, vibe-coded malware at scale, I roll my eyes because most malware is a commodity at this point. Evilginx is so good, so why switch how it works? I worry more about the organizational scale that vibe-coding offers threat actors.
Before Claude Code, creating an interface like this would have taken months, either with a professional front-end developer or with someone who spent a lot of time learning front-end coding. Front-end coding with coding agents is AWESOME, so it’s now much more accessible for people to build things like this without spending their capacity on learning.
Project Glasswing: what Mythos showed us by Grant Bourzikas
Cloudflare ran Mythos Preview on more than 50 of its own repositories as part of Project Glasswing and published the results. Much like what Anthropic noted about Mythos in their Glasswing blog, Cloudflare said it was excellent at generating exploit chains and generating proof, via a PoC, that it found a bug. The harness architecture they built around it is worth reading too: they created narrowly scoped parallel agents, each focused on a single attack class, and then used an independent adversarial agent whose only job is to disprove the original finding.
Nothing in here really surprised me regarding the applicability of Mythos to real-world code environments. An agent is only as good as its harness, and although Mythos has fewer guardrails and is tuned for security findings, it still requires work to operationalize.
🔗 Open Source
KQLab is a self-hosted platform for storing, protecting, and indexing KQL rules. It has an impressive full-stack architecture and is built to provide strong authentication and verification measures for users, and even includes RBAC capabilities to scope certain rule sets to specific teams.
DockSec is an OWASP Incubator project that builds a vulnerability scanning report from several open-source tools and generates human-readable reporting leveraging an LLM harness. It’s smart enough to prioritize vulnerabilities based more on CVSS scores, and you can stick it in your CI/CD pipeline so it can recommend fixes that developers understand, rather than a massive findings report.
Gabo is a Nebula:Fog hackathon project built for threat intelligence analysts. It uses the CIA’s Structured Analytical Techniques playbook to provide users a tool where they can ask it questions, and it’ll provide rigorous feedback based on their analysis. It has an MCP server as well, so you can point your local coding agent or stack at it.
AntiSSRF is a security component library from Microsoft that helps developers deploy apps without worrying about the underlying techniques used to prevent SSRF attacks. It has a robust URL parsing library, which are always a headache to work with, to validate incoming HTTP requests and reject any that look like SSRF attacks.