Mick Grove's Avatar

Mick Grove

@micksmix

Interested in computer security. πŸ• friendly. Security at MongoDB. Formerly at Apple, AWS, other places.

92
Followers 207
Following 15
Posts 02.08.2023
Joined
Posts Following

Latest posts by Mick Grove @micksmix

Preview
GitHub - microsoft/litebox: A security-focused library OS supporting kernel- and user-mode execution A security-focused library OS supporting kernel- and user-mode execution - microsoft/litebox

πŸš€ Skyrocketing! πŸš€ (200+ new stars)

πŸ“¦ microsoft / litebox
⭐ 917 (+208)
πŸ—’ Rust

A security-focused library OS supporting kernel- and user-mode execution

07.02.2026 18:02 πŸ‘ 0 πŸ” 1 πŸ’¬ 1 πŸ“Œ 0
Abe Simpson meme saying, β€œback in my day we used to hunt for vulnerabilities by hand”

Abe Simpson meme saying, β€œback in my day we used to hunt for vulnerabilities by hand”

06.02.2026 23:52 πŸ‘ 17 πŸ” 3 πŸ’¬ 1 πŸ“Œ 1

College econ lessons that stuck with me for life:

1. Opportunity Cost: The cost of an action is the alternative you sacrifice. Working late costs dinner with your family.

2. Sunk Cost Fallacy: Don't persist just because you’ve already invested effort. If a Netflix series sucks, just stop watching.

30.01.2026 02:52 πŸ‘ 130 πŸ” 15 πŸ’¬ 2 πŸ“Œ 1
Preview
Prompt caching: 10x cheaper LLM tokens, but how? | ngrok blog A far more detailed explanation of prompt caching than anyone asked for.

ignore the title about caching, this is the best explanation of how LLMs work, period

21.12.2025 03:23 πŸ‘ 193 πŸ” 41 πŸ’¬ 3 πŸ“Œ 5
Preview
GitHub - mongodb/kingfisher: Kingfisher is a blazingly fast and highly accurate tool for secret detection and live validation across files, Git repos, GitHub, GitLab, Azure DevOps, BitBucket, Gitea, A... Kingfisher is a blazingly fast and highly accurate tool for secret detection and live validation across files, Git repos, GitHub, GitLab, Azure DevOps, BitBucket, Gitea, AWS S3, Docker images, Jira...

brew install kingfisher

# Scan a single Shai-Hulud exfil repo
kingfisher scan --git-url github.com<org>/%3Chulud-rep...

kingfisher repo: github.com/mongodb/kingfisher

26.11.2025 21:14 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

Scan your repos and orgs with Kingfisher to detect _valid_ leaked creds:

# Enumerate and scan your whole org for any Shai-Hulud-created repos
KF_GITHUB_TOKEN=ghp_xxx \
kingfisher scan github --organization <your-org>

26.11.2025 21:14 πŸ‘ 0 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

This allows defenders to actually recover the valid secrets Shai-Hulud exfiltrated so they can be identified and rotated quickly.

Most open-source scanners stop after a single Base64 decode and miss the data Shai-Hulud buries underneath.

26.11.2025 21:13 πŸ‘ 1 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

The Shai-Hulud v2 npm worm is exfiltrating secrets into auto-created GitHub repos as double-Base64 encoded blobs.

Kingfisher is currently the only open-source secret scanner that recursively decodes multiple layers of Base64.

26.11.2025 21:13 πŸ‘ 1 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

Billion dollar idea…Splunk, but fast 🫠

14.11.2025 01:04 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Preview
Container Security: Fundamental Technology Concepts That Protect Cloud Native Applications Fundamental Technology Concepts That Protect Cloud Native Applications

πŸ“š The 2nd edition of πŸ”’Container Security πŸ”’ is out now! πŸ“š
bookshop.org/p/books/cont...

12.10.2025 17:31 πŸ‘ 62 πŸ” 18 πŸ’¬ 3 πŸ“Œ 5
Post image

Very late on getting this video out the door, but a teeny weeny showcase of the recent Docker for Desktop on Windows & MacOS container escape, CVE-2025-9074 -- proof of concept was included so a simple demo of arbitrary file write & file read on the host: youtu.be/dTqxNc1MVLE

03.09.2025 13:05 πŸ‘ 5 πŸ” 4 πŸ’¬ 0 πŸ“Œ 0
Post image

the recording of my talk on the Black Hat show floor is up on yout00b :) youtu.be/whhOYRWd_rs

22.08.2025 13:15 πŸ‘ 9 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
Preview
The Future of Product Management Is AI-Native Takeaways from My Conversation with Marily Nika

I’ve been exploring what it means to be an AI-native PM. Marily Nika’s workflow feels like the state of the art.

Perplexity for user research filtered to Reddit, custom GPTs for specs in her voice, and v0 for UI mockups. Prototypes in hours, not weeks.

Hardest part is getting the tools approved.

09.08.2025 13:16 πŸ‘ 63 πŸ” 6 πŸ’¬ 1 πŸ“Œ 0

anyone working in security knows
that tools can be used for good or for evil
but dont forget they are often used for stupid

08.08.2025 23:10 πŸ‘ 389 πŸ” 77 πŸ’¬ 12 πŸ“Œ 4
Preview
OpenAI’s new open weight (Apache 2) models are really good The long promised OpenAI open weight models are here, and they are very impressive. They’re available under proper open source licensesβ€”Apache 2.0β€”and come in two sizes, 120B and 20B. OpenAI’s …

OpenAI released their long-promised open weight models today under clean Apache 2 licenses and with benchmarks that put them shockingly close to o3-mini and o4-mini

I've run the smaller (20B) model on my Mac and it's very impressive, despite only using ~15GB of RAM simonwillison.net/2025/Aug/5/g...

05.08.2025 20:39 πŸ‘ 158 πŸ” 31 πŸ’¬ 13 πŸ“Œ 4

The second challenge in our monthly CTF series is out! This time focused on a container escape.

31.07.2025 14:20 πŸ‘ 2 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
Preview
Introducing Kingfisher: Real-Time Secret Detection and Validation | MongoDB Blog Discover Kingfisher, MongoDB’s open-source tool for security and DevOps engineers to detect and validate exposed secrets in code and repositories.

The crazy fast secret discovery program I wrote in Rust has been open-sourced. Check it out!

17.06.2025 00:39 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Jeff Bezos explains one-way door decisions and two-way door decisions
Jeff Bezos explains one-way door decisions and two-way door decisions YouTube video by Startup Archive

I’ve always liked the Amazon β€œone way door vs two way door” analogy for this type of decision making:

m.youtube.com/watch?v=rxsd...

08.06.2025 17:43 πŸ‘ 6 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0
NSEC2023 - Burp Suite Pro tips and tricks, the sequel
NSEC2023 - Burp Suite Pro tips and tricks, the sequel Based on my in-depth knowledge of both Burp Suite and its extensions, this talk aims to provide bug hunters and pentesters with a set of useful strategies. T...

If you never used the Piper extension, I recommend to watch the 4-minute demo I gave last year during my talk at
NorthSec πŸ› οΈ

10.04.2024 07:18 πŸ‘ 1 πŸ” 2 πŸ’¬ 1 πŸ“Œ 0

Nice clear explanation of how GitHub roll out new implementations of features out that get 2,000 queries a second - including dark-shipping to 1% of users where the new implementation is invisibly compared with the production one via a background job

25.05.2025 22:04 πŸ‘ 47 πŸ” 6 πŸ’¬ 0 πŸ“Œ 1
Preview
The Ultimate Double-Clickjacking PoC | Jorian Woltjer Combing a lot of browser tricks to create a realistic Proof of Concept for the Double-Clickjacking attack. Moving a real popunder with your mouse cursor and triggering it right as you're trying to bea...

Double-Clickjacking, or "press buttons on other sites without preconditions". After seeing and experimenting with this technique for a while, I cooked up a variation that combines many small tricks and ends up being quite convincing.
Here's a flexible PoC:
jorianwoltjer.com/blog/p/hacki...

25.05.2025 17:30 πŸ‘ 6 πŸ” 2 πŸ’¬ 2 πŸ“Œ 0

In case you've a hard time intercepting Firefox traffic to the loopback interface, open the about:config page and set "network.proxy.allow_hijacking_localhost" to True 🎁

Thanks @onemask.bsky.social for the tip πŸ™

16.05.2025 16:35 πŸ‘ 13 πŸ” 6 πŸ’¬ 0 πŸ“Œ 0
Damn Vulnerable RESTaurant - API hacking
Damn Vulnerable RESTaurant - API hacking YouTube video by PinkDraconian

Pink Draconian (who apparently isn't on Bluesky 😒) published a walk-through of the "Damn Vulnerable RESTaurant" app

The video contains some pretty good tips related to Burp Suite, give it a look!

youtu.be/CdVTG3aWTew?...

06.04.2025 13:56 πŸ‘ 11 πŸ” 6 πŸ’¬ 0 πŸ“Œ 1
Post image

As LLMs and AI-powered IDEs like Cursor are transforming how we code, security tools haven’t kept up. That's why we built our MCP server, which gives LLMs the ability to use Semgrep (kind of like how ChatGPT uses Python for math).

πŸ”— semgrep.dev/blog/2025/gi...

04.04.2025 19:10 πŸ‘ 2 πŸ” 2 πŸ’¬ 0 πŸ“Œ 0
Preview
Interactive AWS NAT Gateway - Malith R An interactive blog post exploring AWS NAT Gateway

My interactive AWS NAT Gateway blog post is now published. Check it out at malithr.com/aws/natgatew....

20.03.2025 08:56 πŸ‘ 65 πŸ” 12 πŸ’¬ 10 πŸ“Œ 6
UC - Web Sockets

UC - Web Sockets

Just dropped another completely free API security lesson on JustHacking, this time we’re looking at WebSocket APIs. In this 30min lesson you’ll learn what a WebSocket is and the types of apps that use them, how to communicate to WebSockets and some of the security issues in them!

20.03.2025 21:18 πŸ‘ 13 πŸ” 7 πŸ’¬ 1 πŸ“Œ 0
programmers are always posting like "worked on tracking down an issue with a Flurble deployment for twelve hours. the problem wasn't in Flurble at all - it was in the Gumbies install. It turns out if you install Gumbies 3.0 over Gumbies 2.7 and don't do a cache flush on all the client spiders they'll get stuck in the crystal maze." then you look up Gumbies and the site is one of those scroll scroll scroll types with one sentence per page, like "GUMBIES is a lean, expressive sharding sandcube for testing and deploying large scale Woodchips playgrounds. GUMBIES automates and streamlines away watersliding phases, meaning your team can get right to the chipping. See why Microsoft, OpenAl and Bloingo have embraced GUMBIES in their Woodchips workflows." and you get to the bottom and you're like I want this I guess but I still don't know what

programmers are always posting like "worked on tracking down an issue with a Flurble deployment for twelve hours. the problem wasn't in Flurble at all - it was in the Gumbies install. It turns out if you install Gumbies 3.0 over Gumbies 2.7 and don't do a cache flush on all the client spiders they'll get stuck in the crystal maze." then you look up Gumbies and the site is one of those scroll scroll scroll types with one sentence per page, like "GUMBIES is a lean, expressive sharding sandcube for testing and deploying large scale Woodchips playgrounds. GUMBIES automates and streamlines away watersliding phases, meaning your team can get right to the chipping. See why Microsoft, OpenAl and Bloingo have embraced GUMBIES in their Woodchips workflows." and you get to the bottom and you're like I want this I guess but I still don't know what

This is my entire life

17.03.2025 01:53 πŸ‘ 1504 πŸ” 417 πŸ’¬ 28 πŸ“Œ 39
Post image

Generated a few fuzz harnesses using new local models, OlympicCoder was best, fixing own bugs zero-shot & few hallucinations

Open R1 OlympicCoder 32B
DeepSeek R1 Distill Qwen 32B
QwQ 32B
Gemma-3-27b-it

All 4bit quant. Coder was by bartowski, the rest were Unsloth dynamic quant

13.03.2025 04:19 πŸ‘ 13 πŸ” 3 πŸ’¬ 2 πŸ“Œ 0
Preview
Command and KubeCTL: Kubernetes Security for Pentesters and Defenders 2025 Kubernetes is a security challenge that many organizations need to take on, and we as pentesters, developers, security practitioners, and the technically curious need to adapt to these challenges. In ...

I'm taking requests for my BSides Rekjavik k8s talk.
* Do you want a demo of something?
* Talk about something specific?
* A new tool that could use a boost?
Serious and/or sarcastic accepted.

Please reshare because the algorithm still needs tuning

cfp.bsidesreykjavik.com/2025/talk/KP...

02.03.2025 18:02 πŸ‘ 3 πŸ” 3 πŸ’¬ 0 πŸ“Œ 0