Eslam Salem's Avatar

Eslam Salem

@netcodex.bsky.social

Manager, security research @ Datadog | he/him | Chess lover | Blackhat speaker | ex Sqreen.io, Shieldfy.io | my website: https://eslam.io

289 Followers  |  55 Following  |  31 Posts  |  Joined: 22.11.2024  |  1.7566

Latest posts by netcodex.bsky.social on Bluesky

Q for developers. Do you love/hate mandatory security training? And why?
#security #training #developers

17.06.2025 13:37 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
The obfuscation game: MUT-9332 targets Solidity developers via malicious VS Code extensions | Datadog Security Labs Analysis of a threat actor campaign targeting Solidity developers via three malicious VS Code extensions

🚨 The obfuscation game: MUT-9332 targets Solidity developers via malicious VS Code extensions!

Deep dive analysis in this obfuscated campaign including (PowerShell & VBS scripts, PE malware, Malicious browser extensions even stegomalware)

Enjoy reading securitylabs.datadoghq.com/articles/mut...

21.05.2025 12:10 β€” πŸ‘ 3    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0

Pretty interesting threat campaign have been discovered by our research team.
We will be disclosing it in couple of hours , stay tuned πŸ˜‰
#threats #malicious #security_research #datadog

21.05.2025 09:54 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Recognizing employees for a job well done is just as important as giving constructive feedback when they underperform. Balance builds growth. #Leadership #Feedback

15.05.2025 09:25 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

I don't like threat actors attribution that much because in most cases it's wrong and so easily to be forged. We still should cluster campaigns but there is no "high confidence" attribution IMHO.

14.05.2025 18:44 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
How I Used AI to Create a Working Exploit for CVE-2025-32433 Before Public PoCs Existed A step-by-step walkthrough of how I leveraged AI to analyze, understand, and exploit the Erlang SSH pre-authentication vulnerability (CVE-2025-32433) without any existing public proof of concept. Lear...

Nice work for using AI to create POC by analysis the patch diff

platformsecurity.com/blog/CVE-202...

24.04.2025 14:47 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

I have been told there will be a special announcement at 10am CET (that's 4am EDT btw) regarding this.

I will release the info I have at that time also. Thank you for the support.

16.04.2025 01:54 β€” πŸ‘ 34    πŸ” 8    πŸ’¬ 3    πŸ“Œ 1

Any idea what will happen to the CVE program after MITRE
x.com/0xTib3rius/s...

15.04.2025 20:07 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Picture of the tutorial room in Kubecon eu 2025

Picture of the tutorial room in Kubecon eu 2025

It’s the tutorial room at #kubecon where we’ll be hacking up a storm in just over 30 minutes!

04.04.2025 12:12 β€” πŸ‘ 19    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0
GitHub found 39M secret leaks in 2024. Here's what we're doing to help Every minute, GitHub blocks several secrets with push protectionβ€”but secret leaks still remain one of the most common causes of security incidents. Learn how GitHub is making it easier to protect your...

Interesting to see secret leaks in git still one the biggest threats in SDLC.
github.blog/security/app...

01.04.2025 16:15 β€” πŸ‘ 2    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

I think it's time for me to start digging into AI and LLMs. I'm not sure where to start, any advice?

31.03.2025 20:42 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Seeing phrack magazine brings so much good memories. Good old days.

31.03.2025 20:36 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
.:: Phrack Magazine ::. Phrack staff website.

It's amazing how important one Phrack article from 27 years ago has been for web application security.

Covering what we now call SQL Injection and SSRF (amongst other things) problems we're still trying to handle today laid out in a couple of paragraphs

phrack.org/issues/54/8#...

27.03.2025 09:42 β€” πŸ‘ 67    πŸ” 15    πŸ’¬ 2    πŸ“Œ 0
Preview
Understanding CVE-2025-29927: The Next.js Middleware Authorization Bypass Vulnerability | Datadog Security Labs Learn how the Next.js middleware authorization bypass vulnerability works, and how to detect and remediate it.

This time we analyzed the Next.js middleware bypass vulnerability (CVE-2025-29927). Also included IP/UA trying to exploit this in the wild.
securitylabs.datadoghq.com/articles/nex...

28.03.2025 14:41 β€” πŸ‘ 3    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Preview
The Learn how the Kubernetes Ingress NGINX Controller vulnerabilities work, how to detect and remediate them.

Our analysis and takeaways for IngressNightmare - Several vulnerabilities in the Kubernetes Ingress NGINX Controller. Enjoy!
securitylabs.datadoghq.com/articles/ing...

25.03.2025 23:03 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

I love it when some people tells me that's is your limit, this is your ceiling. This is when I feel fire within me reignite!

16.12.2024 08:58 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
AWS re:Invent 2024 - Beyond just observing, protecting your whole software supply chain (SEC406)
YouTube video by AWS Events AWS re:Invent 2024 - Beyond just observing, protecting your whole software supply chain (SEC406)

Amazing presentation about supply chain security and the amazing work we do by our leaders @techy.detectionengineering.net
(Director of research) and Andrewkrug (Manager of advocacy) youtu.be/1b0RIi19qrw?...

09.12.2024 18:14 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Supply chain firewall in action
github.com/DataDog/supp...

06.12.2024 12:35 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Introducing Supply-Chain Firewall: Protecting Developers from Malicious Open Source Packages | Datadog Security Labs Release of Supply-Chain Firewall, an open source tool for preventing the installation of malicious PyPI and npm packages

We are happy to introduce our latest tool "Supply Chain Firewall" πŸŽ‰ by @ikretz.bsky.social
The tool detects & prevents installation of malicious packages in local development environment.

Read more
securitylabs.datadoghq.com/articles/int...

And give it a try github.com/DataDog/supp...

06.12.2024 12:19 β€” πŸ‘ 11    πŸ” 7    πŸ’¬ 0    πŸ“Œ 0
Post image Post image

Supply-chain attack in the ultralytics PyPI package: github.com/ultralytics/...

An attacker opened a pull request and pushed a commit with a malicious name, leading to CI code injection.

They then backdoored versions 8.3.41 and 8.3.42 with code downloading a second-stage binary from GitHub

05.12.2024 17:12 β€” πŸ‘ 6    πŸ” 3    πŸ’¬ 1    πŸ“Œ 0
Preview
FBI Warns iPhone And Android Usersβ€”Stop Sending Texts US officials urge citizens to use encrypted messaging and calls wherever they canβ€”here’s what you need to know.

Common reasoning is that SMS 2FA is bad due to the risk of SIM swapping. It’s also bad if the telecommunications networks are hostile 😬
www.forbes.com/sites/zakdof...

05.12.2024 14:43 β€” πŸ‘ 10    πŸ” 3    πŸ’¬ 1    πŸ“Œ 0

Awesome, Stratus Red Team v2.20.0 is now available πŸŽ‰

04.12.2024 17:52 β€” πŸ‘ 0    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Post image

My Blackhat MEA arsenal presentation: "Detect Malicious Packages with Guarddog"
drive.google.com/file/d/11SAN...

03.12.2024 13:48 β€” πŸ‘ 4    πŸ” 4    πŸ’¬ 0    πŸ“Œ 0

Looks good, I will give it a try this weekend

28.11.2024 15:46 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image Post image

We released Censeye today, an open source CLI tool that makes it dramatically easier to pivot and find related assets when threat hunting on Censys instead of manually checking for potential identifying characteristics like an SSH host key. github.com/Censys-Resea...

27.11.2024 17:05 β€” πŸ‘ 27    πŸ” 14    πŸ’¬ 2    πŸ“Œ 1
Preview
GitHub - stripe/smokescreen: A simple HTTP proxy that fogs over naughty URLs A simple HTTP proxy that fogs over naughty URLs - GitHub - stripe/smokescreen: A simple HTTP proxy that fogs over naughty URLs

Dns reminding attack is extremely hard to defend against without strict allow list policies. The best attempt so far IMO is stripe smokescreen github.com/stripe/smoke...

26.11.2024 10:44 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

They try to explain the crazy world of today's security acronyms, good luck with that πŸ˜€ #BHMEA24

26.11.2024 10:30 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image Post image Post image Post image

They are taking it seriously this year with hacking infrastructure #BHMEA24

26.11.2024 10:19 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Simple way to bypass tradition WAFs in SSRF attack scenarios where you want to call IMDSv1 by @frichetten.com and @hackingthe.cloud

26.11.2024 08:57 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 2    πŸ“Œ 0

On my way to #blackhatmea, come and say hi if you are around πŸ˜‰

26.11.2024 08:51 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

@netcodex is following 20 prominent accounts