Eslam Salem's Avatar

Eslam Salem

@netcodex.bsky.social

Manager, security research @ Datadog | he/him | Chess lover | Blackhat speaker | ex Sqreen.io, Shieldfy.io | my website: https://eslam.io

314 Followers  |  56 Following  |  35 Posts  |  Joined: 22.11.2024  |  1.4883

Latest posts by netcodex.bsky.social on Bluesky

Preview
The Shai-Hulud 2.0 npm worm: analysis, and what you need to know | Datadog Security Labs Learn more about the Shai-Hulud 2.0 npm worm.

It was an interesting 72 hours tracking down the second wave of Shai Hulud campaign. It's more sophisticated and aggressive than the first one. We published all what we know about it here securitylabs.datadoghq.com/articles/sha... #npm #shaihulud #malware

26.11.2025 19:00 β€” πŸ‘ 3    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
MUT-4831: Trojanized npm packages deliver Vidar infostealer malware | Datadog Security Labs Analysis of a threat actor campaign targeting Windows users with Vidar infostealer malware via malicious npm packages

Our team tracked down a malicious campaign in NPM deploying Vidar stealer. This is the first time we see Vidar stealer distributed via supply chain attack.
securitylabs.datadoghq.com/articles/mut...
#npm #malware #supplychainattack

06.11.2025 12:50 β€” πŸ‘ 3    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

I still didn't install bat yet but looks very good. I will do it now.

14.09.2025 08:08 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

I'm in love with claude code. The way it handles code writing and automates bash tasks is amazing and so convenient to me.
if you are an experienced developer, know what you are doing, the tasks that usually take Weeks. You will be able to do it in Hours 🀯🀯 #claudecode #ai

13.09.2025 17:22 β€” πŸ‘ 2    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0

Q for developers. Do you love/hate mandatory security training? And why?
#security #training #developers

17.06.2025 13:37 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
The obfuscation game: MUT-9332 targets Solidity developers via malicious VS Code extensions | Datadog Security Labs Analysis of a threat actor campaign targeting Solidity developers via three malicious VS Code extensions

🚨 The obfuscation game: MUT-9332 targets Solidity developers via malicious VS Code extensions!

Deep dive analysis in this obfuscated campaign including (PowerShell & VBS scripts, PE malware, Malicious browser extensions even stegomalware)

Enjoy reading securitylabs.datadoghq.com/articles/mut...

21.05.2025 12:10 β€” πŸ‘ 2    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0

Pretty interesting threat campaign have been discovered by our research team.
We will be disclosing it in couple of hours , stay tuned πŸ˜‰
#threats #malicious #security_research #datadog

21.05.2025 09:54 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Recognizing employees for a job well done is just as important as giving constructive feedback when they underperform. Balance builds growth. #Leadership #Feedback

15.05.2025 09:25 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

I don't like threat actors attribution that much because in most cases it's wrong and so easily to be forged. We still should cluster campaigns but there is no "high confidence" attribution IMHO.

14.05.2025 18:44 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
How I Used AI to Create a Working Exploit for CVE-2025-32433 Before Public PoCs Existed A step-by-step walkthrough of how I leveraged AI to analyze, understand, and exploit the Erlang SSH pre-authentication vulnerability (CVE-2025-32433) without any existing public proof of concept. Lear...

Nice work for using AI to create POC by analysis the patch diff

platformsecurity.com/blog/CVE-202...

24.04.2025 14:47 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

I have been told there will be a special announcement at 10am CET (that's 4am EDT btw) regarding this.

I will release the info I have at that time also. Thank you for the support.

16.04.2025 01:54 β€” πŸ‘ 32    πŸ” 7    πŸ’¬ 3    πŸ“Œ 1

Any idea what will happen to the CVE program after MITRE
x.com/0xTib3rius/s...

15.04.2025 20:07 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Picture of the tutorial room in Kubecon eu 2025

Picture of the tutorial room in Kubecon eu 2025

It’s the tutorial room at #kubecon where we’ll be hacking up a storm in just over 30 minutes!

04.04.2025 12:12 β€” πŸ‘ 19    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0
GitHub found 39M secret leaks in 2024. Here's what we're doing to help Every minute, GitHub blocks several secrets with push protectionβ€”but secret leaks still remain one of the most common causes of security incidents. Learn how GitHub is making it easier to protect your...

Interesting to see secret leaks in git still one the biggest threats in SDLC.
github.blog/security/app...

01.04.2025 16:15 β€” πŸ‘ 3    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

I think it's time for me to start digging into AI and LLMs. I'm not sure where to start, any advice?

31.03.2025 20:42 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Seeing phrack magazine brings so much good memories. Good old days.

31.03.2025 20:36 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
.:: Phrack Magazine ::. Phrack staff website.

It's amazing how important one Phrack article from 27 years ago has been for web application security.

Covering what we now call SQL Injection and SSRF (amongst other things) problems we're still trying to handle today laid out in a couple of paragraphs

phrack.org/issues/54/8#...

27.03.2025 09:42 β€” πŸ‘ 62    πŸ” 13    πŸ’¬ 2    πŸ“Œ 0
Preview
Understanding CVE-2025-29927: The Next.js Middleware Authorization Bypass Vulnerability | Datadog Security Labs Learn how the Next.js middleware authorization bypass vulnerability works, and how to detect and remediate it.

This time we analyzed the Next.js middleware bypass vulnerability (CVE-2025-29927). Also included IP/UA trying to exploit this in the wild.
securitylabs.datadoghq.com/articles/nex...

28.03.2025 14:41 β€” πŸ‘ 3    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Preview
The Learn how the Kubernetes Ingress NGINX Controller vulnerabilities work, how to detect and remediate them.

Our analysis and takeaways for IngressNightmare - Several vulnerabilities in the Kubernetes Ingress NGINX Controller. Enjoy!
securitylabs.datadoghq.com/articles/ing...

25.03.2025 23:03 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

I love it when some people tells me that's is your limit, this is your ceiling. This is when I feel fire within me reignite!

16.12.2024 08:58 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
AWS re:Invent 2024 - Beyond just observing, protecting your whole software supply chain (SEC406)
YouTube video by AWS Events AWS re:Invent 2024 - Beyond just observing, protecting your whole software supply chain (SEC406)

Amazing presentation about supply chain security and the amazing work we do by our leaders @techy.detectionengineering.net
(Director of research) and Andrewkrug (Manager of advocacy) youtu.be/1b0RIi19qrw?...

09.12.2024 18:14 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Supply chain firewall in action
github.com/DataDog/supp...

06.12.2024 12:35 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Introducing Supply-Chain Firewall: Protecting Developers from Malicious Open Source Packages | Datadog Security Labs Release of Supply-Chain Firewall, an open source tool for preventing the installation of malicious PyPI and npm packages

We are happy to introduce our latest tool "Supply Chain Firewall" πŸŽ‰ by @ikretz.bsky.social
The tool detects & prevents installation of malicious packages in local development environment.

Read more
securitylabs.datadoghq.com/articles/int...

And give it a try github.com/DataDog/supp...

06.12.2024 12:19 β€” πŸ‘ 11    πŸ” 7    πŸ’¬ 0    πŸ“Œ 0
Post image Post image

Supply-chain attack in the ultralytics PyPI package: github.com/ultralytics/...

An attacker opened a pull request and pushed a commit with a malicious name, leading to CI code injection.

They then backdoored versions 8.3.41 and 8.3.42 with code downloading a second-stage binary from GitHub

05.12.2024 17:12 β€” πŸ‘ 5    πŸ” 3    πŸ’¬ 1    πŸ“Œ 0
Preview
FBI Warns iPhone And Android Usersβ€”Stop Sending Texts US officials urge citizens to use encrypted messaging and calls wherever they canβ€”here’s what you need to know.

Common reasoning is that SMS 2FA is bad due to the risk of SIM swapping. It’s also bad if the telecommunications networks are hostile 😬
www.forbes.com/sites/zakdof...

05.12.2024 14:43 β€” πŸ‘ 10    πŸ” 3    πŸ’¬ 1    πŸ“Œ 0

Awesome, Stratus Red Team v2.20.0 is now available πŸŽ‰

04.12.2024 17:52 β€” πŸ‘ 0    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Post image

My Blackhat MEA arsenal presentation: "Detect Malicious Packages with Guarddog"
drive.google.com/file/d/11SAN...

03.12.2024 13:48 β€” πŸ‘ 4    πŸ” 4    πŸ’¬ 0    πŸ“Œ 0

Looks good, I will give it a try this weekend

28.11.2024 15:46 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image Post image

We released Censeye today, an open source CLI tool that makes it dramatically easier to pivot and find related assets when threat hunting on Censys instead of manually checking for potential identifying characteristics like an SSH host key. github.com/Censys-Resea...

27.11.2024 17:05 β€” πŸ‘ 28    πŸ” 14    πŸ’¬ 2    πŸ“Œ 1
Preview
GitHub - stripe/smokescreen: A simple HTTP proxy that fogs over naughty URLs A simple HTTP proxy that fogs over naughty URLs - GitHub - stripe/smokescreen: A simple HTTP proxy that fogs over naughty URLs

Dns reminding attack is extremely hard to defend against without strict allow list policies. The best attempt so far IMO is stripe smokescreen github.com/stripe/smoke...

26.11.2024 10:44 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

@netcodex is following 20 prominent accounts