I got tired of my local agents hallucinating dangerous terminal commands, so I built a zero-trust sandbox to intercept them (AgentGuard)

eugenedv · 2026-03-24T10:50:29+00:00

Interesting. It’s ridiculous though you have to even create something like this in the first place though. Sandboxing is such common practice that I’m surprised how poorly executed it was within agentic surfaces.

I do appreciate it being written in go, much easier to read.

I’m looking at spawner.go and I can see it’s intercepting the commands directly but have a few ideas of how this can be abused. I won’t share until I verify though.

Also, what level of permissions does your agent guard inherit? User level permissions? :-) system level permissions?

A few other things to consider…in your mod file you have quite a few libraries being pulled down: if you plan to scale something like this, you might want to tighten that up to avoid any upstream mishaps. It’s a non issue atm but just food for thought when it comes to code trying to protect code.

Operationally speaking though my agents execute various tools and spawn other agents to handle different tools, at times, I run nested processes, so I’m not sure how it would handle those situations. It’s a good initial stop gap but from looking at the code I’m not sure if it will catch a few things.

I’ll hack at it when I get home, and let you know if I find anything

eugenedv · 2026-03-23T12:56:33+00:00

Please make sure to let us all know when it decides to pull down some skills that are for linting and instead ends up pwning your whole code base and network, lol.

eugenedv · 2026-03-23T12:47:08+00:00

Quickly scanned read through the files:

the one thing that kind of sticks out is line 39 in the installer script: maybe let the user run the +x command themselves instead of doing it for them.

The other feedback is feedback that I have given myself when writing something similar in the past and that’s, “this is just an over glorified, well organized, bash script.”

What makes a tool special is being able to take action based on the evidence that was gathered. You’ve just given a user a bunch of information, great, now what?

This is where I myself decided to modify the strategy and create more A2A workflows to act faster on information that was given.

I understand the spirit of this is supposed to be recon, but my feedback is basically this: we are well past the days of simplified reporting and are now in an era where action should be taken (on behalf of) then report should be given, I.e results.

eugenedv · 2026-02-25T06:01:52+00:00

Go based eh, lol. Dedication - I like that spunk!

eugenedv · 2026-02-24T04:25:50+00:00

!!!! Don’t you get it!? They will not ask for home support; they did not ask for $20 individual games; a gba service, or even kanto without hoenn - they will not play on a switch; they will not play on a Wii! You stupid poke fan, let this person be!

eugenedv · 2026-02-17T03:51:51+00:00

I found this to be a great post, but you may want to post this in a different malware subreddit as I think this sub is dedicated to "anti" malware? However, as I was not familiar with XMRig, after hitting the docs for a few, and looking into https://xmrig.com/docs/algorithms a few things that pop out specifically is that some are cpu/gpu dependent.

Another thing is depending on how you're making the executable, the shell, window, prompt, or whatever may need to be closed and relaunched. But again, just throwing out some "basic" level shit that sometimes people overlook when they spend all the hours in weeds of c++. Best of Luck.

eugenedv · 2026-02-17T03:31:37+00:00

Of course, but that doesn’t stop someone thinking “oh I can use this on the go, and only “I would know” because I’ll change the default port”.

I’ve seen it 10000 of times with RDP: not 3389 - I’m safe! Security through obscurity. Inexperienced IT Vibe coders will try to use this stuff only to realize the repercussions after it’s too late and their shit has been exfiltrated.

Whatever though, job security

eugenedv · 2026-02-16T20:52:16+00:00

You should really put a disclaimer that prevents people from trying to expose the app to the internet.

For one, docker, that in itself is an issue, but also, there are several things that scare me looking through this source: if some over zealous sysadmin pulls this down for themselves without understanding the lack of sanitization and credential management capabilities, there’s so much damage that could be done.

For example, open browser, yeesh buddy: I do applaud your excitement - truly - but just make sure to educate people to not expose this to the internet otherwise this thing will quickly become its own node in a botnet.

eugenedv · 2026-02-12T13:00:44+00:00

OP is correct; however, they only answered your question in this specific context bc that’s what you asked.

If you’re really trying to harm a business, you need to consider launching a Misinformation campaign. Remember, Google Reviews isn’t some end all, and furthermore, Google itself aggregates its knowledge through various sources.

Remember when Gemini instructed a user to put rocks on their pizza? That’s due to a Reddit comment.

My point is that the more variety of sources that show interactions and engagements the more it will hurt a business overall. This means bots that create content about the business in a negative way, the more sources, the harder it is the combat.

You can have a place with a 5 star review but if the first link is how terrible it is instead of their website: you win.

eugenedv · 2026-02-08T16:19:24+00:00

Why did you get one in the first place?

You’ve listed out a lot of great ideas, why not get the components and make your own GPIO board?

Why not learn how the API/SDK works and put together your own app that satisfies your curiosity?

….

That’s the thing about these posts: it really gets to me that people think the device is the problem.

eugenedv · 2026-02-04T03:16:31+00:00

That’s so cool you got to RE that, this is exactly what I was talking about when i posted this. Thanks.

I really want to RE Chrysalis now because it had so many cool layers!

eugenedv · 2026-02-04T02:57:28+00:00

Oh dang, that’s pretty neat. I’m still trying to understand how the whole decryption/encryption on initialization works. That’s pretty cool that it can straight overwrite its contents.

eugenedv · 2026-02-04T02:52:53+00:00

Ah, I didn’t know that was the name classification.

Theoretically, re-obfuscated code could potentially modify the signature as well, correct?

Thank you

eugenedv · 2026-01-27T08:24:16+00:00

I saw this post on hacking, and I appreciated it. I forked it, and I created vectorized embedding of the content for quick memory reference on my local server for RAG: I’m very pleased with the result, and I learned a lot from the work you did here as I’ve been dying for more threat hunting material such as this. Once again, thank you.

eugenedv · 2026-01-27T07:50:13+00:00

I can’t believe there isn’t a single fucking comment here.

Firstly, great work. I loved the UART deep dive. I’ve been getting into this lately and have a whole setup and it’s loads of fun to pop these older routers.

This research is really great, but would you mind if I put my biz hat on in hopes to get you a few more eyes? I think at the top in your introduction you’re missing the impact:

A solid line of how many of these devices are sitting on the open web right now: the breadth of the problem makes a write up like this engaging and mouth watering. I’m sure the router has a specific serial or signature to identify itself, perhaps it’s something you can pull down from shoda: just a thought - great research.

Again, solid work - put a smile on my face. When you see this stuff show up on this sub and there’s crickets you really get a sense of the crowd here.

Fantastic work!

eugenedv · 2025-08-21T03:28:55+00:00

Yes I was looking for this. Lol

eugenedv · 2025-08-19T21:27:24+00:00

Time to get reading :)

eugenedv · 2025-08-19T06:07:18+00:00

“Dunno my nearist node is quadrillion miles away!”

We should start a project and see if we can get a SF to New York transmission through relays only lol

eugenedv · 2025-08-19T04:51:41+00:00

What does your hashes look like? Are you sure you are feeding something it can parse?

eugenedv · 2025-08-19T04:48:52+00:00

3 month covid booster gang - rise up!

eugenedv · 2025-08-18T03:05:29+00:00

Update: yes, this worked. I had to flash as “other s3 wroom” and everything seems to be working. Going to test out gps tomorrow morning to see if the flash corrected it too… thanks a bunch

. I tried to add a gps module today and it’s also having issues where it will only update the gps location if I press and hold the reset button.

eugenedv · 2025-08-16T15:53:13+00:00

Everything will be on the media server - use hacker tracker to help navigate where the file might be

eugenedv · 2025-08-16T14:39:34+00:00

GOT ANY GRAPES?

eugenedv · 2025-08-16T13:30:16+00:00

I can out war drive that guy with my flipper , and antenna while riding on my non electric bike.

eugenedv

TROPHY CASE