Skip to content

Feat/add safe t1004 server impersonation#127

Open
geekysatbir wants to merge 9 commits intosafe-agentic-framework:mainfrom
geekysatbir:feat/add-safe-t1004-server-impersonation
Open

Feat/add safe t1004 server impersonation#127
geekysatbir wants to merge 9 commits intosafe-agentic-framework:mainfrom
geekysatbir:feat/add-safe-t1004-server-impersonation

Conversation

@geekysatbir
Copy link
Copy Markdown
Contributor

@geekysatbir geekysatbir commented Nov 16, 2025
edited
Loading

Summary

This PR adds comprehensive documentation for SAFE-T1004: Server Impersonation / Name-Collision, a technique where attackers register or advertise malicious MCP servers using identical names or identifiers as trusted ones, exploiting weaknesses in naming systems (DNS, mDNS, or MCP's On-Device Agent Registry) to gain initial access.

What's Added

Key Features:

  • Complete Technique Documentation: Comprehensive overview covering attack vectors, technical details, prerequisites, and attack flow
  • Advanced Attack Techniques: Detailed explanations of DNS cache poisoning, ODR poisoning, certificate misuse, and service redeployment window exploitation
  • Detection Methods:
    • Indicators of Compromise (IoCs) for identifying server impersonation attacks
    • Sigma-format detection rule for automated threat detection
    • Behavioral indicators and monitoring strategies
  • Mitigation Strategies: Preventive and detective controls including server verification, certificate pinning, registry validation, and monitoring
  • Related Techniques: Links to SAFE-T1002 (Supply Chain Compromise) and SAFE-T1003 (Malicious MCP-Server Distribution)
  • MITRE ATT&CK Mapping: Aligned with T1199 (Trusted Relationship) and related techniques

Technical Highlights:

  • Documents attack vectors including DNS hijacking, mDNS poisoning, ODR (On-Device Agent Registry) manipulation, and ARP cache poisoning
  • Provides practical example scenarios demonstrating DNS-based and ODR-based server impersonation
  • Includes current status of mitigations and industry best practices
  • Created Sigma detection rule (UUID: 71aa869b-65cc-47f3-ada5-d9e67337dc44) for identifying server impersonation patterns

Value Proposition:

This documentation addresses a critical initial access vector in MCP environments, helping security teams understand how attackers exploit naming system weaknesses to impersonate trusted servers. The technique is particularly relevant for organizations deploying MCP servers in enterprise environments where discovery mechanisms like DNS, mDNS, and ODR are commonly used.

Type of Contribution

  • New Technique
  • Documentation improvement

Testing

  • All links verified to use relative paths (../SAFE-TXXXX/README.md format)
  • Detection rule validated for proper Sigma format and UUID
  • Related techniques links tested and working
  • Main README updated with correct link format

Related Techniques

  • SAFE-T1002: Supply Chain Compromise (related but focuses on package compromise rather than server impersonation)
  • SAFE-T1003: Malicious MCP-Server Distribution (related but involves creating new malicious servers rather than impersonating existing ones)

References

  • MITRE ATT&CK T1199: Trusted Relationship
  • DNS cache poisoning attacks (Kaminsky, 2008)
  • MCP On-Device Agent Registry (ODR) documentation
  • OWASP resources on certificate validation and server verification

Satbir Singh and others added 5 commits November 15, 2025 11:27
Add beginner-friendly examples section to SAFE-T1106
5b37f87 
Added practical Python code examples demonstrating:
- Simple loop detection using call history tracking
- Basic loop prevention with iteration limits and convergence checks
- Log pattern analysis for identifying loop indicators

This addition helps beginners understand autonomous loop exploits
through hands-on, runnable code examples.

Signed-off-by: Satbir Singh <satbisin@cisco.com>
Update version history author to Satbir Singh
82b64a0 
Signed-off-by: Satbir Singh <satbisin@cisco.com>
docs(SAFE-T1106): fix changelog date and add md5 usage note
c6c45db 
Signed-off-by: Satbir Singh <satbisin@cisco.com>
@geekysatbir
feat(SAFE-T1004): add Server Impersonation / Name-Collision technique…
75778e5 
… documentation

- Added comprehensive documentation for SAFE-T1004 technique
- Includes attack vectors, technical details, detection methods, and mitigations
- Created Sigma-format detection rule for identifying server impersonation attacks
- Updated main README to link to new technique documentation

This technique documents how attackers impersonate trusted MCP servers through
name collision, DNS hijacking, and discovery service manipulation to gain
initial access to MCP environments.

Signed-off-by: Satbir Singh <satbir.taya84@gmail.com>
@geekysatbir
docs(SAFE-T1004): enhance Advanced Attack Techniques and Current Stat…
ebfac79 
…us sections

- Expanded Advanced Attack Techniques with more detailed explanations
- Enhanced Current Status section with specific implementation details
- Improved clarity and alignment with SAFE-T1008 format

Signed-off-by: Satbir Singh <satbir.taya84@gmail.com>
arjunastha
arjunastha reviewed Nov 17, 2025
View reviewed changes
techniques/SAFE-T1004/README.md Outdated

## Related Techniques
- [SAFE-T1002](../SAFE-T1002/README.md) – Supply Chain Compromise (related but focuses on package compromise rather than server impersonation)
- [SAFE-T1003](../SAFE-T1003/README.md) – Malicious MCP-Server Distribution (related but involves creating new malicious servers rather than impersonating existing ones)
Copy link
Copy Markdown
Collaborator

@arjunastha arjunastha Nov 17, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@geekysatbir Currently these link route to 404. Please fix routing issue.

Copy link
Copy Markdown
Contributor Author

@geekysatbir geekysatbir Nov 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@arjunastha I made the changes. Thanks.

@geekysatbir
fix(SAFE-T1004): correct Related Techniques link paths
1c8e92a 
Fixed relative paths to use absolute paths from repository root to resolve 404 errors in GitHub PR view.

Signed-off-by: Satbir Singh <satbir.taya84@gmail.com>
@geekysatbir
fix(SAFE-T1004): use relative paths for Related Techniques links
2f73911 
Changed from absolute paths (techniques/SAFE-TXXXX/README.md) to relative paths
(../SAFE-TXXXX/README.md) to match the format used by other techniques in the
repository. This ensures links work correctly when viewing files in GitHub's
web interface.

Signed-off-by: Satbir Singh <satbir.taya84@gmail.com>
@geekysatbir geekysatbir force-pushed the feat/add-safe-t1004-server-impersonation branch from 41a36a4 to 2f73911 Compare November 17, 2025 03:37
@geekysatbir
Merge branch 'main' into feat/add-safe-t1004-server-impersonation
6db5764 
Signed-off-by: Satbir Singh <satbir.taya84@gmail.com>
@geekysatbir
Merge upstream/main into feat/add-safe-t1004-server-impersonation
2ddfd8a 
- Resolved conflicts by accepting upstream version for SAFE-T1004
  (already merged by another contributor)
- README.md merged automatically

Signed-off-by: Satbir Singh <satbisin@cisco.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@arjunastha arjunastha arjunastha left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@geekysatbir @arjunastha