tl;dr sec
Keep up with Cybersecurity in 7 min/week. Join >90,000 security professionals getting the best tools, talks, and resources right in their inbox for free.
Connect
A Practitioner’s Guide to Consuming AI
An overview of current applications of AI/ML to cybersecurity with relevant links and a vision of where things are headed.
2 Days | 4 Rooms | ~32 Hours of Talks
A threat-informed roadmap for securing Kubernetes clusters
A collection of interesting AI tools, products, resources, papers, and more I’ve come across.
A breakdown of what constitutes the software supply chain and how to secure each stage
How Burp Suite is adding AI-powered features, understanding and mitigating OAuth vulns, a PoC to subtly backdoor an LLM
Insights from Chinese intel reports on the NSA's TTPs, understanding and testing passkeys, how Databricks leverages AI to focus on business critical CVEs
NVIDIA's Agentic CVE investigation workflow, compromising the Internet via abandoned S3 buckets, do more in AppSec by doing less
How Google eliminates vuln classes, human expert-level AI spear phishing, how Palantir hardens their code writing process
How to autofix code and reduce noise, guide on creating infra diagrams and relevant threat modeling tools, identifying cloud TTPs and threat actors
Tool to sinkhole and misinform AI bots crawling your site, Google's new software composition analysis tool, hijacking backdoors in web shells at scale
Microsoft and OpenAI on red teaming AI, SCPs and Resource Control Policies in detail, how EDR works and how to bypass it
Protecting your Cloud Admin account, getting hacked via IdPs you don't even use, paper & tool about LLM-powered dynamic cloud defense
Reddit's flexible code scanner for any CLI tool, an agent that analyzes JS and tests routes, new tool to scan OSS packages
Insights from 50+ security leaders, OSS tool to protect devs from malicious dependencies, playlist of re:Invent's security talks
A deep dive into what CISOs are actually complaining about
Google's AI-powered fuzzing and augmenting SAST with AI, new OSINT/recon service for public AWS identifiers, finding EDR vulns with fuzzing
![[tl;dr sec] #268 - AI-powered Burp Suite, OAuth Vulnerabilities, Subtle LLM Backdoors](https://media.beehiiv.com/cdn-cgi/image/format=auto,width=800,height=421,fit=scale-down,onerror=redirect/uploads/publication/thumbnail/080a561f-2435-4477-a549-ab9f115e047c/landscape_Screenshot_2024-11-21_at_10.48.21_AM.png)
