The best way to keep up with cybersecurity research. Join >30,000 security professionals getting the best tools, talks, and resources right in their inbox for free.
Connect
A Practitioner’s Guide to Consuming AI
Rami McCarthy5 months ago
An overview of current applications of AI/ML to cybersecurity with relevant links and a vision of where things are headed.
Clint Gibler5 months ago
2 Days | 4 Rooms | ~32 Hours of Talks
Clint Gibler6 months ago
Datadog's insights on the security posture of 1000's of orgs, a collection of breach reports with TTPs, how red teamers can abuse Slack
Clint Gibler4 days ago
A collection of interesting AI tools, products, resources, papers, and more I’ve come across.
Clint Gibler5 days ago
List of >100 security-focused GPT agents, join Chris Hughes and I's supply chain security webinar, Docker image with k8s pentesting tools
Clint Gibler18 days ago
Rapidly ramp up your web security knowledge, new EKS CTF, big list of supply chain security resources
Clint Gibler25 days ago
Security roles overview, skills required, and how to land them, how security teams can help devs ship faster, tool to scan GH Action files at scale
Clint Giblera month ago
Make sure you're always the perfect candidate, repo with almost every CVE proof of concept, containers & seccomp deep dive
Threat hunting in AWS based on real attacker activity, tools to scan, monitor, or pilfer SSH, principles for user-centric security
Clint Gibler2 months ago
Tool to steal CI/CD env secrets via deploying a malicious pipeline, proxy your traffic through a victim's browser, consulting 101, finding your moat, and Moxie's career advice
Tool to find attack paths in Kubernetes clusters, an overview of 20+ supply chain security vendors, Nextdoor's criteria for evaluating CSPMs
An analysis of over 20 supply chain security vendors, from securing source code access and CI/CD pipelines to SCA, malicious dependencies, container security, SBOMs, code provenance, and more
Clint Gibler, Francis Odum2 months ago
Tool to find ephemeral assets in cloud infra, Dropbox's LLM security scripts, post-exploitation techniques for Okta
LLMs + ATT&CK → tailored incident response scenarios, OpenSSF's source code management platform best practices, new TTPs for the cloud storage threat matrix
Detailed overview of the areas of supply chain security, 7 ways to escape containers, AI for threat modeling, TTPs, & malicious packages
Clint Gibler3 months ago
A breakdown of what constitutes the software supply chain and how to secure each stage
Clint Gibler, Francis Odum3 months ago
How to build and test a DaC pipeline, new NIST whitepaper on integrating supply chain security measures into CI/CD pipelines, and finding malicious PyPi/npm packages with LLMs
Tons of career resources and advice, I'm starting a podcast on modern security practices, finding tricky state machine web bugs
Some subtle ways secrets leak and how to mitigate, AI threat modeling for policymakers, in-toto and TACOS
Survey of misconfigured and openly accessible k8s clusters, several SBOM resources, how Elastic uses Elastic for vulnerability management
Clint Gibler4 months ago
Multi-cloud open source tool to deploy vulnerable-by-design cloud resources, fuzzing Kubernetes Admission Controllers, where you can get tl;dr sec swag at Hacker Summer Camp
Common techniques and attack vectors for both AI and SaaS apps, a deliberately vulnerable GHA CI/CD environment, tool to find authentication and authorization bugs in web apps
Google's whitepaper on how they approach AI red teaming, OWASP's cloud architecture security cheatsheet, ToB on static/dynamic analysis tooling
Spin up purposefully vulnerable Azure AD tenants, detailed examples of modern detection pipelines, new subscriber milestone!
How to secure product features that leverage AI, CISA's repo of example penetration testing findings, how to join Google's red team and other career resources
CISA/NSA's guide on defending cloud CI/CD, backdooring NPM modules depending on binaries in S3, I'm collecting AI + cybersecurity resources
![[tl;dr sec] #209 - State of Cloud Security, Breach Report Collection, Abusing Slack for Offensive Operations](https://media.beehiiv.com/cdn-cgi/image/format=auto,width=800,height=421,fit=scale-down,onerror=redirect/uploads/publication/thumbnail/080a561f-2435-4477-a549-ab9f115e047c/landscape_Screenshot_2023-12-02_at_12.44.25_PM.png)
