tl;dr sec

tl;dr sec

Keep up with Cybersecurity in 7 min/week. Join >90,000 security professionals getting the best tools, talks, and resources right in their inbox for free.

Connect

Featured Posts

BlogBlog
How to securely build product features using AI APIs

How to securely build product features using AI APIs

A Practitioner’s Guide to Consuming AI

Rami McCarthy
Rami McCarthy
BlogBlog
AI and Machine Learning in Cybersecurity

AI and Machine Learning in Cybersecurity

An overview of current applications of AI/ML to cybersecurity with relevant links and a vision of where things are headed.

Clint Gibler
Clint Gibler
What I Learned Watching All 44 AppSec Cali 2019 Talks

What I Learned Watching All 44 AppSec Cali 2019 Talks

2 Days | 4 Rooms | ~32 Hours of Talks

Clint Gibler
Clint Gibler
BlogBlog
Keep Hackers Out of Your Kubernetes Cluster with These 5 Simple Tricks!

Keep Hackers Out of Your Kubernetes Cluster with These 5 Simple Tricks!

A threat-informed roadmap for securing Kubernetes clusters

Christophe Tafani-Dereeper
Christophe Tafani-Dereeper
BlogBlog
AI Resources - Part 1

AI Resources - Part 1

A collection of interesting AI tools, products, resources, papers, and more I’ve come across.

Clint Gibler
Clint Gibler
BlogBlog
An Overview of Software Supply Chain Security

An Overview of Software Supply Chain Security

A breakdown of what constitutes the software supply chain and how to secure each stage

Clint Gibler
Francis Odum
Clint Gibler, +1

Archive

NewsletterNewsletter
[tl;dr sec] #275 - Damn Vulnerable MCP, Figma's Modern Endpoint Strategy, BloodHound for AWS IAM

[tl;dr sec] #275 - Damn Vulnerable MCP, Figma's Modern Endpoint Strategy, BloodHound for AWS IAM

Deliberately vulnerable MCP to practice your hacking chops, how Figma's balances usability & security, a new tool to put a leash on naughty AWS permissions

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #274 - Model Context Protocol + Security Part Deux, Securing GitHub Actions, S3 Scanner

[tl;dr sec] #274 - Model Context Protocol + Security Part Deux, Securing GitHub Actions, S3 Scanner

More MCP links than you can shake a stick at, GHA runtime monitoring & why pinning is hard, scan S3 buckets for misconfigs and ransomware prevention

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #273 - Model Context Protocol + Security Tools, Compromising CodeQL, Red Teaming with ServiceNow

[tl;dr sec] #273 - Model Context Protocol + Security Tools, Compromising CodeQL, Red Teaming with ServiceNow

MCPs for Ghidra, Semgrep, and SecOps, a CodeQL supply chain issue, using ServiceNow offensively

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #272 - AI Agent Security, Kubernetes Security, ‘State of CloudSec’ Reports: Insights or Self-Owns?

[tl;dr sec] #272 - AI Agent Security, Kubernetes Security, ‘State of CloudSec’ Reports: Insights or Self-Owns?

Agent authentication & Model Context Protocol Security, k8s for pentesters, a critical look at "state of cloud security" reports

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #271 - Threat Modeling (+ AI), Backdoored GitHub Actions, Compromising a Threat Actor's Telegram

[tl;dr sec] #271 - Threat Modeling (+ AI), Backdoored GitHub Actions, Compromising a Threat Actor's Telegram

Threat modeling (with) LLMs, tj-actions woes, reading a threat actor's Telegram C2

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #270 - APT Attack Simulation, AWS Phishing, 7 Security Flywheels

[tl;dr sec] #270 - APT Attack Simulation, AWS Phishing, 7 Security Flywheels

Repo for simulating Russia, China, DPRK APTs, getting phished by CloudFormation or SSM, 7 flywheels for amplifying your security program

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #269 - New AI Security Tools, Ransomware in AWS, How to Hack AI Apps

[tl;dr sec] #269 - New AI Security Tools, Ransomware in AWS, How to Hack AI Apps

AI-powered web vuln scanner agent and Baby Naptime, 2 tools + guides on preventing ransomware in AWS, detailed guide on hacking AI agents/apps

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #268 - AI-powered Burp Suite, OAuth Vulnerabilities, Subtle LLM Backdoors

[tl;dr sec] #268 - AI-powered Burp Suite, OAuth Vulnerabilities, Subtle LLM Backdoors

How Burp Suite is adding AI-powered features, understanding and mitigating OAuth vulns, a PoC to subtly backdoor an LLM

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #267 - China on the NSA, Passkeys, Prioritizing CVEs with AI

[tl;dr sec] #267 - China on the NSA, Passkeys, Prioritizing CVEs with AI

Insights from Chinese intel reports on the NSA's TTPs, understanding and testing passkeys, how Databricks leverages AI to focus on business critical CVEs

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #266 - AI CVE Analysis, Hijacking Abandoned S3 Buckets, Doing Less in AppSec

[tl;dr sec] #266 - AI CVE Analysis, Hijacking Abandoned S3 Buckets, Doing Less in AppSec

NVIDIA's Agentic CVE investigation workflow, compromising the Internet via abandoned S3 buckets, do more in AppSec by doing less

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #265 - Google's Secure-by-Design Web Framework, AI-powered Phishing, How Palantir Secures Source Control

[tl;dr sec] #265 - Google's Secure-by-Design Web Framework, AI-powered Phishing, How Palantir Secures Source Control

How Google eliminates vuln classes, human expert-level AI spear phishing, how Palantir hardens their code writing process

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #264 - Applying AI to AppSec, Threat Modeling in AWS, Behavioral Cloud IOCs

[tl;dr sec] #264 - Applying AI to AppSec, Threat Modeling in AWS, Behavioral Cloud IOCs

How to autofix code and reduce noise, guide on creating infra diagrams and relevant threat modeling tools, identifying cloud TTPs and threat actors

Clint Gibler
Clint Gibler
FirstBack
12345678
Next Last