The best way to keep up with cybersecurity research. Join >25,000 security professionals getting the best tools, talks, and resources right in their inbox for free.
Connect
A Practitioner’s Guide to Consuming AI
Rami McCarthy3 months ago
An overview of current applications of AI/ML to cybersecurity with relevant links and a vision of where things are headed.
Clint Gibler3 months ago
2 Days | 4 Rooms | ~32 Hours of Talks
Clint Gibler4 months ago
An analysis of over 20 supply chain security vendors, from securing source code access and CI/CD pipelines to SCA, malicious dependencies, container security, SBOMs, code provenance, and more
Clint Gibler, Francis Odum12 hours ago
Tool to find ephemeral assets in cloud infra, Dropbox's LLM security scripts, post-exploitation techniques for Okta
Clint Gibler6 days ago
LLMs + ATT&CK → tailored incident response scenarios, OpenSSF's source code management platform best practices, new TTPs for the cloud storage threat matrix
Clint Gibler13 days ago
Detailed overview of the areas of supply chain security, 7 ways to escape containers, AI for threat modeling, TTPs, & malicious packages
Clint Gibler20 days ago
A breakdown of what constitutes the software supply chain and how to secure each stage
Clint Gibler, Francis Odum21 days ago
How to build and test a DaC pipeline, new NIST whitepaper on integrating supply chain security measures into CI/CD pipelines, and finding malicious PyPi/npm packages with LLMs
Clint Giblera month ago
Tons of career resources and advice, I'm starting a podcast on modern security practices, finding tricky state machine web bugs
Some subtle ways secrets leak and how to mitigate, AI threat modeling for policymakers, in-toto and TACOS
Survey of misconfigured and openly accessible k8s clusters, several SBOM resources, how Elastic uses Elastic for vulnerability management
Clint Gibler2 months ago
Multi-cloud open source tool to deploy vulnerable-by-design cloud resources, fuzzing Kubernetes Admission Controllers, where you can get tl;dr sec swag at Hacker Summer Camp
Common techniques and attack vectors for both AI and SaaS apps, a deliberately vulnerable GHA CI/CD environment, tool to find authentication and authorization bugs in web apps
Google's whitepaper on how they approach AI red teaming, OWASP's cloud architecture security cheatsheet, ToB on static/dynamic analysis tooling
Spin up purposefully vulnerable Azure AD tenants, detailed examples of modern detection pipelines, new subscriber milestone!
How to secure product features that leverage AI, CISA's repo of example penetration testing findings, how to join Google's red team and other career resources
CISA/NSA's guide on defending cloud CI/CD, backdooring NPM modules depending on binaries in S3, I'm collecting AI + cybersecurity resources
In this talk, Louis covers 3 web cache related attacks: cache deception, edge side includes, and cache poisoning.
Interview questions across a variety of roles, several secret scanning tools, an autonomous pentesting tool using GPT-4
An offense-focused approach to AWS pentests, companies ended by cybersecurity breaches, OSS security tools leveraging LLMs
Massive list of purple teaming resources, two new cloud CTFs to practice on, how effective are LLMs at doing secure code reviews?
How to deliver security at scale, the security properties of IMDSv2, a summary of many threat modeling approaches.
Compendium of cloud security incidents and breaches that have affected customers, top risks for software leveraging Large Language Models, a library of macOS binaries that can be used for ‘living off the land’.
If you can only choose 3 metrics, what to choose? How to build a Kubernetes purple teaming lab, vulnerable Android and iOS apps to learn on.
Video playlists and abstracts from CloudNativeSecurityCon and KubeCon, overview of attacking AI assistants and agents, attack vectors to pivot from an EKS cluster to an AWS account.
Clint Gibler5 months ago