The best way to keep up with cybersecurity research. Join >25,000 security professionals getting the best tools, talks, and resources right in their inbox for free.
Connect
A Practitioner’s Guide to Consuming AI
Rami McCarthy2 months ago
An overview of current applications of AI/ML to cybersecurity with relevant links and a vision of where things are headed.
Clint Gibler3 months ago
2 Days | 4 Rooms | ~32 Hours of Talks
LLMs + ATT&CK → tailored incident response scenarios, OpenSSF's source code management platform best practices, new TTPs for the cloud storage threat matrix
Clint Giblera few seconds ago
Detailed overview of the areas of supply chain security, 7 ways to escape containers, AI for threat modeling, TTPs, & malicious packages
Clint Gibler7 days ago
A breakdown of what constitutes the software supply chain and how to secure each stage
Clint Gibler, Francis Odum9 days ago
How to build and test a DaC pipeline, new NIST whitepaper on integrating supply chain security measures into CI/CD pipelines, and finding malicious PyPi/npm packages with LLMs
Clint Gibler14 days ago
Tons of career resources and advice, I'm starting a podcast on modern security practices, finding tricky state machine web bugs
Clint Gibler21 days ago
Some subtle ways secrets leak and how to mitigate, AI threat modeling for policymakers, in-toto and TACOS
Clint Giblera month ago
Survey of misconfigured and openly accessible k8s clusters, several SBOM resources, how Elastic uses Elastic for vulnerability management
Multi-cloud open source tool to deploy vulnerable-by-design cloud resources, fuzzing Kubernetes Admission Controllers, where you can get tl;dr sec swag at Hacker Summer Camp
Common techniques and attack vectors for both AI and SaaS apps, a deliberately vulnerable GHA CI/CD environment, tool to find authentication and authorization bugs in web apps
Clint Gibler2 months ago
Google's whitepaper on how they approach AI red teaming, OWASP's cloud architecture security cheatsheet, ToB on static/dynamic analysis tooling
Spin up purposefully vulnerable Azure AD tenants, detailed examples of modern detection pipelines, new subscriber milestone!
How to secure product features that leverage AI, CISA's repo of example penetration testing findings, how to join Google's red team and other career resources
CISA/NSA's guide on defending cloud CI/CD, backdooring NPM modules depending on binaries in S3, I'm collecting AI + cybersecurity resources
In this talk, Louis covers 3 web cache related attacks: cache deception, edge side includes, and cache poisoning.
Interview questions across a variety of roles, several secret scanning tools, an autonomous pentesting tool using GPT-4
An offense-focused approach to AWS pentests, companies ended by cybersecurity breaches, OSS security tools leveraging LLMs
Massive list of purple teaming resources, two new cloud CTFs to practice on, how effective are LLMs at doing secure code reviews?
How to deliver security at scale, the security properties of IMDSv2, a summary of many threat modeling approaches.
Compendium of cloud security incidents and breaches that have affected customers, top risks for software leveraging Large Language Models, a library of macOS binaries that can be used for ‘living off the land’.
Clint Gibler4 months ago
If you can only choose 3 metrics, what to choose? How to build a Kubernetes purple teaming lab, vulnerable Android and iOS apps to learn on.
Video playlists and abstracts from CloudNativeSecurityCon and KubeCon, overview of attacking AI assistants and agents, attack vectors to pivot from an EKS cluster to an AWS account.
Free cloud-native security learning labs, the essential components for modern robust red teaming infra, how to privesc from a compromised EKS pod and defeat Kubernetes NodeRestriction.
Riot Games and Segment on Scaling AppSec, help me decide what tl;dr sec swag to make, resources and techniques to do an effective GCP pentest.
Clint Gibler5 months ago