tl;dr sec
Keep up with Cybersecurity in 7 min/week. Join >90,000 security professionals getting the best tools, talks, and resources right in their inbox for free.
Connect
A Practitioner’s Guide to Consuming AI
An overview of current applications of AI/ML to cybersecurity with relevant links and a vision of where things are headed.
2 Days | 4 Rooms | ~32 Hours of Talks
A threat-informed roadmap for securing Kubernetes clusters
A collection of interesting AI tools, products, resources, papers, and more I’ve come across.
A breakdown of what constitutes the software supply chain and how to secure each stage
AI finds an authentication bypass, what happens when you buy an AWS region name domain, fuzzing macOS and sandbox escapes
NVIDIA's AI SOC analyst you can speak to, embracing TDD and detection as code, tips on how 2 ransomware
Let's hit RESET!
Google Project Zero's LLM-powered variant analysis, deobfuscating IAM polices and a real-time SCP error monitor, using LLMs to create secure by default Terraform modules
Practice your GCP and Azure security skills, scaling AppSec with LLMs, a curated list of awesome threat detection and hunting resources
Datadog's 2024 update, lots of resources on AI + security, VMware ESXi built-ins adversaries use
Simulate ransomware with KMS XKS + your key, Venator, a new OSS tool, new Caldera plugin to emulate complete, realistic cyber attack chains
Finding dangling DNS records and secrets at scale, new tool with 80+ attack techniques, NVIDIA's AI blueprint to auto-triage your container CVEs
Detailed CNAPP overview and Day 2 guide, o1 semi-escapes to solve a broken challenge, config tips & tricks for cloud control plane logs
Cloud-specific indicators of compromise, tools regularly used by Russian government threat actors, webinar on secure guardrails & building Netflix's Paved Road
Excellent scaling CloudSec resources, SANS + AWS white paper, two OSS benchmarks for measuring the offensive capabilities of AI models
LinkedIn's dynamic infra mapping system that streamlines vuln management, register any removed package name because #yolo, creating least privilege roles at scale