Archive

NewsletterNewsletter
[tl;dr sec] #202 - KubeHound, Supply Chain Security Vendor Landscape, CSPM Evaluation Matrix

[tl;dr sec] #202 - KubeHound, Supply Chain Security Vendor Landscape, CSPM Evaluation Matrix

Tool to find attack paths in Kubernetes clusters, an overview of 20+ supply chain security vendors, Nextdoor's criteria for evaluating CSPMs

Clint Gibler
Clint Gibler
SummarySummary
+1+1
Software Supply Chain Vendor Landscape

Software Supply Chain Vendor Landscape

An analysis of over 20 supply chain security vendors, from securing source code access and CI/CD pipelines to SCA, malicious dependencies, container security, SBOMs, code provenance, and more

Clint Gibler
Francis Odum
Clint Gibler, +1
NewsletterNewsletter
[tl;dr sec] #201 - CloudRecon, LLM Security, Okta for Red Teamers

[tl;dr sec] #201 - CloudRecon, LLM Security, Okta for Red Teamers

Tool to find ephemeral assets in cloud infra, Dropbox's LLM security scripts, post-exploitation techniques for Okta

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #200 - LLM → Tailored IR Scenario, How to Secure Your GitHub/GitLab, Cloud Storage Threat Matrix

[tl;dr sec] #200 - LLM → Tailored IR Scenario, How to Secure Your GitHub/GitLab, Cloud Storage Threat Matrix

LLMs + ATT&CK → tailored incident response scenarios, OpenSSF's source code management platform best practices, new TTPs for the cloud storage threat matrix

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #199 - Supply Chain Security Overview, Container Escapes, AI + Cybersecurity

[tl;dr sec] #199 - Supply Chain Security Overview, Container Escapes, AI + Cybersecurity

Detailed overview of the areas of supply chain security, 7 ways to escape containers, AI for threat modeling, TTPs, & malicious packages

Clint Gibler
Clint Gibler
BlogBlog
An Overview of Software Supply Chain Security

An Overview of Software Supply Chain Security

A breakdown of what constitutes the software supply chain and how to secure each stage

Clint Gibler
Francis Odum
Clint Gibler, +1
NewsletterNewsletter
[tl;dr sec] #198 - Building a Detection as Code Pipeline, NIST on CI/CD Supply Chain Security, Finding Malware with LLMs

[tl;dr sec] #198 - Building a Detection as Code Pipeline, NIST on CI/CD Supply Chain Security, Finding Malware with LLMs

How to build and test a DaC pipeline, new NIST whitepaper on integrating supply chain security measures into CI/CD pipelines, and finding malicious PyPi/npm packages with LLMs

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #197 - Career Resources, Modern Security Podcast, Smashing the State Machine

[tl;dr sec] #197 - Career Resources, Modern Security Podcast, Smashing the State Machine

Tons of career resources and advice, I'm starting a podcast on modern security practices, finding tricky state machine web bugs

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #196 - How Secrets Leak in CI/CD, AI Threat Modeling, Supply Chain

[tl;dr sec] #196 - How Secrets Leak in CI/CD, AI Threat Modeling, Supply Chain

Some subtle ways secrets leak and how to mitigate, AI threat modeling for policymakers, in-toto and TACOS

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #195 - Kubernetes Exposed, SBOMs, Elastic's Vuln Management

[tl;dr sec] #195 - Kubernetes Exposed, SBOMs, Elastic's Vuln Management

Survey of misconfigured and openly accessible k8s clusters, several SBOM resources, how Elastic uses Elastic for vulnerability management

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #194 - CNAPPGoat, KubeFuzz, tl;dr sec swag

[tl;dr sec] #194 - CNAPPGoat, KubeFuzz, tl;dr sec swag

Multi-cloud open source tool to deploy vulnerable-by-design cloud resources, fuzzing Kubernetes Admission Controllers, where you can get tl;dr sec swag at Hacker Summer Camp

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #193 - ATT&CK for AI and SaaS, GitHub Actions Goat, Finding Bugs in Web App Routes

[tl;dr sec] #193 - ATT&CK for AI and SaaS, GitHub Actions Goat, Finding Bugs in Web App Routes

Common techniques and attack vectors for both AI and SaaS apps, a deliberately vulnerable GHA CI/CD environment, tool to find authentication and authorization bugs in web apps

Clint Gibler
Clint Gibler
FirstBack
4567891011
Next Last