tl;dr sec

tl;dr sec
Archive
Page 14

[tl;dr sec] #140 - AppSec, Building AWS Security Guardrails, Linux eBPF Rootkit

Security at start-ups and SAST program building, preventing classes of cloud vulnerabilities with guardrails, a Linux eBPF rootkit with a backdoor, C2, library injection, and more.

Clint Gibler

NewsletterNewsletter

Jun 29, 2022

[tl;dr sec] #139 - 60 RCE in 60 minutes, Free Sigstore Course, Cloud Risk Encyclopedia

A presentation with many real world RCE examples, new free course on using Sigstore for supply chain security, list of 1,200+ cloud security risks.

Clint Gibler

NewsletterNewsletter

Jun 22, 2022

[tl;dr sec] #138 - Career Resources, Finding Secrets at Scale, Fuzzing

Finding cybersecurity jobs and adding value, secrets from front end web apps and Docker Hub, fuzzing VirtualBox, contributing to OSS-Fuzz, tool to improve fuzzing coverage.

Clint Gibler

NewsletterNewsletter

Jun 15, 2022

[tl;dr sec] #137 - Malicious Terraform, How GitHub uses Dependabot, Democratizing Security Detection

How to defend against malicious Terraform, great tips from GitHub on effectively rolling out security tooling, and Palantir on building a scalable detection and response team.

Clint Gibler

NewsletterNewsletter

Jun 08, 2022

[tl;dr sec] #136 - Career Advice, Scaling AppSec at Netflix, BSidesSF Summaries

Many career resources, lessons learned scaling AppSec at Netflix, 5 mini summaries I wrote of BSidesSF talks.

Clint Gibler

NewsletterNewsletter

Jun 01, 2022

[tl;dr sec] #135 - BSidesSF, Google's Cloud Forensics Utils, Running Bug Bounty Programs

Let's hang out at BSidesSF, Google's Python library to do DFIR across major clouds, Braze and GitHub on running bug bounty programs.

Clint Gibler

NewsletterNewsletter

May 25, 2022

[tl;dr sec] #134 - DevSecOps, Scalable Canary Tokens, Learning from AWS Customer Security Breaches

Useful ways to think about modern security teams, how to scale honeytokens while maintaining server level attribution, and how to harden your AWS environment based on public breaches.

Clint Gibler

NewsletterNewsletter

May 18, 2022

[tl;dr sec] #133 - Hunting Evasive Vulnerabilities, eBPF, Fuzzing

James Kettle on finding subtle bugs and bug classes, eBPF-related tools and backdoors, fuzzing Golang, malware, and getting higher coverage.

Clint Gibler

NewsletterNewsletter

May 11, 2022

[tl;dr sec] #132 - Application Hacking Methodology, Pwning Cloudflare Pages, Why You Should Be Blogging

Jason Haddix's new Bug Hunter's Methodology for apps, write-up of a series of Cloudflare Pages bugs, Jack Rhysider on the power of blogging.

Clint Gibler

NewsletterNewsletter

May 04, 2022

[tl;dr sec] #131 - Compromising Read-Only Containers, Finding 0days in Enterprise Software, Evading Industry Leading EDR

A walkthrough of how to attack read-only containers, Shubham Shah on taking apart complex proprietary software, how your shellcode can evade top EDR products.

Clint Gibler

NewsletterNewsletter

Apr 27, 2022

[tl;dr sec] #130 - Project Zero on 0day Trends, ThinkstScapes, How Do You Actually Find Bugs?

Maddie Stone on 2021 0day trends, Thinkst's excellent research round-up, Mark Dowd OffensiveCon keynote on security research

Clint Gibler

NewsletterNewsletter

Apr 20, 2022

[tl;dr sec] #129 - Maximizing Bug ROI, Tamper-proof GitHub Builds, Being Vulnerable

How Flipkart gets the most value from every vulnerability, setting up a SLSA 3 GitHub Action build process, the power of being vulnerable.

Clint Gibler

First Back

10 11 12 13 14 15 16 17

Next Last

Archive

[tl;dr sec] #140 - AppSec, Building AWS Security Guardrails, Linux eBPF Rootkit

[tl;dr sec] #139 - 60 RCE in 60 minutes, Free Sigstore Course, Cloud Risk Encyclopedia

[tl;dr sec] #138 - Career Resources, Finding Secrets at Scale, Fuzzing

[tl;dr sec] #137 - Malicious Terraform, How GitHub uses Dependabot, Democratizing Security Detection

[tl;dr sec] #136 - Career Advice, Scaling AppSec at Netflix, BSidesSF Summaries

[tl;dr sec] #135 - BSidesSF, Google's Cloud Forensics Utils, Running Bug Bounty Programs

[tl;dr sec] #134 - DevSecOps, Scalable Canary Tokens, Learning from AWS Customer Security Breaches

[tl;dr sec] #133 - Hunting Evasive Vulnerabilities, eBPF, Fuzzing

[tl;dr sec] #132 - Application Hacking Methodology, Pwning Cloudflare Pages, Why You Should Be Blogging

[tl;dr sec] #131 - Compromising Read-Only Containers, Finding 0days in Enterprise Software, Evading Industry Leading EDR

[tl;dr sec] #130 - Project Zero on 0day Trends, ThinkstScapes, How Do You Actually Find Bugs?

[tl;dr sec] #129 - Maximizing Bug ROI, Tamper-proof GitHub Builds, Being Vulnerable