Archive

NewsletterNewsletter
[tl;dr sec] #109 - Breaking Stateless Authentication, Secrets, Unicode Chicanery

[tl;dr sec] #109 - Breaking Stateless Authentication, Secrets, Unicode Chicanery

A tool to detect misconfigured session implementations, scanning Docker Hub for secrets and determining the impact of leaked secrets, Semgrep rule for the Trojan Source bug.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #108 - How SolarWinds is Securing their Supply Chain, Cloud Security Tooling, Risk-base

[tl;dr sec] #108 - How SolarWinds is Securing their Supply Chain, Cloud Security Tooling, Risk-base

What SolarWinds did after the attack their new high assurance build system, how to succeed as the only cloud security practitioner in your company, how Netflix uses risk to make informed decisions.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #107 - Supply Chain and CI/CD Security, Threat Modeling in HCL, Cracking PRNGs using ML

[tl;dr sec] #107 - Supply Chain and CI/CD Security, Threat Modeling in HCL, Cracking PRNGs using ML

Securing build pipelines and ATT&CK for CI/CD, threat modeling in Terraform, using ML to break pseudorandom number generators.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #106 - Least Privilege IAM, Fuzzing, Istio Scanner

[tl;dr sec] #106 - Least Privilege IAM, Fuzzing, Istio Scanner

Designing least privilege AWS IAM policies for people, fuzzing 5G and CPUs by proxy, the first security scanner for Istio.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #105 - DevSecOps, Ransomware & S3, Falco Labs

[tl;dr sec] #105 - DevSecOps, Ransomware & S3, Falco Labs

Effectively shifting left, protecting your S3 buckets from ransomware, exercises to learn Falco in your browser.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #104 - New Phrack, Often Missed Web Vulnerabilities, Facebook Whistleblower

[tl;dr sec] #104 - New Phrack, Often Missed Web Vulnerabilities, Facebook Whistleblower

New issue of Phrack, 10 often missed web vulnerabilities, Facebook whistleblower comes forward about the dangers of its products.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #103 - Cloud Security Guardrails, Lateral Movement in GitHub Orgs, AWS Memes

[tl;dr sec] #103 - Cloud Security Guardrails, Lateral Movement in GitHub Orgs, AWS Memes

Setting up strong AWS security guardrails, tool to explore lateral movement and privilege escalation in GitHub orgs, dank AWS memes from Corey Quinn.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #102 - Why AuthZ is Hard, Vendor Security 2.0, TruffleHog Chrome Extension

[tl;dr sec] #102 - Why AuthZ is Hard, Vendor Security 2.0, TruffleHog Chrome Extension

Detailed breakdown of why authorization is hard, how we should approach vendor security going forward, a Chrome extension to find secrets.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #101 - Securing Netflix at Scale, AWS PrivEsc Playground, Career Advice

[tl;dr sec] #101 - Securing Netflix at Scale, AWS PrivEsc Playground, Career Advice

How to build security tooling developers love, a playground to practice privilege escalation in AWS, career advice from @lcamtuf and Corey Quinn.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #100 - Visualizing Security, GraphQL, API Token Survey

[tl;dr sec] #100 - Visualizing Security, GraphQL, API Token Survey

Infosec infographics, GraphQL guide and server fingerprinting tool, a survey of the trade-offs of various API token types.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #99 - Grow Employees or Lose Them, Advantage: Defense, Ghidra <> Frida

[tl;dr sec] #99 - Grow Employees or Lose Them, Advantage: Defense, Ghidra <> Frida

How to mentor and grow employees, Mark Dowd on how and why defense is gaining the advantage, and a plugin to bridge Ghidra and Frida.

Clint Gibler
Clint Gibler
SummarySummary
+1+1
Grow Your Best Employees or Lose Them

Grow Your Best Employees or Lose Them

Travis McPeak recommends

Clint Gibler
Clint Gibler
FirstBack
1314151617181920
Next Last