Archive

[tl;dr sec] 98 - Cloud Security Orienteering, Last S3 Document You’ll Need, Burnout

[tl;dr sec] 98 - Cloud Security Orienteering, Last S3 Document You’ll Need, Burnout

[tl;dr sec] 98 - Cloud Security Orienteering, Last S3 Document You’ll Need

BlogBlog
Cloud Security Orienteering

Cloud Security Orienteering

How to orienteer in a cloud environment, dig in to identify the risks that matter, and put together actionable plans that address short, medium, and long term goals.

Rami McCarthy
Rami McCarthy
[tl;dr sec] #97 - Attacking HTTP/2, Securing GitHub Projects, Hacking G Suite

[tl;dr sec] #97 - Attacking HTTP/2, Securing GitHub Projects, Hacking G Suite

[tl;dr sec] #97 - Attacking HTTP/2, Securing GitHub Projects

SummarySummary
Travis McPeak: Why Companies don't 'Just Patch'

Travis McPeak: Why Companies don't 'Just Patch'

Why patching in the real world is hard, and what to do about it.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #96 - Learn Reverse Engineering, Cloud Security Orienteering, Kernel Pwning with eBPF

[tl;dr sec] #96 - Learn Reverse Engineering, Cloud Security Orienteering, Kernel Pwning with eBPF

Free workshops to learn reverse engineering, how to rapidly familiarize yourself in a new cloud environment, eBPF deep dive.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #95 - Preventing SSRF in AWS, Testing AuthN Flows, Hardening Your Supply Chain

[tl;dr sec] #95 - Preventing SSRF in AWS, Testing AuthN Flows, Hardening Your Supply Chain

Tool to enforce IMDSv2, test authentication flows by modeling them as a finite state machine, detecting malicious dependencies and solving dependency confusion.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #94 - 10X Your SOC, Learn Crypto, Enterprise-grade Attack-surface Monitoring with Open Source

[tl;dr sec] #94 - 10X Your SOC, Learn Crypto, Enterprise-grade Attack-surface Monitoring with Open Source

Google whitepaper on how to scale your SOC, 3 free platforms to learn cryptography, Luke Stephens' guide on rolling your own attack surface monitoring using Spiderfoot and small scripts.

Clint Gibler
Clint Gibler
[tl;dr sec] #93 - Reading Your CSO's Performance Review, Fuzzing, NSO Group

[tl;dr sec] #93 - Reading Your CSO's Performance Review, Fuzzing, NSO Group

[tl;dr sec] #93 - Reading Your CSO's Performance Review, Fuzzing

NewsletterNewsletter
[tl;dr sec] #92 - Hardening Kubernetes, Ransomware, Authz at Scale

[tl;dr sec] #92 - Hardening Kubernetes, Ransomware, Authz at Scale

Securing AWS EKS and lessons from a k8s security report, inside the ransomware economy, and building fine-grained authorization that works at scale.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #91 - DOM Invader, Ransomware self-assessment tool, AWS Security Reference Architecture

[tl;dr sec] #91 - DOM Invader, Ransomware self-assessment tool, AWS Security Reference Architecture

Burp extension for finding DOM XSS, CISA's tool for orgs to understand how equipped they are to defend and recover from ransomware, examples and guide to use AWS security services.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #90 - Eradicating Subdomain Takeovers, GitHub's AI Pair Programmer, Testing File Upload Functionality

[tl;dr sec] #90 - Eradicating Subdomain Takeovers, GitHub's AI Pair Programmer, Testing File Upload Functionality

Open source tool to continuously scan for subdomain takeover vulnerabilities, GitHub's Copilot can suggest whole functions within VS Code, resources for assessing and securing file upload functionality.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #89 - MITRE D3FEND, Lambda Authorizer Gotchas, Google's Supply Chain Integrity Framework

[tl;dr sec] #89 - MITRE D3FEND, Lambda Authorizer Gotchas, Google's Supply Chain Integrity Framework

MITRE releases the defensive countermeasures counterpart to ATT&CK, how IAM wildcard expansion can bite you, Google's 4-level supply chain maturity framework and reference GitHub Action.

Clint Gibler
Clint Gibler
FirstBack
1415161718192021
Next Last