Archive

SummarySummary
Travis McPeak: Why Companies don't 'Just Patch'

Travis McPeak: Why Companies don't 'Just Patch'

Why patching in the real world is hard, and what to do about it.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #96 - Learn Reverse Engineering, Cloud Security Orienteering, Kernel Pwning with eBPF

[tl;dr sec] #96 - Learn Reverse Engineering, Cloud Security Orienteering, Kernel Pwning with eBPF

Free workshops to learn reverse engineering, how to rapidly familiarize yourself in a new cloud environment, eBPF deep dive.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #95 - Preventing SSRF in AWS, Testing AuthN Flows, Hardening Your Supply Chain

[tl;dr sec] #95 - Preventing SSRF in AWS, Testing AuthN Flows, Hardening Your Supply Chain

Tool to enforce IMDSv2, test authentication flows by modeling them as a finite state machine, detecting malicious dependencies and solving dependency confusion.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #94 - 10X Your SOC, Learn Crypto, Enterprise-grade Attack-surface Monitoring with Open Source

[tl;dr sec] #94 - 10X Your SOC, Learn Crypto, Enterprise-grade Attack-surface Monitoring with Open Source

Google whitepaper on how to scale your SOC, 3 free platforms to learn cryptography, Luke Stephens' guide on rolling your own attack surface monitoring using Spiderfoot and small scripts.

Clint Gibler
Clint Gibler
[tl;dr sec] #93 - Reading Your CSO's Performance Review, Fuzzing, NSO Group

[tl;dr sec] #93 - Reading Your CSO's Performance Review, Fuzzing, NSO Group

[tl;dr sec] #93 - Reading Your CSO's Performance Review, Fuzzing

NewsletterNewsletter
[tl;dr sec] #92 - Hardening Kubernetes, Ransomware, Authz at Scale

[tl;dr sec] #92 - Hardening Kubernetes, Ransomware, Authz at Scale

Securing AWS EKS and lessons from a k8s security report, inside the ransomware economy, and building fine-grained authorization that works at scale.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #91 - DOM Invader, Ransomware self-assessment tool, AWS Security Reference Architecture

[tl;dr sec] #91 - DOM Invader, Ransomware self-assessment tool, AWS Security Reference Architecture

Burp extension for finding DOM XSS, CISA's tool for orgs to understand how equipped they are to defend and recover from ransomware, examples and guide to use AWS security services.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #90 - Eradicating Subdomain Takeovers, GitHub's AI Pair Programmer, Testing File Upload Functionality

[tl;dr sec] #90 - Eradicating Subdomain Takeovers, GitHub's AI Pair Programmer, Testing File Upload Functionality

Open source tool to continuously scan for subdomain takeover vulnerabilities, GitHub's Copilot can suggest whole functions within VS Code, resources for assessing and securing file upload functionality.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #89 - MITRE D3FEND, Lambda Authorizer Gotchas, Google's Supply Chain Integrity Framework

[tl;dr sec] #89 - MITRE D3FEND, Lambda Authorizer Gotchas, Google's Supply Chain Integrity Framework

MITRE releases the defensive countermeasures counterpart to ATT&CK, how IAM wildcard expansion can bite you, Google's 4-level supply chain maturity framework and reference GitHub Action.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #88 - Testing 2FA Implementations, Cloud Visibility/Enforcement, Altar of the Algorithm

[tl;dr sec] #88 - Testing 2FA Implementations, Cloud Visibility/Enforcement, Altar of the Algorithm

Potential bugs to test in 2FA implementations, tools for cloud visibility and enforcement, and how we all conform to please the algorithms around us.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #87 - Easy Temporary Cloud Access, Monopol-easy Money, AWS Account Boundaries can be Porous

[tl;dr sec] #87 - Easy Temporary Cloud Access, Monopol-easy Money, AWS Account Boundaries can be Porous

Empowering developers' cloud access while improving security, big tech throwing their weight around, 97+ ways data can be shared across AWS accounts.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #86a - The missing Mobile Security

[tl;dr sec] #86a - The missing Mobile Security

[tl;dr sec] #86a - The Missing Mobile Security

FirstBack
1415161718192021
Next Last