Archive

NewsletterNewsletter
[tl;dr sec] #62 - Leaking IAM Users and Roles, AI, and Exploiting Dynamic Renderers

[tl;dr sec] #62 - Leaking IAM Users and Roles, AI, and Exploiting Dynamic Renderers

A tool to sneakily enumerate all IAM users and roles in a target AWS account, recent events in AI, and how to attack server-side renderers.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #61 - Effective Security OKRs, Scaling Threat Modeling, Webscan

[tl;dr sec] #61 - Effective Security OKRs, Scaling Threat Modeling, Webscan

How to create effective security OKRs, scaling threat modeling in hypergrowth, engineering-driven orgs, and a browser-based internal network scanner.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #60 - Cartography + IAM, Security Scorecard, Self-service Security

[tl;dr sec] #60 - Cartography + IAM, Security Scorecard, Self-service Security

Use Cartography to understand AWS permissions, tool to grok the risk of open source libraries, developers taking security into their own hands.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #59 - NAT Slipstreaming, Widespread Injection in GitHub Actions, Greppable Secrets

[tl;dr sec] #59 - NAT Slipstreaming, Widespread Injection in GitHub Actions, Greppable Secrets

Attacker's can remotely access any TCP/UDP service on your machine, serious bugs in many GitHub Actions, and the security value of creating easily greppable secrets.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #58 - New Job 🎉, Burp Multiplayer, Chaos Engineering Book

[tl;dr sec] #58 - New Job 🎉, Burp Multiplayer, Chaos Engineering Book

I've joined r2c as Head of Security Research, tool to sync multiple Burp instances, free book on chaos engineering to help you build reliable distributed systems.

Clint Gibler
Clint Gibler
SummarySummary
Stratechery: Aggregation Theory

Stratechery: Aggregation Theory

Ben Thompson describes how properties of the Internet enable companies providing the best user experience to win, which leads to a virtuous but anti-competitive cycle.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #57 - Bug Bounty Lessons Learned, Content Value Hierarchy, CloudSecDocs

[tl;dr sec] #57 - Bug Bounty Lessons Learned, Content Value Hierarchy, CloudSecDocs

1 year of a private bug bounty program, how to create high value content, and a great resource for cloud-native technologies.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #56 - State of Exploit Development, Hacking Apple, flaws.cloud dataset

[tl;dr sec] #56 - State of Exploit Development, Hacking Apple, flaws.cloud dataset

Stats on vulnerability discovery, CVE publication, and patches, lengthy write-up of 3 month Apple bug bounty hackathon, and flaws.cloud logs published.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #55 - Detection as Code, Vault Authentication Bugs, Fingerprinting Exploit Developers

[tl;dr sec] #55 - Detection as Code, Vault Authentication Bugs, Fingerprinting Exploit Developers

Why we should embrace Detection as Code, write-up of two complex AuthN bugs in Vault, tracking exploit developers by their work.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #54 - Complexity in Capital, Communicating a Breach, Offensive Terraform

[tl;dr sec] #54 - Complexity in Capital, Communicating a Breach, Offensive Terraform

I contributed to an article in Forbes, how to communicate when you've been hacked, Terraform to spin up offensive infrastructure.

Clint Gibler
Clint Gibler
SummarySummary
A framework for effective corporate communication after cyber security incidents

A framework for effective corporate communication after cyber security incidents

This paper lays out a framework for how organizations should communicate after a security incident.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #53 - OneFuzz, Program Analysis, Ring Alarm Teardown

[tl;dr sec] #53 - OneFuzz, Program Analysis, Ring Alarm Teardown

Microsoft releases self-hosted fuzzing-as-a-service platform, several solid program analysis resources, detailed teardown of Ring's hardware and attack surface.

Clint Gibler
Clint Gibler
FirstBack
1718192021222324
Next Last