Scott Piper shares how he'd attack AWS, a survey of infra as code scanning tools, free workshop on server-side template injection.
Techniques for initital access, recon, lateral movement, and exfil of AWS accounts, along with defensive mitigations
[tl;dr sec] #64 - Kubernetes Guide, XSS for PDFs
New OWASP security testing guide and GraphQL cheat sheet, new fuzzing research, and a tool to ease administration of complex AWS environments.
A tool to sneakily enumerate all IAM users and roles in a target AWS account, recent events in AI, and how to attack server-side renderers.
How to create effective security OKRs, scaling threat modeling in hypergrowth, engineering-driven orgs, and a browser-based internal network scanner.
Use Cartography to understand AWS permissions, tool to grok the risk of open source libraries, developers taking security into their own hands.
Attacker's can remotely access any TCP/UDP service on your machine, serious bugs in many GitHub Actions, and the security value of creating easily greppable secrets.
I've joined r2c as Head of Security Research, tool to sync multiple Burp instances, free book on chaos engineering to help you build reliable distributed systems.
Ben Thompson describes how properties of the Internet enable companies providing the best user experience to win, which leads to a virtuous but anti-competitive cycle.
1 year of a private bug bounty program, how to create high value content, and a great resource for cloud-native technologies.
Stats on vulnerability discovery, CVE publication, and patches, lengthy write-up of 3 month Apple bug bounty hackathon, and flaws.cloud logs published.
![[tl;dr sec] #65 - Lesser Known AWS Attacks, Infra as Code Scanning, Template Injection Workshop](https://media.beehiiv.com/cdn-cgi/image/format=auto,width=800,height=421,fit=scale-down,onerror=redirect/uploads/publication/thumbnail/080a561f-2435-4477-a549-ab9f115e047c/landscape_Screenshot_2024-11-21_at_10.48.21_AM.png)
