Archive

NewsletterNewsletter
[tl;dr sec] #38 - Threat Modeling for Devs, Attacking JWTs, On Accepting Ads

[tl;dr sec] #38 - Threat Modeling for Devs, Attacking JWTs, On Accepting Ads

Effectively teaching devs threat modeling, forging and cracking JWTs, and some radical transparency about our process of deciding to accept sponsors.

Clint Gibler
Clint Gibler
SummarySummary
BoMs Away - Why Everyone Should Have a BoM

BoMs Away - Why Everyone Should Have a BoM

In this talk, Steve describes the various use cases of a software bill-of-materials (BOM), including facilitating accurate vulnerability and other supply-chain risk analysis, and gives a demo of OWASP Dependency-Track, an open source supply chain component analysis platform.

Clint Gibler
Clint Gibler
BlogBlog
On Accepting Sponsors

On Accepting Sponsors

tl;dr sec’s goals, values, and our thought process behind accepting sponsors. Sponsors will be clearly demarcated and will not affect the rest of the content.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #37 - Kubernetes, SAST Snark, and Malware Targeting Open Source Supply Chain

[tl;dr sec] #37 - Kubernetes, SAST Snark, and Malware Targeting Open Source Supply Chain

Using Kubernetes + OPA, Twitter SAST snark & lessons learned, malware discovered on GitHub targeting the open source supply chain.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #36 - AWS Security Maturity Roadmap, Fuzzing, Dynamic Infra for Security Testing

[tl;dr sec] #36 - AWS Security Maturity Roadmap, Fuzzing, Dynamic Infra for Security Testing

An AWS Security Maturity Roadmap for 2020, fuzzing the Windows kernel & differential crypto fuzzing, easily spin up a cloud env for security testing

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #35 - Careers in Security, Testing OAuth, Session Management with Burp

[tl;dr sec] #35 - Careers in Security, Testing OAuth, Session Management with Burp

Building a successful career in security and how to specialize, testing OAuth implementations, and a Burp plugin for handling session management.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #34 - Game Theory + 0days, Kubernetes Hacking Practice, AWS Least Privilege

[tl;dr sec] #34 - Game Theory + 0days, Kubernetes Hacking Practice, AWS Least Privilege

Game theory applied to finding and disclosing 0days, Kubernetes training labs, rightsize your AWS IAM policies to Terraform.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #33 - Splunk's Attack Range, Detecting Compromised Cloud Creds, Azure AD for Red Teamers

[tl;dr sec] #33 - Splunk's Attack Range, Detecting Compromised Cloud Creds, Azure AD for Red Teamers

Set up your own range to practice attacking & detection, detection strategies for compromised cloud creds, intro to Azure AD for red teamers.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #32 - Security + Empathy, Chrome Extension Security, Attacking Azure AD

[tl;dr sec] #32 - Security + Empathy, Chrome Extension Security, Attacking Azure AD

Gusto CISO Flee on building a positive security culture, protecting from/attacking with Chrome extensions, pivot through Azure AD.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #31 - Instrument with Frida, Free Course on Attacking Apps in AWS/Azure, VM with 8 C&C Frameworks

[tl;dr sec] #31 - Instrument with Frida, Free Course on Attacking Apps in AWS/Azure, VM with 8 C&C Frameworks

Use Frida from a Burp extension or web interface, continuous cloud security, fighting misinformation at scale.

Clint Gibler
Clint Gibler
[tl;dr sec] #30 - Securing Your Home Network, ATT&CK for Kubernetes, Google on Building Secure Syste

[tl;dr sec] #30 - Securing Your Home Network, ATT&CK for Kubernetes, Google on Building Secure Syste

#30 - Securing Your Home Network, ATT&CK for Kubernetes

NewsletterNewsletter
[tl;dr sec] #29 - Testing GraphQL, Bug Bounty Programs, & AWS Service Control Policy Best Practices

[tl;dr sec] #29 - Testing GraphQL, Bug Bounty Programs, & AWS Service Control Policy Best Practices

Tool for testing GraphQL endpoints, how to run a great bug bounty program, restricting your AWS account with Service Control Policies, hardening Linux.

Clint Gibler
Clint Gibler
FirstBack
2021222324252627
Next Last