Archive

SummarySummary
BoMs Away - Why Everyone Should Have a BoM

BoMs Away - Why Everyone Should Have a BoM

In this talk, Steve describes the various use cases of a software bill-of-materials (BOM), including facilitating accurate vulnerability and other supply-chain risk analysis, and gives a demo of OWASP Dependency-Track, an open source supply chain component analysis platform.

Clint Gibler
Clint Gibler
BlogBlog
On Accepting Sponsors

On Accepting Sponsors

tl;dr sec’s goals, values, and our thought process behind accepting sponsors. Sponsors will be clearly demarcated and will not affect the rest of the content.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #37 - Kubernetes, SAST Snark, and Malware Targeting Open Source Supply Chain

[tl;dr sec] #37 - Kubernetes, SAST Snark, and Malware Targeting Open Source Supply Chain

Using Kubernetes + OPA, Twitter SAST snark & lessons learned, malware discovered on GitHub targeting the open source supply chain.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #36 - AWS Security Maturity Roadmap, Fuzzing, Dynamic Infra for Security Testing

[tl;dr sec] #36 - AWS Security Maturity Roadmap, Fuzzing, Dynamic Infra for Security Testing

An AWS Security Maturity Roadmap for 2020, fuzzing the Windows kernel & differential crypto fuzzing, easily spin up a cloud env for security testing

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #35 - Careers in Security, Testing OAuth, Session Management with Burp

[tl;dr sec] #35 - Careers in Security, Testing OAuth, Session Management with Burp

Building a successful career in security and how to specialize, testing OAuth implementations, and a Burp plugin for handling session management.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #34 - Game Theory + 0days, Kubernetes Hacking Practice, AWS Least Privilege

[tl;dr sec] #34 - Game Theory + 0days, Kubernetes Hacking Practice, AWS Least Privilege

Game theory applied to finding and disclosing 0days, Kubernetes training labs, rightsize your AWS IAM policies to Terraform.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #33 - Splunk's Attack Range, Detecting Compromised Cloud Creds, Azure AD for Red Teamers

[tl;dr sec] #33 - Splunk's Attack Range, Detecting Compromised Cloud Creds, Azure AD for Red Teamers

Set up your own range to practice attacking & detection, detection strategies for compromised cloud creds, intro to Azure AD for red teamers.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #32 - Security + Empathy, Chrome Extension Security, Attacking Azure AD

[tl;dr sec] #32 - Security + Empathy, Chrome Extension Security, Attacking Azure AD

Gusto CISO Flee on building a positive security culture, protecting from/attacking with Chrome extensions, pivot through Azure AD.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #31 - Instrument with Frida, Free Course on Attacking Apps in AWS/Azure, VM with 8 C&C Frameworks

[tl;dr sec] #31 - Instrument with Frida, Free Course on Attacking Apps in AWS/Azure, VM with 8 C&C Frameworks

Use Frida from a Burp extension or web interface, continuous cloud security, fighting misinformation at scale.

Clint Gibler
Clint Gibler
[tl;dr sec] #30 - Securing Your Home Network, ATT&CK for Kubernetes, Google on Building Secure Syste

[tl;dr sec] #30 - Securing Your Home Network, ATT&CK for Kubernetes, Google on Building Secure Syste

#30 - Securing Your Home Network, ATT&CK for Kubernetes

NewsletterNewsletter
[tl;dr sec] #29 - Testing GraphQL, Bug Bounty Programs, & AWS Service Control Policy Best Practices

[tl;dr sec] #29 - Testing GraphQL, Bug Bounty Programs, & AWS Service Control Policy Best Practices

Tool for testing GraphQL endpoints, how to run a great bug bounty program, restricting your AWS account with Service Control Policies, hardening Linux.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #28 - 25 Years of Fuzzing, Secrets Management, Security Questionnaires

[tl;dr sec] #28 - 25 Years of Fuzzing, Secrets Management, Security Questionnaires

Some history and overview of fuzzing, preventing/detecting/remediating leaked secrets, static analysis, macOS security, reflections on privacy post COVID-19.

Clint Gibler
Clint Gibler
FirstBack
2021222324252627
Next Last