Archive

NewsletterNewsletter
[tl;dr sec] #226 - Negotiation Tips & Interview Questions, Paved Road, awesome-secure-defaults

[tl;dr sec] #226 - Negotiation Tips & Interview Questions, Paved Road, awesome-secure-defaults

How to negotiate your salary and Incident Responder q's, Jason Chan on the Paved Road, new repo of secure by default OSS libraries

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #225- XZ Backdoor, GitHub CSO Interview, SpecterOps Con

[tl;dr sec] #225- XZ Backdoor, GitHub CSO Interview, SpecterOps Con

The best XZ resources, I interviewed Mike Hanley on secure defaults & AI, SO-CON 2024 slides available

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #224 - Google on BeyondCorp, Threat Modeling, AWS Cross-Account Attacks

[tl;dr sec] #224 - Google on BeyondCorp, Threat Modeling, AWS Cross-Account Attacks

Google's zero trust lessons learned, threat modeling with HCL and LLMs, identifying cross-account IAM attack paths

Clint Gibler
Clint Gibler
BlogBlog
Keep Hackers Out of Your Kubernetes Cluster with These 5 Simple Tricks!

Keep Hackers Out of Your Kubernetes Cluster with These 5 Simple Tricks!

A threat-informed roadmap for securing Kubernetes clusters

Christophe Tafani-Dereeper
Christophe Tafani-Dereeper
NewsletterNewsletter
[tl;dr sec] #223 - AI Auto-fixes, Mapping CloudTrail to Incidents, VS Code Extensions for Security

[tl;dr sec] #223 - AI Auto-fixes, Mapping CloudTrail to Incidents, VS Code Extensions for Security

Auto-fixing code with AI, an open source mapping of CloudTrail -> known incidents and ATT&CK, extensions for security auditors

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #222 - NSA's Top 10 Cloud Security Strategies, Secure by Design, Claude 3 + Fuzzing

[tl;dr sec] #222 - NSA's Top 10 Cloud Security Strategies, Secure by Design, Claude 3 + Fuzzing

Ten CloudSec guides from NSA & CISA, new Google whitepaper, auto-generating fuzzing code with Claude 3

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #221 - Hacking Google AI for $50K, Detecting Secrets in Videos, Securing Medicare & Medicaid

[tl;dr sec] #221 - Hacking Google AI for $50K, Detecting Secrets in Videos, Securing Medicare & Medicaid

Bugs found in a private Google bug bounty event, GitLab's new OSS tool to find secrets leaked in video, how to secure a massive U.S. gov't org

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #220 - Detecting Manual AWS Actions, AI Threat Models, Living Off the False Positive

[tl;dr sec] #220 - Detecting Manual AWS Actions, AI Threat Models, Living Off the False Positive

How to alert on non infra as code AWS actions, threat modeling apps that use AI, autogenerated list of FPs from popular detection rulesets

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #219 - IR in AWS, SOC Interview Questions, LLM Hackbots

[tl;dr sec] #219 - IR in AWS, SOC Interview Questions, LLM Hackbots

Playbooks and being incident response ready in AWS, practice questions for SOC analysts, autonomously hacking LLM agents

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #218 - Kubernetes Security Training Platform, Jupyter Attack Toolkit, Awesome GraphQL Security

[tl;dr sec] #218 - Kubernetes Security Training Platform, Jupyter Attack Toolkit, Awesome GraphQL Security

Nine free k8s CTF scenarios, utilities for exploiting/persisting on Jupyter instances, GraphQL security tools, libraries, resources, etc.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #217 - Bypassing AWS CloudTrail, Usable Security at Netflix, Augmenting Humans with AI

[tl;dr sec] #217 - Bypassing AWS CloudTrail, Usable Security at Netflix, Augmenting Humans with AI

BlackHat USA 2023 talks are live, learn how Netflix builds usable security tooling, new OSS framework + prompts to improve your life with AI

Clint Gibler
Clint Gibler
BlogBlog
AI, Deepfakes, and Phishing

AI, Deepfakes, and Phishing

A round-up of AI and LLMs being applied to deepfakes and phishing

Clint Gibler
Clint Gibler
FirstBack
23456789
Next Last