- tl;dr sec
- Archive
- Page 10
Archive
[tl;dr sec] #173 - What Software Will Be Post GPT-4, the Cybersecurity Landscape, Reducing Attack Surface in AWS
The AI-based architecture thatβll replace most existing software, overview of cybersecurity companies and acquisitions, how to lock down instance creds and regions/services in AWS.
[tl;dr sec] #171 - AppSec and CloudSec Resilience, Audit Logs Wall of Shame, Compromised Cloud to Kubernetes Takeover
Building an effective AppSec and CloudSec program, vendors that don't prioritize high quality audit logs, tactics to go from a compromised cloud resource to taking over a Kubernetes cluster.
[tl;dr sec] #169 - Top 10 Web Hacking Techniques of 2022, Finding Malicious Dependencies, Fearless CORS
Portswigger released a curated list of awesome web security research from last year, some approaches to finding malicious dependencies + open source tools, a great deep dive into CORS + principles on making a solid CORS middleware library
[tl;dr sec] #168 - GCP and Azure Storage Threat Models, macOS Security, Red Team Resources
Detailed threat models for Google Cloud Storage and Azure Storage, Mac malware of 2022 and emerging payload obfuscation techniques, reverse engineering Rust binaries, offensive security and RE course, and more.
[tl;dr sec] #166 - 2023 Security Predictions, Vuln Hunting with App Server Logs, Enforcing Device AuthN
Predictions for offense, from security leaders, and AWS, high signal vuln finding from application runtime exceptions, how Pinterest enforces managed and compliant devices in their Okta flow.
[tl;dr sec] #165 - Hunting for Malicious Persistence in the Cloud, GitHub Action Security, Dark Sides of Machine Learning
How to detect malicious persistence in AWS, GCP, and Azure, leaking GitHub Action secrets and improving OIDC security posture, will ChatGPT degrade communication online?
[tl;dr sec] #161 - ChatGPT, Scaling Vulnerability Management in Microservices, Supply Chain
Many varied examples of using ChatGPT, how Lyft precisely fixes OS and OS-package level vulnerabilities across ~1,000 services, Sigstore and dangerous subtleties in the GitHub download artifacts API.