Understanding & detecting the XZ Utils backdoor, CISA's repo of enriched CVEs, an example SOC 2 compliant GitHub CI/CD pipeline
My BSidesSF summaries and RSA announcement overview, custom GPT with CloudSec knowledge, Security Token Service GitHub App
New repo surveying prompt injection defenses, how OpenAI uses LLMs for internal security, insights on MS's honeypot infra
OpenAI's open sourced Slackbots, migrating to IMDSv2 at scale, a collection of offensive Kubernetes security techniques
A call to action, with practical advice
Tools to scan build piplines & remove short-lived tokens, study by Datadog, join Jason Chan and I on the origin of Netflix's Paved Road
How to negotiate your salary and Incident Responder q's, Jason Chan on the Paved Road, new repo of secure by default OSS libraries
The best XZ resources, I interviewed Mike Hanley on secure defaults & AI, SO-CON 2024 slides available
Google's zero trust lessons learned, threat modeling with HCL and LLMs, identifying cross-account IAM attack paths
A threat-informed roadmap for securing Kubernetes clusters
Auto-fixing code with AI, an open source mapping of CloudTrail -> known incidents and ATT&CK, extensions for security auditors
![[tl;dr sec] #231 - XZ Utils Backdoor Scanner, CISA's Enriched CVEs, SOC 2 Compliant CI/CD](https://media.beehiiv.com/cdn-cgi/image/format=auto,width=800,height=421,fit=scale-down,onerror=redirect/uploads/publication/thumbnail/080a561f-2435-4477-a549-ab9f115e047c/landscape_Screenshot_2024-11-21_at_10.48.21_AM.png)
