Archive

NewsletterNewsletter
[tl;dr sec] #169 - Top 10 Web Hacking Techniques of 2022, Finding Malicious Dependencies, Fearless CORS

[tl;dr sec] #169 - Top 10 Web Hacking Techniques of 2022, Finding Malicious Dependencies, Fearless CORS

Portswigger released a curated list of awesome web security research from last year, some approaches to finding malicious dependencies + open source tools, a great deep dive into CORS + principles on making a solid CORS middleware library

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #168 - GCP and Azure Storage Threat Models, macOS Security, Red Team Resources

[tl;dr sec] #168 - GCP and Azure Storage Threat Models, macOS Security, Red Team Resources

Detailed threat models for Google Cloud Storage and Azure Storage, Mac malware of 2022 and emerging payload obfuscation techniques, reverse engineering Rust binaries, offensive security and RE course, and more.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #167 - SBOM, Scaling Security Alert Management, Mitigating RBAC-Based PrivEsc in Kubernetes

[tl;dr sec] #167 - SBOM, Scaling Security Alert Management, Mitigating RBAC-Based PrivEsc in Kubernetes

Generating SBOMs and evaluating their quality, how Brex manages and automates security alerts at scale, how popular k8s platforms hardened themselves.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #166 - 2023 Security Predictions, Vuln Hunting with App Server Logs, Enforcing Device AuthN

[tl;dr sec] #166 - 2023 Security Predictions, Vuln Hunting with App Server Logs, Enforcing Device AuthN

Predictions for offense, from security leaders, and AWS, high signal vuln finding from application runtime exceptions, how Pinterest enforces managed and compliant devices in their Okta flow.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #165 - Hunting for Malicious Persistence in the Cloud, GitHub Action Security, Dark Sides of Machine Learning

[tl;dr sec] #165 - Hunting for Malicious Persistence in the Cloud, GitHub Action Security, Dark Sides of Machine Learning

How to detect malicious persistence in AWS, GCP, and Azure, leaking GitHub Action secrets and improving OIDC security posture, will ChatGPT degrade communication online?

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #164 - Becoming Phishless, Machine Learning, Memory Safe Languages in Android 13

[tl;dr sec] #164 - Becoming Phishless, Machine Learning, Memory Safe Languages in Android 13

How a number of companies adopted WebAuthN and/or hard keys, neat new things in ML, the impact of Rust and memory safety in general in Android 13.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #163 - Rebuilding Detection and IR at LinkedIn, CVEs and Misaligned Incentives, 2022 in Review and 2023 Predictions

[tl;dr sec] #163 - Rebuilding Detection and IR at LinkedIn, CVEs and Misaligned Incentives, 2022 in Review and 2023 Predictions

How LinkedIn scaled detection and minimized toil, why ReDoS CVEs are mostly noise, and reflecting on security in 2022 and predicting what 2023 has in store.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #161 - ChatGPT, Scaling Vulnerability Management in Microservices, Supply Chain

[tl;dr sec] #161 - ChatGPT, Scaling Vulnerability Management in Microservices, Supply Chain

Many varied examples of using ChatGPT, how Lyft precisely fixes OS and OS-package level vulnerabilities across ~1,000 services, Sigstore and dangerous subtleties in the GitHub download artifacts API.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #162 - Meaningful Security Product Metrics, Vulnerability Inbox Zero, Joe Sullivan Trial Deep Dive

[tl;dr sec] #162 - Meaningful Security Product Metrics, Vulnerability Inbox Zero, Joe Sullivan Trial Deep Dive

How to justify the value of your security team's investments and prioritize, how to build an Inbox Zero vulnerability management approach, Magoo's detailed blameless post-mortem of USA vs Joe Sullivan.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #160 - Application Security Foundations, Machine Learning Uses, Blackbox Regex Fuzzing

[tl;dr sec] #160 - Application Security Foundations, Machine Learning Uses, Blackbox Regex Fuzzing

Notes from the WeHackPurple courses, a wide variety of applications of machine learning, bypassing validatoins and normalizations in web apps using regex fuzzing.

Clint Gibler
Clint Gibler
BlogBlog
Companies Hiring for Cybersecurity in 2022+

Companies Hiring for Cybersecurity in 2022+

Over 35 companies you can apply for a security job at right now.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #159 - Twitter vs Mastodon, GitHub Attack Trees, ThinkstScapes

[tl;dr sec] #159 - Twitter vs Mastodon, GitHub Attack Trees, ThinkstScapes

Twitter internals and Mastodon benefits/challenges, blue and red team attack trees for attacking GitHub, ThinkstScapes Quarterly covering AI/ML, clever cryptography, and software analysis at scale.

Clint Gibler
Clint Gibler
FirstBack
678910111213
Next Last