Archive

NewsletterNewsletter
[tl;dr sec] #192 - Google's AI Red Teaming, OWASP on Cloud Security, Trail of Bits' Testing Guide

[tl;dr sec] #192 - Google's AI Red Teaming, OWASP on Cloud Security, Trail of Bits' Testing Guide

Google's whitepaper on how they approach AI red teaming, OWASP's cloud architecture security cheatsheet, ToB on static/dynamic analysis tooling

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #191 - BadZure, Detection & Response Pipelines, 18K Subscribers!

[tl;dr sec] #191 - BadZure, Detection & Response Pipelines, 18K Subscribers!

Spin up purposefully vulnerable Azure AD tenants, detailed examples of modern detection pipelines, new subscriber milestone!

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #190 - Securely Build on AI, CISA Pen Test repo, Joining Google's Red Team

[tl;dr sec] #190 - Securely Build on AI, CISA Pen Test repo, Joining Google's Red Team

How to secure product features that leverage AI, CISA's repo of example penetration testing findings, how to join Google's red team and other career resources

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #189 - CISA on Defending CI/CD, Backdooring NPM via S3, AI + Reverse Engineering

[tl;dr sec] #189 - CISA on Defending CI/CD, Backdooring NPM via S3, AI + Reverse Engineering

CISA/NSA's guide on defending cloud CI/CD, backdooring NPM modules depending on binaries in S3, I'm collecting AI + cybersecurity resources

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #188 - Security Interview Questions, Secret Scanning Tools, PentestGPT

[tl;dr sec] #188 - Security Interview Questions, Secret Scanning Tools, PentestGPT

Interview questions across a variety of roles, several secret scanning tools, an autonomous pentesting tool using GPT-4

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #187 - AWS Pentest Methodology, Destroyed by Breach, Awesome LLM Cybersecurity Tools

[tl;dr sec] #187 - AWS Pentest Methodology, Destroyed by Breach, Awesome LLM Cybersecurity Tools

An offense-focused approach to AWS pentests, companies ended by cybersecurity breaches, OSS security tools leveraging LLMs

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #186 - Enterprise Purple Teaming, Cloud CTFs, Code Review with LLMs

[tl;dr sec] #186 - Enterprise Purple Teaming, Cloud CTFs, Code Review with LLMs

Massive list of purple teaming resources, two new cloud CTFs to practice on, how effective are LLMs at doing secure code reviews?

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #185 - Artisanal to Industrial Security, Securing the EC2 Instance Metadata Service, 12 Threat Modeling Methods

[tl;dr sec] #185 - Artisanal to Industrial Security, Securing the EC2 Instance Metadata Service, 12 Threat Modeling Methods

How to deliver security at scale, the security properties of IMDSv2, a summary of many threat modeling approaches.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #184 - Public Cloud Security Breaches, OWASP Top 10 for LLMs, Living Off the Orchard: macOS Binaries

[tl;dr sec] #184 - Public Cloud Security Breaches, OWASP Top 10 for LLMs, Living Off the Orchard: macOS Binaries

Compendium of cloud security incidents and breaches that have affected customers, top risks for software leveraging Large Language Models, a library of macOS binaries that can be used for โ€˜living off the landโ€™.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #183 - The 3 Metrics to Focus On, Build a Purple Team Lab, Damn Vulnerable Android and iOS Apps

[tl;dr sec] #183 - The 3 Metrics to Focus On, Build a Purple Team Lab, Damn Vulnerable Android and iOS Apps

If you can only choose 3 metrics, what to choose? How to build a Kubernetes purple teaming lab, vulnerable Android and iOS apps to learn on.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #182 - Cloud Native Security Talks, AI Attack Surface Map, Attacking and securing cloud identities in managed Kubernetes

[tl;dr sec] #182 - Cloud Native Security Talks, AI Attack Surface Map, Attacking and securing cloud identities in managed Kubernetes

Video playlists and abstracts from CloudNativeSecurityCon and KubeCon, overview of attacking AI assistants and agents, attack vectors to pivot from an EKS cluster to an AWS account.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #181 - Awesome CloudSec Labs, Red Team Infra in 2023, Privilege Escalation in EKS

[tl;dr sec] #181 - Awesome CloudSec Labs, Red Team Infra in 2023, Privilege Escalation in EKS

Free cloud-native security learning labs, the essential components for modern robust red teaming infra, how to privesc from a compromised EKS pod and defeat Kubernetes NodeRestriction.

Clint Gibler
Clint Gibler
FirstBack
678910111213
Next Last