Archive

NewsletterNewsletter
[tl;dr sec] #165 - Hunting for Malicious Persistence in the Cloud, GitHub Action Security, Dark Sides of Machine Learning

[tl;dr sec] #165 - Hunting for Malicious Persistence in the Cloud, GitHub Action Security, Dark Sides of Machine Learning

How to detect malicious persistence in AWS, GCP, and Azure, leaking GitHub Action secrets and improving OIDC security posture, will ChatGPT degrade communication online?

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #164 - Becoming Phishless, Machine Learning, Memory Safe Languages in Android 13

[tl;dr sec] #164 - Becoming Phishless, Machine Learning, Memory Safe Languages in Android 13

How a number of companies adopted WebAuthN and/or hard keys, neat new things in ML, the impact of Rust and memory safety in general in Android 13.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #163 - Rebuilding Detection and IR at LinkedIn, CVEs and Misaligned Incentives, 2022 in Review and 2023 Predictions

[tl;dr sec] #163 - Rebuilding Detection and IR at LinkedIn, CVEs and Misaligned Incentives, 2022 in Review and 2023 Predictions

How LinkedIn scaled detection and minimized toil, why ReDoS CVEs are mostly noise, and reflecting on security in 2022 and predicting what 2023 has in store.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #161 - ChatGPT, Scaling Vulnerability Management in Microservices, Supply Chain

[tl;dr sec] #161 - ChatGPT, Scaling Vulnerability Management in Microservices, Supply Chain

Many varied examples of using ChatGPT, how Lyft precisely fixes OS and OS-package level vulnerabilities across ~1,000 services, Sigstore and dangerous subtleties in the GitHub download artifacts API.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #162 - Meaningful Security Product Metrics, Vulnerability Inbox Zero, Joe Sullivan Trial Deep Dive

[tl;dr sec] #162 - Meaningful Security Product Metrics, Vulnerability Inbox Zero, Joe Sullivan Trial Deep Dive

How to justify the value of your security team's investments and prioritize, how to build an Inbox Zero vulnerability management approach, Magoo's detailed blameless post-mortem of USA vs Joe Sullivan.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #160 - Application Security Foundations, Machine Learning Uses, Blackbox Regex Fuzzing

[tl;dr sec] #160 - Application Security Foundations, Machine Learning Uses, Blackbox Regex Fuzzing

Notes from the WeHackPurple courses, a wide variety of applications of machine learning, bypassing validatoins and normalizations in web apps using regex fuzzing.

Clint Gibler
Clint Gibler
BlogBlog
Companies Hiring for Cybersecurity in 2022+

Companies Hiring for Cybersecurity in 2022+

Over 35 companies you can apply for a security job at right now.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #159 - Twitter vs Mastodon, GitHub Attack Trees, ThinkstScapes

[tl;dr sec] #159 - Twitter vs Mastodon, GitHub Attack Trees, ThinkstScapes

Twitter internals and Mastodon benefits/challenges, blue and red team attack trees for attacking GitHub, ThinkstScapes Quarterly covering AI/ML, clever cryptography, and software analysis at scale.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #158 - Open Security Jobs, Career Advice, Internet Egress Filtering at Lyft

[tl;dr sec] #158 - Open Security Jobs, Career Advice, Internet Egress Filtering at Lyft

Open jobs from over 35 companies, great career advice from a variety of people, how Lyft achieved egress filtering on all services.

Clint Gibler
Clint Gibler
BlogBlog
Container Security

Container Security

A collection of container security resources and tools, organized by category.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #157 - Transforming Security Champions, Production-ready osquery, Compromising Self-hosted GitHub Runners

[tl;dr sec] #157 - Transforming Security Champions, Production-ready osquery, Compromising Self-hosted GitHub Runners

Tanya Janca on building a security champions program, highly turned osquery detections, gaining GitHub Runner persistence and how to detect compromises.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #156 - Hipster History of CORS, Serverless Security Event Data Pipelines, Evaluating Container Attack Detection

[tl;dr sec] #156 - Hipster History of CORS, Serverless Security Event Data Pipelines, Evaluating Container Attack Detection

Dev's hilarious and useful history of the Internet and browser security, new toolkit from Brex to easily normalize and enrich security event data, additional Kubernetes attack methods and evaluating Falco.

Clint Gibler
Clint Gibler
FirstBack
7891011121314
Next Last