Archive

NewsletterNewsletter
[tl;dr sec] #148 - OWASP Kubernetes Top 10, GraphQL Batching Attacks, Abusing Debugging in Electron Apps

[tl;dr sec] #148 - OWASP Kubernetes Top 10, GraphQL Batching Attacks, Abusing Debugging in Electron Apps

Top 10 Kubernetes ecosystem risks to consider, more effective GraphQL brute forcing woth Turbo Intruder, running arbitrary JavaScript in Electron apps.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #147 - Twitter Whistleblower, CI/CD Security, How to Think About Endpoint Security

[tl;dr sec] #147 - Twitter Whistleblower, CI/CD Security, How to Think About Endpoint Security

Mudge's accusations of Twitter's security posture, identity management risks in GitHub orgs, comparing 6 CI providers and examining GH workflows at scale, Ryan McGeehan offers valuable context on how to think of Mudge's Twitter endpoint comments and thinking about endpoint security at your company.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #146 - CI/CD Security, Lightweight Approach to Secure SDLC, End-to-End Threat Detection Rule Testing

[tl;dr sec] #146 - CI/CD Security, Lightweight Approach to Secure SDLC, End-to-End Threat Detection Rule Testing

Lessons learned compromising real world CI/CD pipelines, how to implement a lightweight SSDLC, new framework to ensure your threat detection rules work, from logging to processing pipeline to alerting.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #145 - Defending Against Phishing, iOS Privacy, DEF CON Advice

[tl;dr sec] #145 - Defending Against Phishing, iOS Privacy, DEF CON Advice

Cloudflare's write-up on a sophisticated phishing campaign, examining Meta apps' privacy implications and iOS16's Lockdown Mode, be yourself and find your tribe at DEF CON

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #144 - Hacker Summer Camp, Building ProdSec from Scratch, IAM-Deescalate

[tl;dr sec] #144 - Hacker Summer Camp, Building ProdSec from Scratch, IAM-Deescalate

How to stay healthy and get the most out of Vegas this year, how to build a ProdSec program from scratch, tool to mitigate privilege escalation risks in AWS.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #143 - Career Advice, SBOM, Attack Surface Monitoring

[tl;dr sec] #143 - Career Advice, SBOM, Attack Surface Monitoring

How to get into AppSec, getting a raise, and other career advice, SBOM tools, how to build your own ASM with ProjectDiscovery tools

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #142 - OAuth Security, Cryptocurrency, Being Able to Speak Business

[tl;dr sec] #142 - OAuth Security, Cryptocurrency, Being Able to Speak Business

OAuth bugs that lead to single-click account takeovers, crypto wallet exploits and Ethereum smart contract best practices, the importance of being able to communicate in business metrics and outcomes.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #141 - CIS Supply Chain Security Guide, Static Analysis on Binaries, Machine Learning

[tl;dr sec] #141 - CIS Supply Chain Security Guide, Static Analysis on Binaries, Machine Learning

New CIS software supply chain security whitepaper and tool, finding vulnerabilities in binaries using static analysis, impressive ML tools and attacking ML systems.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #140 - AppSec, Building AWS Security Guardrails, Linux eBPF Rootkit

[tl;dr sec] #140 - AppSec, Building AWS Security Guardrails, Linux eBPF Rootkit

Security at start-ups and SAST program building, preventing classes of cloud vulnerabilities with guardrails, a Linux eBPF rootkit with a backdoor, C2, library injection, and more.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #139 - 60 RCE in 60 minutes, Free Sigstore Course, Cloud Risk Encyclopedia

[tl;dr sec] #139 - 60 RCE in 60 minutes, Free Sigstore Course, Cloud Risk Encyclopedia

A presentation with many real world RCE examples, new free course on using Sigstore for supply chain security, list of 1,200+ cloud security risks.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #138 - Career Resources, Finding Secrets at Scale, Fuzzing

[tl;dr sec] #138 - Career Resources, Finding Secrets at Scale, Fuzzing

Finding cybersecurity jobs and adding value, secrets from front end web apps and Docker Hub, fuzzing VirtualBox, contributing to OSS-Fuzz, tool to improve fuzzing coverage.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #137 - Malicious Terraform, How GitHub uses Dependabot, Democratizing Security Detection

[tl;dr sec] #137 - Malicious Terraform, How GitHub uses Dependabot, Democratizing Security Detection

How to defend against malicious Terraform, great tips from GitHub on effectively rolling out security tooling, and Palantir on building a scalable detection and response team.

Clint Gibler
Clint Gibler
FirstBack
89101112131415
Next Last