Archive

NewsletterNewsletter
[tl;dr sec] #113 - Log4Shell, Security Metrics, Cloud Detections at Scale

[tl;dr sec] #113 - Log4Shell, Security Metrics, Cloud Detections at Scale

Resources for the vuln that's keeping you away from your family, how to do security metrics effectively, how Netflix scales cloud detections using Snare.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #112 - re:Invent, Python Security, Cloud Service Provider Mistakes

[tl;dr sec] #112 - re:Invent, Python Security, Cloud Service Provider Mistakes

Round-up articles about re:Invent, examining Python package security, Scott Piper's repo of AWS, GCP, and Azure mistakes and vulnerabilities.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #111 - This Shouldn't Have Happened, Humble Hacking Bundle, Why NFTs are Bad

[tl;dr sec] #111 - This Shouldn't Have Happened, Humble Hacking Bundle, Why NFTs are Bad

An impactful bug in heavily tested C/C++, great security books for cheap, technical and economic reasons why NFTs are bad and don't work.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #110 - From What to How in Cybersecurity, Detection Engineering for Kubernetes, Fuzzing

[tl;dr sec] #110 - From What to How in Cybersecurity, Detection Engineering for Kubernetes, Fuzzing

Jason Chan BSidesRDU keynote, detecting privilege escalation in Kubernetes, network fuzzing and fuzzing DRAM to discover rowhammer vulns.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #109 - Breaking Stateless Authentication, Secrets, Unicode Chicanery

[tl;dr sec] #109 - Breaking Stateless Authentication, Secrets, Unicode Chicanery

A tool to detect misconfigured session implementations, scanning Docker Hub for secrets and determining the impact of leaked secrets, Semgrep rule for the Trojan Source bug.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #108 - How SolarWinds is Securing their Supply Chain, Cloud Security Tooling, Risk-base

[tl;dr sec] #108 - How SolarWinds is Securing their Supply Chain, Cloud Security Tooling, Risk-base

What SolarWinds did after the attack their new high assurance build system, how to succeed as the only cloud security practitioner in your company, how Netflix uses risk to make informed decisions.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #107 - Supply Chain and CI/CD Security, Threat Modeling in HCL, Cracking PRNGs using ML

[tl;dr sec] #107 - Supply Chain and CI/CD Security, Threat Modeling in HCL, Cracking PRNGs using ML

Securing build pipelines and ATT&CK for CI/CD, threat modeling in Terraform, using ML to break pseudorandom number generators.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #106 - Least Privilege IAM, Fuzzing, Istio Scanner

[tl;dr sec] #106 - Least Privilege IAM, Fuzzing, Istio Scanner

Designing least privilege AWS IAM policies for people, fuzzing 5G and CPUs by proxy, the first security scanner for Istio.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #105 - DevSecOps, Ransomware & S3, Falco Labs

[tl;dr sec] #105 - DevSecOps, Ransomware & S3, Falco Labs

Effectively shifting left, protecting your S3 buckets from ransomware, exercises to learn Falco in your browser.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #104 - New Phrack, Often Missed Web Vulnerabilities, Facebook Whistleblower

[tl;dr sec] #104 - New Phrack, Often Missed Web Vulnerabilities, Facebook Whistleblower

New issue of Phrack, 10 often missed web vulnerabilities, Facebook whistleblower comes forward about the dangers of its products.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #103 - Cloud Security Guardrails, Lateral Movement in GitHub Orgs, AWS Memes

[tl;dr sec] #103 - Cloud Security Guardrails, Lateral Movement in GitHub Orgs, AWS Memes

Setting up strong AWS security guardrails, tool to explore lateral movement and privilege escalation in GitHub orgs, dank AWS memes from Corey Quinn.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #102 - Why AuthZ is Hard, Vendor Security 2.0, TruffleHog Chrome Extension

[tl;dr sec] #102 - Why AuthZ is Hard, Vendor Security 2.0, TruffleHog Chrome Extension

Detailed breakdown of why authorization is hard, how we should approach vendor security going forward, a Chrome extension to find secrets.

Clint Gibler
Clint Gibler
FirstBack
1112131415161718
Next Last