Archive

NewsletterNewsletter
[tl;dr sec] #115 - Mac Malware of 2021, Preventing SSRF, Moxie on web3

[tl;dr sec] #115 - Mac Malware of 2021, Preventing SSRF, Moxie on web3

Patrick Wardle's analysis of a year of Mac malware, library to safely make HTTP requests, and Moxie experiments with distributed apps.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #114 - Web Security, Detecting Container Drift, Reviewing 2021's Cloud Breaches

[tl;dr sec] #114 - Web Security, Detecting Container Drift, Reviewing 2021's Cloud Breaches

CSRF, web cache poisoning, and SSRF, detecting/fixing container drift at runtime, and three frequent sources of cloud security breaches and vulnerabilities in 2021.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #113 - Log4Shell, Security Metrics, Cloud Detections at Scale

[tl;dr sec] #113 - Log4Shell, Security Metrics, Cloud Detections at Scale

Resources for the vuln that's keeping you away from your family, how to do security metrics effectively, how Netflix scales cloud detections using Snare.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #112 - re:Invent, Python Security, Cloud Service Provider Mistakes

[tl;dr sec] #112 - re:Invent, Python Security, Cloud Service Provider Mistakes

Round-up articles about re:Invent, examining Python package security, Scott Piper's repo of AWS, GCP, and Azure mistakes and vulnerabilities.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #111 - This Shouldn't Have Happened, Humble Hacking Bundle, Why NFTs are Bad

[tl;dr sec] #111 - This Shouldn't Have Happened, Humble Hacking Bundle, Why NFTs are Bad

An impactful bug in heavily tested C/C++, great security books for cheap, technical and economic reasons why NFTs are bad and don't work.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #110 - From What to How in Cybersecurity, Detection Engineering for Kubernetes, Fuzzing

[tl;dr sec] #110 - From What to How in Cybersecurity, Detection Engineering for Kubernetes, Fuzzing

Jason Chan BSidesRDU keynote, detecting privilege escalation in Kubernetes, network fuzzing and fuzzing DRAM to discover rowhammer vulns.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #109 - Breaking Stateless Authentication, Secrets, Unicode Chicanery

[tl;dr sec] #109 - Breaking Stateless Authentication, Secrets, Unicode Chicanery

A tool to detect misconfigured session implementations, scanning Docker Hub for secrets and determining the impact of leaked secrets, Semgrep rule for the Trojan Source bug.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #108 - How SolarWinds is Securing their Supply Chain, Cloud Security Tooling, Risk-base

[tl;dr sec] #108 - How SolarWinds is Securing their Supply Chain, Cloud Security Tooling, Risk-base

What SolarWinds did after the attack their new high assurance build system, how to succeed as the only cloud security practitioner in your company, how Netflix uses risk to make informed decisions.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #107 - Supply Chain and CI/CD Security, Threat Modeling in HCL, Cracking PRNGs using ML

[tl;dr sec] #107 - Supply Chain and CI/CD Security, Threat Modeling in HCL, Cracking PRNGs using ML

Securing build pipelines and ATT&CK for CI/CD, threat modeling in Terraform, using ML to break pseudorandom number generators.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #106 - Least Privilege IAM, Fuzzing, Istio Scanner

[tl;dr sec] #106 - Least Privilege IAM, Fuzzing, Istio Scanner

Designing least privilege AWS IAM policies for people, fuzzing 5G and CPUs by proxy, the first security scanner for Istio.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #105 - DevSecOps, Ransomware & S3, Falco Labs

[tl;dr sec] #105 - DevSecOps, Ransomware & S3, Falco Labs

Effectively shifting left, protecting your S3 buckets from ransomware, exercises to learn Falco in your browser.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #104 - New Phrack, Often Missed Web Vulnerabilities, Facebook Whistleblower

[tl;dr sec] #104 - New Phrack, Often Missed Web Vulnerabilities, Facebook Whistleblower

New issue of Phrack, 10 often missed web vulnerabilities, Facebook whistleblower comes forward about the dangers of its products.

Clint Gibler
Clint Gibler
FirstBack
1213141516171819
Next Last