Archive

NewsletterNewsletter
[tl;dr sec] #101 - Securing Netflix at Scale, AWS PrivEsc Playground, Career Advice

[tl;dr sec] #101 - Securing Netflix at Scale, AWS PrivEsc Playground, Career Advice

How to build security tooling developers love, a playground to practice privilege escalation in AWS, career advice from @lcamtuf and Corey Quinn.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #100 - Visualizing Security, GraphQL, API Token Survey

[tl;dr sec] #100 - Visualizing Security, GraphQL, API Token Survey

Infosec infographics, GraphQL guide and server fingerprinting tool, a survey of the trade-offs of various API token types.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #99 - Grow Employees or Lose Them, Advantage: Defense, Ghidra <> Frida

[tl;dr sec] #99 - Grow Employees or Lose Them, Advantage: Defense, Ghidra <> Frida

How to mentor and grow employees, Mark Dowd on how and why defense is gaining the advantage, and a plugin to bridge Ghidra and Frida.

Clint Gibler
Clint Gibler
SummarySummary
+1+1
Grow Your Best Employees or Lose Them

Grow Your Best Employees or Lose Them

Travis McPeak recommends

Clint Gibler
Clint Gibler
[tl;dr sec] 98 - Cloud Security Orienteering, Last S3 Document You’ll Need, Burnout

[tl;dr sec] 98 - Cloud Security Orienteering, Last S3 Document You’ll Need, Burnout

[tl;dr sec] 98 - Cloud Security Orienteering, Last S3 Document You’ll Need

BlogBlog
Cloud Security Orienteering

Cloud Security Orienteering

How to orienteer in a cloud environment, dig in to identify the risks that matter, and put together actionable plans that address short, medium, and long term goals.

Rami McCarthy
Rami McCarthy
[tl;dr sec] #97 - Attacking HTTP/2, Securing GitHub Projects, Hacking G Suite

[tl;dr sec] #97 - Attacking HTTP/2, Securing GitHub Projects, Hacking G Suite

[tl;dr sec] #97 - Attacking HTTP/2, Securing GitHub Projects

SummarySummary
Travis McPeak: Why Companies don't 'Just Patch'

Travis McPeak: Why Companies don't 'Just Patch'

Why patching in the real world is hard, and what to do about it.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #96 - Learn Reverse Engineering, Cloud Security Orienteering, Kernel Pwning with eBPF

[tl;dr sec] #96 - Learn Reverse Engineering, Cloud Security Orienteering, Kernel Pwning with eBPF

Free workshops to learn reverse engineering, how to rapidly familiarize yourself in a new cloud environment, eBPF deep dive.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #95 - Preventing SSRF in AWS, Testing AuthN Flows, Hardening Your Supply Chain

[tl;dr sec] #95 - Preventing SSRF in AWS, Testing AuthN Flows, Hardening Your Supply Chain

Tool to enforce IMDSv2, test authentication flows by modeling them as a finite state machine, detecting malicious dependencies and solving dependency confusion.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #94 - 10X Your SOC, Learn Crypto, Enterprise-grade Attack-surface Monitoring with Open Source

[tl;dr sec] #94 - 10X Your SOC, Learn Crypto, Enterprise-grade Attack-surface Monitoring with Open Source

Google whitepaper on how to scale your SOC, 3 free platforms to learn cryptography, Luke Stephens' guide on rolling your own attack surface monitoring using Spiderfoot and small scripts.

Clint Gibler
Clint Gibler
[tl;dr sec] #93 - Reading Your CSO's Performance Review, Fuzzing, NSO Group

[tl;dr sec] #93 - Reading Your CSO's Performance Review, Fuzzing, NSO Group

[tl;dr sec] #93 - Reading Your CSO's Performance Review, Fuzzing

FirstBack
1213141516171819
Next Last