Archive

NewsletterNewsletter
[tl;dr sec] #107 - Supply Chain and CI/CD Security, Threat Modeling in HCL, Cracking PRNGs using ML

[tl;dr sec] #107 - Supply Chain and CI/CD Security, Threat Modeling in HCL, Cracking PRNGs using ML

Securing build pipelines and ATT&CK for CI/CD, threat modeling in Terraform, using ML to break pseudorandom number generators.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #106 - Least Privilege IAM, Fuzzing, Istio Scanner

[tl;dr sec] #106 - Least Privilege IAM, Fuzzing, Istio Scanner

Designing least privilege AWS IAM policies for people, fuzzing 5G and CPUs by proxy, the first security scanner for Istio.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #105 - DevSecOps, Ransomware & S3, Falco Labs

[tl;dr sec] #105 - DevSecOps, Ransomware & S3, Falco Labs

Effectively shifting left, protecting your S3 buckets from ransomware, exercises to learn Falco in your browser.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #104 - New Phrack, Often Missed Web Vulnerabilities, Facebook Whistleblower

[tl;dr sec] #104 - New Phrack, Often Missed Web Vulnerabilities, Facebook Whistleblower

New issue of Phrack, 10 often missed web vulnerabilities, Facebook whistleblower comes forward about the dangers of its products.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #103 - Cloud Security Guardrails, Lateral Movement in GitHub Orgs, AWS Memes

[tl;dr sec] #103 - Cloud Security Guardrails, Lateral Movement in GitHub Orgs, AWS Memes

Setting up strong AWS security guardrails, tool to explore lateral movement and privilege escalation in GitHub orgs, dank AWS memes from Corey Quinn.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #102 - Why AuthZ is Hard, Vendor Security 2.0, TruffleHog Chrome Extension

[tl;dr sec] #102 - Why AuthZ is Hard, Vendor Security 2.0, TruffleHog Chrome Extension

Detailed breakdown of why authorization is hard, how we should approach vendor security going forward, a Chrome extension to find secrets.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #101 - Securing Netflix at Scale, AWS PrivEsc Playground, Career Advice

[tl;dr sec] #101 - Securing Netflix at Scale, AWS PrivEsc Playground, Career Advice

How to build security tooling developers love, a playground to practice privilege escalation in AWS, career advice from @lcamtuf and Corey Quinn.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #100 - Visualizing Security, GraphQL, API Token Survey

[tl;dr sec] #100 - Visualizing Security, GraphQL, API Token Survey

Infosec infographics, GraphQL guide and server fingerprinting tool, a survey of the trade-offs of various API token types.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #99 - Grow Employees or Lose Them, Advantage: Defense, Ghidra <> Frida

[tl;dr sec] #99 - Grow Employees or Lose Them, Advantage: Defense, Ghidra <> Frida

How to mentor and grow employees, Mark Dowd on how and why defense is gaining the advantage, and a plugin to bridge Ghidra and Frida.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #96 - Learn Reverse Engineering, Cloud Security Orienteering, Kernel Pwning with eBPF

[tl;dr sec] #96 - Learn Reverse Engineering, Cloud Security Orienteering, Kernel Pwning with eBPF

Free workshops to learn reverse engineering, how to rapidly familiarize yourself in a new cloud environment, eBPF deep dive.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #95 - Preventing SSRF in AWS, Testing AuthN Flows, Hardening Your Supply Chain

[tl;dr sec] #95 - Preventing SSRF in AWS, Testing AuthN Flows, Hardening Your Supply Chain

Tool to enforce IMDSv2, test authentication flows by modeling them as a finite state machine, detecting malicious dependencies and solving dependency confusion.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #94 - 10X Your SOC, Learn Crypto, Enterprise-grade Attack-surface Monitoring with Open Source

[tl;dr sec] #94 - 10X Your SOC, Learn Crypto, Enterprise-grade Attack-surface Monitoring with Open Source

Google whitepaper on how to scale your SOC, 3 free platforms to learn cryptography, Luke Stephens' guide on rolling your own attack surface monitoring using Spiderfoot and small scripts.

Clint Gibler
Clint Gibler
FirstBack
1415161718192021
Next Last