How to alert on non infra as code AWS actions, threat modeling apps that use AI, autogenerated list of FPs from popular detection rulesets
Playbooks and being incident response ready in AWS, practice questions for SOC analysts, autonomously hacking LLM agents
Nine free k8s CTF scenarios, utilities for exploiting/persisting on Jupyter instances, GraphQL security tools, libraries, resources, etc.
BlackHat USA 2023 talks are live, learn how Netflix builds usable security tooling, new OSS framework + prompts to improve your life with AI
A round-up of AI and LLMs being applied to deepfakes and phishing
Walkthrough of 10+ Azure attack paths, how Google rolls out security features at scale, a tracker for incidents reported in 8-Ks
A database of cloud security incidents, campaigns, and techniques, Portswigger's labs on testing LLMs in web apps, using Azure logs for detection
And why software engineering can help us to mature the security industry
How to backdoor every GitHub repo, bypassing AWS WAF, using GPT-4 to respond convincingly to any HTTP request
Useful secure defaults + SCPs for your AWS account, a chatbot LLM ReAct agent for prompt injection practice, vulnerable by design AWS Cloud Development Kit infrastructure
Guide by AWS on configuring AWS security services, free lab to learn to bypass common EDR detection mechanisms, massive list of vulnerable apps to practice on
Automating fuzz targets with LLMs, detailed guide by Microsoft, my interview with the Director of ProdSec @ HashiCorp