Archive

NewsletterNewsletter
[tl;dr sec] #36 - AWS Security Maturity Roadmap, Fuzzing, Dynamic Infra for Security Testing

[tl;dr sec] #36 - AWS Security Maturity Roadmap, Fuzzing, Dynamic Infra for Security Testing

An AWS Security Maturity Roadmap for 2020, fuzzing the Windows kernel & differential crypto fuzzing, easily spin up a cloud env for security testing

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #35 - Careers in Security, Testing OAuth, Session Management with Burp

[tl;dr sec] #35 - Careers in Security, Testing OAuth, Session Management with Burp

Building a successful career in security and how to specialize, testing OAuth implementations, and a Burp plugin for handling session management.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #34 - Game Theory + 0days, Kubernetes Hacking Practice, AWS Least Privilege

[tl;dr sec] #34 - Game Theory + 0days, Kubernetes Hacking Practice, AWS Least Privilege

Game theory applied to finding and disclosing 0days, Kubernetes training labs, rightsize your AWS IAM policies to Terraform.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #33 - Splunk's Attack Range, Detecting Compromised Cloud Creds, Azure AD for Red Teamers

[tl;dr sec] #33 - Splunk's Attack Range, Detecting Compromised Cloud Creds, Azure AD for Red Teamers

Set up your own range to practice attacking & detection, detection strategies for compromised cloud creds, intro to Azure AD for red teamers.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #32 - Security + Empathy, Chrome Extension Security, Attacking Azure AD

[tl;dr sec] #32 - Security + Empathy, Chrome Extension Security, Attacking Azure AD

Gusto CISO Flee on building a positive security culture, protecting from/attacking with Chrome extensions, pivot through Azure AD.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #31 - Instrument with Frida, Free Course on Attacking Apps in AWS/Azure, VM with 8 C&C Frameworks

[tl;dr sec] #31 - Instrument with Frida, Free Course on Attacking Apps in AWS/Azure, VM with 8 C&C Frameworks

Use Frida from a Burp extension or web interface, continuous cloud security, fighting misinformation at scale.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #29 - Testing GraphQL, Bug Bounty Programs, & AWS Service Control Policy Best Practices

[tl;dr sec] #29 - Testing GraphQL, Bug Bounty Programs, & AWS Service Control Policy Best Practices

Tool for testing GraphQL endpoints, how to run a great bug bounty program, restricting your AWS account with Service Control Policies, hardening Linux.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #28 - 25 Years of Fuzzing, Secrets Management, Security Questionnaires

[tl;dr sec] #28 - 25 Years of Fuzzing, Secrets Management, Security Questionnaires

Some history and overview of fuzzing, preventing/detecting/remediating leaked secrets, static analysis, macOS security, reflections on privacy post COVID-19.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #26 - Learnings from Duo, Auto-healing Clouds, Fuzzing

[tl;dr sec] #26 - Learnings from Duo, Auto-healing Clouds, Fuzzing

Jon Oberheide on Duo, self-healing AWS environments, Google's fuzzer benchmarking and CIFuzz, securing Windows & MS accounts at scale.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #25 - BSidesSF and RSA, Demystifying Container Security, Your Privacy Online

[tl;dr sec] #25 - BSidesSF and RSA, Demystifying Container Security, Your Privacy Online

Round-up of BSidesSF and RSA + my updated slides, overview of container security, pen testing K8s walkthrough, maintaining privacy online.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #24 - BSidesSF/RSA, tl;dr sec Mascot, REST API Fuzzing, AWS Auto-remediation

[tl;dr sec] #24 - BSidesSF/RSA, tl;dr sec Mascot, REST API Fuzzing, AWS Auto-remediation

I'm speaking at BSidesSF and RSA 2020, tl;dr sec stickers, stateful fuzzing of Swagger APIs, auto-remediate AWS issues, canary pro-tips, red team cheatsheets.

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #23 - OSINT, Automatic Exploit Generation, Cloud Security

[tl;dr sec] #23 - OSINT, Automatic Exploit Generation, Cloud Security

OSINT tools, tips, & tricks, presentations on automatically find and exploiting bugs, a code-aware <code>grep</code>, how to assess another company's security posture.

Clint Gibler
Clint Gibler
FirstBack
20212223242526
Next Last