[tl;dr sec] #236 - Interview Questions, Securing Your Snowflake, Red Teaming LLMs

AppSec and Threat Detection interview q's, tools and tips to secure your Snowflake environment, tools to test LLMs

[tl;dr sec] #235 - Threat Hunting in Snowflake, AWS Incident Query Cheatsheet, Securing AI Infra

Queries to look for attackers in your Snowflake, AWS queries to use during incidents, how OpenAI and Apple secure AI workloads

Sub-Venture Scale Security Problems

[tl;dr sec] #234 - Awesome CI/CD Attacks, STRIDE GPT, Non Production AWS Attack Surface

Practical resources for offensive CI/CD research, AI threat modeling tool, bypassing CloudTrail through non-prod endpoints

The Race to Make a Business of Secure Defaults

[tl;dr sec] #233 - Awesome Detection Engineering, Security GPTs, How to Build a Cybersecurity Start-up

Repo of detection engineering resources, Jason Haddix's security GPTs, 3 successful founders on building a security company

Don’t Security Engineer Asymmetric Workloads

[tl;dr sec] #232 - GitHub Actions Cache Poisoning, Rust Red Team Tools, Prioritizing Detections

Subtly tamper with GHA builds, repo with offense-focused Rust PoCs, how to prioritize a detection backlog

[tl;dr sec] #231 - XZ Utils Backdoor Scanner, CISA's Enriched CVEs, SOC 2 Compliant CI/CD

Understanding & detecting the XZ Utils backdoor, CISA's repo of enriched CVEs, an example SOC 2 compliant GitHub CI/CD pipeline

Wiring a Winning Security Organization

[tl;dr sec] #230 - BSidesSF & RSA Summaries, Cloud-Native Threat Modeling GPT, STS for GitHub

My BSidesSF summaries and RSA announcement overview, custom GPT with CloudSec knowledge, Security Token Service GitHub App

[tl;dr sec] #229 - Prompt Injection Defenses, Security @ OpenAI, Microsoft's Deception Infrastructure

New repo surveying prompt injection defenses, how OpenAI uses LLMs for internal security, insights on MS's honeypot infra