Auto-fixing code with AI, an open source mapping of CloudTrail -> known incidents and ATT&CK, extensions for security auditors
Ten CloudSec guides from NSA & CISA, new Google whitepaper, auto-generating fuzzing code with Claude 3
Bugs found in a private Google bug bounty event, GitLab's new OSS tool to find secrets leaked in video, how to secure a massive U.S. gov't org
How to alert on non infra as code AWS actions, threat modeling apps that use AI, autogenerated list of FPs from popular detection rulesets
Playbooks and being incident response ready in AWS, practice questions for SOC analysts, autonomously hacking LLM agents
Nine free k8s CTF scenarios, utilities for exploiting/persisting on Jupyter instances, GraphQL security tools, libraries, resources, etc.
BlackHat USA 2023 talks are live, learn how Netflix builds usable security tooling, new OSS framework + prompts to improve your life with AI
A round-up of AI and LLMs being applied to deepfakes and phishing
Walkthrough of 10+ Azure attack paths, how Google rolls out security features at scale, a tracker for incidents reported in 8-Ks
A database of cloud security incidents, campaigns, and techniques, Portswigger's labs on testing LLMs in web apps, using Azure logs for detection
And why software engineering can help us to mature the security industry
How to backdoor every GitHub repo, bypassing AWS WAF, using GPT-4 to respond convincingly to any HTTP request