New repo surveying prompt injection defenses, how OpenAI uses LLMs for internal security, insights on MS's honeypot infra
OpenAI's open sourced Slackbots, migrating to IMDSv2 at scale, a collection of offensive Kubernetes security techniques
A call to action, with practical advice
Tools to scan build piplines & remove short-lived tokens, study by Datadog, join Jason Chan and I on the origin of Netflix's Paved Road
How to negotiate your salary and Incident Responder q's, Jason Chan on the Paved Road, new repo of secure by default OSS libraries
The best XZ resources, I interviewed Mike Hanley on secure defaults & AI, SO-CON 2024 slides available
Google's zero trust lessons learned, threat modeling with HCL and LLMs, identifying cross-account IAM attack paths
A threat-informed roadmap for securing Kubernetes clusters
Auto-fixing code with AI, an open source mapping of CloudTrail -> known incidents and ATT&CK, extensions for security auditors
Ten CloudSec guides from NSA & CISA, new Google whitepaper, auto-generating fuzzing code with Claude 3
Bugs found in a private Google bug bounty event, GitLab's new OSS tool to find secrets leaked in video, how to secure a massive U.S. gov't org
How to alert on non infra as code AWS actions, threat modeling apps that use AI, autogenerated list of FPs from popular detection rulesets