Archive

NewsletterNewsletter
[tl;dr sec] #234 - Awesome CI/CD Attacks, STRIDE GPT, Non Production AWS Attack Surface

[tl;dr sec] #234 - Awesome CI/CD Attacks, STRIDE GPT, Non Production AWS Attack Surface

Practical resources for offensive CI/CD research, AI threat modeling tool, bypassing CloudTrail through non-prod endpoints

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #233 - Awesome Detection Engineering, Security GPTs, How to Build a Cybersecurity Start-up

[tl;dr sec] #233 - Awesome Detection Engineering, Security GPTs, How to Build a Cybersecurity Start-up

Repo of detection engineering resources, Jason Haddix's security GPTs, 3 successful founders on building a security company

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #232 - GitHub Actions Cache Poisoning, Rust Red Team Tools, Prioritizing Detections

[tl;dr sec] #232 - GitHub Actions Cache Poisoning, Rust Red Team Tools, Prioritizing Detections

Subtly tamper with GHA builds, repo with offense-focused Rust PoCs, how to prioritize a detection backlog

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #231 - XZ Utils Backdoor Scanner, CISA's Enriched CVEs, SOC 2 Compliant CI/CD

[tl;dr sec] #231 - XZ Utils Backdoor Scanner, CISA's Enriched CVEs, SOC 2 Compliant CI/CD

Understanding & detecting the XZ Utils backdoor, CISA's repo of enriched CVEs, an example SOC 2 compliant GitHub CI/CD pipeline

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #230 - BSidesSF & RSA Summaries, Cloud-Native Threat Modeling GPT, STS for GitHub

[tl;dr sec] #230 - BSidesSF & RSA Summaries, Cloud-Native Threat Modeling GPT, STS for GitHub

My BSidesSF summaries and RSA announcement overview, custom GPT with CloudSec knowledge, Security Token Service GitHub App

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #229 - Prompt Injection Defenses, Security @ OpenAI, Microsoft's Deception Infrastructure

[tl;dr sec] #229 - Prompt Injection Defenses, Security @ OpenAI, Microsoft's Deception Infrastructure

New repo surveying prompt injection defenses, how OpenAI uses LLMs for internal security, insights on MS's honeypot infra

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #228 - OpenAI's Security Bots, Slack's IMDSv1 ➡️ 2 Journey, the Kubenomicon

[tl;dr sec] #228 - OpenAI's Security Bots, Slack's IMDSv1 ➡️ 2 Journey, the Kubenomicon

OpenAI's open sourced Slackbots, migrating to IMDSv2 at scale, a collection of offensive Kubernetes security techniques

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #227 - Securing GitHub Actions, State of DevSecOps, Paved Road Webinar

[tl;dr sec] #227 - Securing GitHub Actions, State of DevSecOps, Paved Road Webinar

Tools to scan build piplines & remove short-lived tokens, study by Datadog, join Jason Chan and I on the origin of Netflix's Paved Road

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #226 - Negotiation Tips & Interview Questions, Paved Road, awesome-secure-defaults

[tl;dr sec] #226 - Negotiation Tips & Interview Questions, Paved Road, awesome-secure-defaults

How to negotiate your salary and Incident Responder q's, Jason Chan on the Paved Road, new repo of secure by default OSS libraries

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #225- XZ Backdoor, GitHub CSO Interview, SpecterOps Con

[tl;dr sec] #225- XZ Backdoor, GitHub CSO Interview, SpecterOps Con

The best XZ resources, I interviewed Mike Hanley on secure defaults & AI, SO-CON 2024 slides available

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #224 - Google on BeyondCorp, Threat Modeling, AWS Cross-Account Attacks

[tl;dr sec] #224 - Google on BeyondCorp, Threat Modeling, AWS Cross-Account Attacks

Google's zero trust lessons learned, threat modeling with HCL and LLMs, identifying cross-account IAM attack paths

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #223 - AI Auto-fixes, Mapping CloudTrail to Incidents, VS Code Extensions for Security

[tl;dr sec] #223 - AI Auto-fixes, Mapping CloudTrail to Incidents, VS Code Extensions for Security

Auto-fixing code with AI, an open source mapping of CloudTrail -> known incidents and ATT&CK, extensions for security auditors

Clint Gibler
Clint Gibler
FirstBack
345678910
Next Last