tl;dr sec

tl;dr sec
Archive
Page 7

[tl;dr sec] #219 - IR in AWS, SOC Interview Questions, LLM Hackbots

Playbooks and being incident response ready in AWS, practice questions for SOC analysts, autonomously hacking LLM agents

Clint Gibler

NewsletterNewsletter

Feb 15, 2024

[tl;dr sec] #218 - Kubernetes Security Training Platform, Jupyter Attack Toolkit, Awesome GraphQL Security

Nine free k8s CTF scenarios, utilities for exploiting/persisting on Jupyter instances, GraphQL security tools, libraries, resources, etc.

Clint Gibler

NewsletterNewsletter

Feb 08, 2024

[tl;dr sec] #217 - Bypassing AWS CloudTrail, Usable Security at Netflix, Augmenting Humans with AI

BlackHat USA 2023 talks are live, learn how Netflix builds usable security tooling, new OSS framework + prompts to improve your life with AI

Clint Gibler

BlogBlog

Feb 08, 2024

AI, Deepfakes, and Phishing

A round-up of AI and LLMs being applied to deepfakes and phishing

Clint Gibler

NewsletterNewsletter

Feb 01, 2024

[tl;dr sec] #216 - Azure Attack Paths, Recipe for Scaling Security, Cybersecurity Incident Tracker

Walkthrough of 10+ Azure attack paths, how Google rolls out security features at scale, a tracker for incidents reported in 8-Ks

Clint Gibler

NewsletterNewsletter

Jan 25, 2024

[tl;dr sec] #215 - Cloud Threat Landscape, Web LLM Security Labs, Azure Logs Primer

A database of cloud security incidents, campaigns, and techniques, Portswigger's labs on testing LLMs in web apps, using Azure logs for detection

Clint Gibler

BlogBlog

Jan 23, 2024

How pentesting mirrors the evolution of quality assurance

And why software engineering can help us to mature the security industry

Clint Gibler, +1

NewsletterNewsletter

Jan 18, 2024

[tl;dr sec] #214 - Poisoning GitHub’s Runner Images, Fuzzing AWS WAF, LLM-powered Honeypot

How to backdoor every GitHub repo, bypassing AWS WAF, using GPT-4 to respond convincingly to any HTTP request

Clint Gibler

NewsletterNewsletter

Jan 11, 2024

[tl;dr sec] #213 - AWS Secure Defaults, Damn Vulnerable LLM Agent, cdk-goat

Useful secure defaults + SCPs for your AWS account, a chatbot LLM ReAct agent for prompt injection practice, vulnerable by design AWS Cloud Development Kit infrastructure

Clint Gibler

NewsletterNewsletter

Jan 04, 2024

[tl;dr sec] #212 - AWS Security Services Best Practices, EDR Bypass Lab, 100+ Vulnerable Practice Apps

Guide by AWS on configuring AWS security services, free lab to learn to bypass common EDR detection mechanisms, massive list of vulnerable apps to practice on

Clint Gibler

NewsletterNewsletter

Dec 14, 2023

[tl;dr sec] #211 - LLMs + Fuzzing, Navigating the Incident Response Maze, Product Security @ HashiCorp

Automating fuzz targets with LLMs, detailed guide by Microsoft, my interview with the Director of ProdSec @ HashiCorp

Clint Gibler

NewsletterNewsletter

Dec 07, 2023

[tl;dr sec] #210 - Security Architect & Principal Interview Questions, Pentest AI Agent, Free CloudSec Labs

Consolidated list of interview questions for senior roles from many companies, an AI-copilot for pentesters, learn cloud security from free ~30min labs every week

Clint Gibler

First Back

3 4 5 6 7 8 9 10

Next Last

Archive

[tl;dr sec] #219 - IR in AWS, SOC Interview Questions, LLM Hackbots

[tl;dr sec] #218 - Kubernetes Security Training Platform, Jupyter Attack Toolkit, Awesome GraphQL Security

[tl;dr sec] #217 - Bypassing AWS CloudTrail, Usable Security at Netflix, Augmenting Humans with AI

AI, Deepfakes, and Phishing

[tl;dr sec] #216 - Azure Attack Paths, Recipe for Scaling Security, Cybersecurity Incident Tracker

[tl;dr sec] #215 - Cloud Threat Landscape, Web LLM Security Labs, Azure Logs Primer

How pentesting mirrors the evolution of quality assurance

[tl;dr sec] #214 - Poisoning GitHub’s Runner Images, Fuzzing AWS WAF, LLM-powered Honeypot

[tl;dr sec] #213 - AWS Secure Defaults, Damn Vulnerable LLM Agent, cdk-goat

[tl;dr sec] #212 - AWS Security Services Best Practices, EDR Bypass Lab, 100+ Vulnerable Practice Apps

[tl;dr sec] #211 - LLMs + Fuzzing, Navigating the Incident Response Maze, Product Security @ HashiCorp

[tl;dr sec] #210 - Security Architect & Principal Interview Questions, Pentest AI Agent, Free CloudSec Labs