[tl;dr sec] #190 - Securely Build on AI, CISA Pen Test repo, Joining Google's Red Team

How to secure product features that leverage AI, CISA's repo of example penetration testing findings, how to join Google's red team and other career resources

How to securely build product features using AI APIs

A Practitioner’s Guide to Consuming AI

[tl;dr sec] #189 - CISA on Defending CI/CD, Backdooring NPM via S3, AI + Reverse Engineering

CISA/NSA's guide on defending cloud CI/CD, backdooring NPM modules depending on binaries in S3, I'm collecting AI + cybersecurity resources

AI and Machine Learning in Cybersecurity

An overview of current applications of AI/ML to cybersecurity with relevant links and a vision of where things are headed.

Cache Me If You Can: Messing with Web Caching

In this talk, Louis covers 3 web cache related attacks: cache deception, edge side includes, and cache poisoning.

[tl;dr sec] #188 - Security Interview Questions, Secret Scanning Tools, PentestGPT

Interview questions across a variety of roles, several secret scanning tools, an autonomous pentesting tool using GPT-4

[tl;dr sec] #187 - AWS Pentest Methodology, Destroyed by Breach, Awesome LLM Cybersecurity Tools

An offense-focused approach to AWS pentests, companies ended by cybersecurity breaches, OSS security tools leveraging LLMs

[tl;dr sec] #186 - Enterprise Purple Teaming, Cloud CTFs, Code Review with LLMs

Massive list of purple teaming resources, two new cloud CTFs to practice on, how effective are LLMs at doing secure code reviews?

Starting Strength for AppSec: What Mark Rippetoe can Teach You About Building AppSec Muscles

Netflix’s Layered Approach to Reducing Risk of Credential Compromise

[tl;dr sec] #185 - Artisanal to Industrial Security, Securing the EC2 Instance Metadata Service, 12 Threat Modeling Methods

How to deliver security at scale, the security properties of IMDSv2, a summary of many threat modeling approaches.

[tl;dr sec] #184 - Public Cloud Security Breaches, OWASP Top 10 for LLMs, Living Off the Orchard: macOS Binaries

Compendium of cloud security incidents and breaches that have affected customers, top risks for software leveraging Large Language Models, a library of macOS binaries that can be used for ‘living off the land’.