[tl;dr sec] #239 - LLM Vulnerability Detection, APT Reports, Learn Exploit Development

Measuring LLM's ability to find vulnerabilities, massive collection of APT reports, how to get started in memory corruption & exploitation

[tl;dr sec] #238 - Security Engineering @ Google Interview Notes, BSidesSF Talks, GitHub CI/CD Egress Filtering

Interview resources, >55 talks on AI and more, a GitHub Action to limit data exfiltration

[tl;dr sec] #237 - fwd:cloudsec videos, LLM Bugfinders, Burp Suite Guide

>40 awesome CloudSec talks, finding vulns with LLMs, how to use Burp like a pro

[tl;dr sec] #236 - Interview Questions, Securing Your Snowflake, Red Teaming LLMs

AppSec and Threat Detection interview q's, tools and tips to secure your Snowflake environment, tools to test LLMs

[tl;dr sec] #235 - Threat Hunting in Snowflake, AWS Incident Query Cheatsheet, Securing AI Infra

Queries to look for attackers in your Snowflake, AWS queries to use during incidents, how OpenAI and Apple secure AI workloads

Sub-Venture Scale Security Problems

[tl;dr sec] #234 - Awesome CI/CD Attacks, STRIDE GPT, Non Production AWS Attack Surface

Practical resources for offensive CI/CD research, AI threat modeling tool, bypassing CloudTrail through non-prod endpoints

The Race to Make a Business of Secure Defaults

[tl;dr sec] #233 - Awesome Detection Engineering, Security GPTs, How to Build a Cybersecurity Start-up

Repo of detection engineering resources, Jason Haddix's security GPTs, 3 successful founders on building a security company

Don’t Security Engineer Asymmetric Workloads

[tl;dr sec] #232 - GitHub Actions Cache Poisoning, Rust Red Team Tools, Prioritizing Detections

Subtly tamper with GHA builds, repo with offense-focused Rust PoCs, how to prioritize a detection backlog

[tl;dr sec] #231 - XZ Utils Backdoor Scanner, CISA's Enriched CVEs, SOC 2 Compliant CI/CD

Understanding & detecting the XZ Utils backdoor, CISA's repo of enriched CVEs, an example SOC 2 compliant GitHub CI/CD pipeline