๐ก๏ธ Head of Security Research @semgrep ๐ Creator of tl;dr sec newsletter
Guide to being an effective security leader, 25 talks on cloud, k8s and AI, auto-generating vulnerable honeypots
Plus my reflections on writing 300 issues and seeing Semgrep growing up
Quickly get up to speed in MCP security, tool to identify privilege escalation in AWS, find 0days and attackers via anomalous IMDS calls
How to be an effective CISO, deploy decoy assets that fit in to your AWS environment, tips and tools to minimize the impact of NPM malware
Moar backdoored NPM packages (+ how to secure GitHub Actions), agents making sensitive decisions autonomously, source code and internal docs for China's Great Firewall leaked
AI auto-generating exploits from CVEs for $3, not actually but Memory Integrity Enforcement makes it harder, surprisingly NPM packages were backdoored
Using AI to find vulnerabilities in code, mastering AWS logs for detection engineering, how threat actors are misusing Claude (#4 will surprise you)
Nx malware uses AI CLIs to find secrets, ESET discovers malware sample leveraging OpenAI's OSS model, binary exploitation CTF for Phrack's 40th
Critical vulnerabilities in MCPs, stealthily enumerating AWS resources, a North Korean government hacker's computer was pwned, backdoors & campaigns leaked
James Kettle argues HTTP/1.1 can never be fully secured, augmenting static analysis with LLMs, Google's talk + OSS tool for detecting malicious insiders
![[tl;dr sec] #301 - Security Leadership Master Class, DEF CON Cloud Village Talks, AI-Powered Honeypot](https://media.beehiiv.com/cdn-cgi/image/format=auto,width=800,height=421,fit=scale-down,onerror=redirect/uploads/publication/thumbnail/080a561f-2435-4477-a549-ab9f115e047c/landscape_Screenshot_2024-11-21_at_10.48.21_AM.png)
