Software Supply Chain Vendor Landscape
An analysis of over 20 supply chain security vendors, from securing source code access and CI/CD pipelines to SCA, malicious dependencies, container security, SBOMs, code provenance, and more
Clint Gibler, Francis Odum /
![[tl;dr sec] #201 - CloudRecon, LLM Security, Okta for Red Teamers](https://media.beehiiv.com/cdn-cgi/image/format=auto,width=800,height=421,fit=scale-down,onerror=redirect/uploads/publication/thumbnail/080a561f-2435-4477-a549-ab9f115e047c/landscape_Screenshot_2023-09-12_at_10.22.48_AM.png)
[tl;dr sec] #201 - CloudRecon, LLM Security, Okta for Red Teamers
Tool to find ephemeral assets in cloud infra, Dropbox's LLM security scripts, post-exploitation techniques for Okta
Clint Gibler /
[tl;dr sec] #200 - LLM → Tailored IR Scenario, How to Secure Your GitHub/GitLab, Cloud Storage Threat Matrix
LLMs + ATT&CK → tailored incident response scenarios, OpenSSF's source code management platform best practices, new TTPs for the cloud storage threat matrix
Clint Gibler /
[tl;dr sec] #199 - Supply Chain Security Overview, Container Escapes, AI + Cybersecurity
Detailed overview of the areas of supply chain security, 7 ways to escape containers, AI for threat modeling, TTPs, & malicious packages
Clint Gibler /
An Overview of Software Supply Chain Security
A breakdown of what constitutes the software supply chain and how to secure each stage
Clint Gibler, Francis Odum /
[tl;dr sec] #198 - Building a Detection as Code Pipeline, NIST on CI/CD Supply Chain Security, Finding Malware with LLMs
How to build and test a DaC pipeline, new NIST whitepaper on integrating supply chain security measures into CI/CD pipelines, and finding malicious PyPi/npm packages with LLMs
Clint Gibler /
[tl;dr sec] #197 - Career Resources, Modern Security Podcast, Smashing the State Machine
Tons of career resources and advice, I'm starting a podcast on modern security practices, finding tricky state machine web bugs
Clint Gibler /
[tl;dr sec] #196 - How Secrets Leak in CI/CD, AI Threat Modeling, Supply Chain
Some subtle ways secrets leak and how to mitigate, AI threat modeling for policymakers, in-toto and TACOS
Clint Gibler /
[tl;dr sec] #195 - Kubernetes Exposed, SBOMs, Elastic's Vuln Management
Survey of misconfigured and openly accessible k8s clusters, several SBOM resources, how Elastic uses Elastic for vulnerability management
Clint Gibler /
[tl;dr sec] #194 - CNAPPGoat, KubeFuzz, tl;dr sec swag
Multi-cloud open source tool to deploy vulnerable-by-design cloud resources, fuzzing Kubernetes Admission Controllers, where you can get tl;dr sec swag at Hacker Summer Camp
Clint Gibler /