Clint Gibler

Clint Gibler

šŸ—”ļø Head of Security Research @semgrep šŸ“š Creator of tl;dr sec newsletter

 [tl;dr sec] #226 - Negotiation Tips & Interview Questions, Paved Road, awesome-secure-defaults

[tl;dr sec] #226 - Negotiation Tips & Interview Questions, Paved Road, awesome-secure-defaults

How to negotiate your salary and Incident Responder q's, Jason Chan on the Paved Road, new repo of secure by default OSS libraries

Clint Gibler /

 [tl;dr sec] #225- XZ Backdoor, GitHub CSO Interview, SpecterOps Con

[tl;dr sec] #225- XZ Backdoor, GitHub CSO Interview, SpecterOps Con

The best XZ resources, I interviewed Mike Hanley on secure defaults & AI, SO-CON 2024 slides available

Clint Gibler /

[tl;dr sec] #224 - Google on BeyondCorp, Threat Modeling, AWS Cross-Account Attacks

[tl;dr sec] #224 - Google on BeyondCorp, Threat Modeling, AWS Cross-Account Attacks

Google's zero trust lessons learned, threat modeling with HCL and LLMs, identifying cross-account IAM attack paths

Clint Gibler /

Keep Hackers Out of Your Kubernetes Cluster with These 5 Simple Tricks!

Keep Hackers Out of Your Kubernetes Cluster with These 5 Simple Tricks!

A threat-informed roadmap for securing Kubernetes clusters

Clint Gibler /

[tl;dr sec] #223 - AI Auto-fixes, Mapping CloudTrail to Incidents, VS Code Extensions for Security

[tl;dr sec] #223 - AI Auto-fixes, Mapping CloudTrail to Incidents, VS Code Extensions for Security

Auto-fixing code with AI, an open source mapping of CloudTrail -> known incidents and ATT&CK, extensions for security auditors

Clint Gibler /

[tl;dr sec] #222 - NSA's Top 10 Cloud Security Strategies, Secure by Design, Claude 3 + Fuzzing

[tl;dr sec] #222 - NSA's Top 10 Cloud Security Strategies, Secure by Design, Claude 3 + Fuzzing

Ten CloudSec guides from NSA & CISA, new Google whitepaper, auto-generating fuzzing code with Claude 3

Clint Gibler /

[tl;dr sec] #221  - Hacking Google AI for $50K, Detecting Secrets in Videos, Securing Medicare & Medicaid

[tl;dr sec] #221 - Hacking Google AI for $50K, Detecting Secrets in Videos, Securing Medicare & Medicaid

Bugs found in a private Google bug bounty event, GitLab's new OSS tool to find secrets leaked in video, how to secure a massive U.S. gov't org

Clint Gibler /

[tl;dr sec] #220 - Detecting Manual AWS Actions, AI Threat Models, Living Off the False Positive

[tl;dr sec] #220 - Detecting Manual AWS Actions, AI Threat Models, Living Off the False Positive

How to alert on non infra as code AWS actions, threat modeling apps that use AI, autogenerated list of FPs from popular detection rulesets

Clint Gibler /

[tl;dr sec] #219  - IR in AWS, SOC Interview Questions, LLM Hackbots

[tl;dr sec] #219 - IR in AWS, SOC Interview Questions, LLM Hackbots

Playbooks and being incident response ready in AWS, practice questions for SOC analysts, autonomously hacking LLM agents

Clint Gibler /

[tl;dr sec] #218  - Kubernetes Security Training Platform, Jupyter Attack Toolkit, Awesome GraphQL Security

[tl;dr sec] #218 - Kubernetes Security Training Platform, Jupyter Attack Toolkit, Awesome GraphQL Security

Nine free k8s CTF scenarios, utilities for exploiting/persisting on Jupyter instances, GraphQL security tools, libraries, resources, etc.

Clint Gibler /