š”ļø Head of Security Research @semgrep š Creator of tl;dr sec newsletter
Insights from Chinese intel reports on the NSA's TTPs, understanding and testing passkeys, how Databricks leverages AI to focus on business critical CVEs
NVIDIA's Agentic CVE investigation workflow, compromising the Internet via abandoned S3 buckets, do more in AppSec by doing less
How Google eliminates vuln classes, human expert-level AI spear phishing, how Palantir hardens their code writing process
How to autofix code and reduce noise, guide on creating infra diagrams and relevant threat modeling tools, identifying cloud TTPs and threat actors
Tool to sinkhole and misinform AI bots crawling your site, Google's new software composition analysis tool, hijacking backdoors in web shells at scale
Microsoft and OpenAI on red teaming AI, SCPs and Resource Control Policies in detail, how EDR works and how to bypass it
Protecting your Cloud Admin account, getting hacked via IdPs you don't even use, paper & tool about LLM-powered dynamic cloud defense
Reddit's flexible code scanner for any CLI tool, an agent that analyzes JS and tests routes, new tool to scan OSS packages
Insights from 50+ security leaders, OSS tool to protect devs from malicious dependencies, playlist of re:Invent's security talks
Google's AI-powered fuzzing and augmenting SAST with AI, new OSINT/recon service for public AWS identifiers, finding EDR vulns with fuzzing
![[tl;dr sec] #267 - China on the NSA, Passkeys, Prioritizing CVEs with AI](https://media.beehiiv.com/cdn-cgi/image/format=auto,width=800,height=421,fit=scale-down,onerror=redirect/uploads/publication/thumbnail/080a561f-2435-4477-a549-ab9f115e047c/landscape_Screenshot_2024-11-21_at_10.48.21_AM.png)
