š”ļø Head of Security Research @semgrep š Creator of tl;dr sec newsletter
OpenAI's open sourced Slackbots, migrating to IMDSv2 at scale, a collection of offensive Kubernetes security techniques
Tools to scan build piplines & remove short-lived tokens, study by Datadog, join Jason Chan and I on the origin of Netflix's Paved Road
How to negotiate your salary and Incident Responder q's, Jason Chan on the Paved Road, new repo of secure by default OSS libraries
The best XZ resources, I interviewed Mike Hanley on secure defaults & AI, SO-CON 2024 slides available
Google's zero trust lessons learned, threat modeling with HCL and LLMs, identifying cross-account IAM attack paths
A threat-informed roadmap for securing Kubernetes clusters
Auto-fixing code with AI, an open source mapping of CloudTrail -> known incidents and ATT&CK, extensions for security auditors
Ten CloudSec guides from NSA & CISA, new Google whitepaper, auto-generating fuzzing code with Claude 3
Bugs found in a private Google bug bounty event, GitLab's new OSS tool to find secrets leaked in video, how to secure a massive U.S. gov't org
How to alert on non infra as code AWS actions, threat modeling apps that use AI, autogenerated list of FPs from popular detection rulesets
![[tl;dr sec] #228 - OpenAI's Security Bots, Slack's IMDSv1 ā”ļø 2 Journey, the Kubenomicon](https://media.beehiiv.com/cdn-cgi/image/format=auto,width=800,height=421,fit=scale-down,onerror=redirect/uploads/publication/thumbnail/080a561f-2435-4477-a549-ab9f115e047c/landscape_Screenshot_2023-12-02_at_12.44.25_PM.png)
