š”ļø Head of Security Research @semgrep š Creator of tl;dr sec newsletter
Insights from 50+ security leaders, OSS tool to protect devs from malicious dependencies, playlist of re:Invent's security talks
Google's AI-powered fuzzing and augmenting SAST with AI, new OSINT/recon service for public AWS identifiers, finding EDR vulns with fuzzing
AI finds an authentication bypass, what happens when you buy an AWS region name domain, fuzzing macOS and sandbox escapes
NVIDIA's AI SOC analyst you can speak to, embracing TDD and detection as code, tips on how 2 ransomware
Google Project Zero's LLM-powered variant analysis, deobfuscating IAM polices and a real-time SCP error monitor, using LLMs to create secure by default Terraform modules
Practice your GCP and Azure security skills, scaling AppSec with LLMs, a curated list of awesome threat detection and hunting resources
Datadog's 2024 update, lots of resources on AI + security, VMware ESXi built-ins adversaries use
Simulate ransomware with KMS XKS + your key, Venator, a new OSS tool, new Caldera plugin to emulate complete, realistic cyber attack chains
Finding dangling DNS records and secrets at scale, new tool with 80+ attack techniques, NVIDIA's AI blueprint to auto-triage your container CVEs
Detailed CNAPP overview and Day 2 guide, o1 semi-escapes to solve a broken challenge, config tips & tricks for cloud control plane logs