tl;dr sec

tl;dr sec
Topics
Newsletter

Nov 21, 2024

[tl;dr sec] #257 - Autonomous AI Hacking, Buying us-east-1, macOS Security

AI finds an authentication bypass, what happens when you buy an AWS region name domain, fuzzing macOS and sandbox escapes

Clint Gibler

NewsletterNewsletter

Nov 14, 2024

[tl;dr sec] #256 - AI SOC Analyst, Detection Engineering, How to Ransomware in AWS

NVIDIA's AI SOC analyst you can speak to, embracing TDD and detection as code, tips on how 2 ransomware

Clint Gibler

NewsletterNewsletter

Nov 07, 2024

[tl;dr sec] #255 - AI finds 0day in SQLite, Cloud Security Tools, Auto-generate Terraform Secure Guardrails

Google Project Zero's LLM-powered variant analysis, deobfuscating IAM polices and a real-time SCP error monitor, using LLMs to create secure by default Terraform modules

Clint Gibler

NewsletterNewsletter

Oct 31, 2024

[tl;dr sec] #254 - Cloud CTFs, AI + AppSec, Awesome Threat Detection

Practice your GCP and Azure security skills, scaling AppSec with LLMs, a curated list of awesome threat detection and hunting resources

Clint Gibler

NewsletterNewsletter

Oct 24, 2024

[tl;dr sec] #253 - State of Cloud Security, Applying AI to Cybersecurity, Living Off The Land ESXi

Datadog's 2024 update, lots of resources on AI + security, VMware ESXi built-ins adversaries use

Clint Gibler

NewsletterNewsletter

Oct 17, 2024

[tl;dr sec] #252 - Perfecting Ransomware on AWS, Kubernetes-native Threat Detection, MITRE Caldera Bounty Hunter

Simulate ransomware with KMS XKS + your key, Venator, a new OSS tool, new Caldera plugin to emulate complete, realistic cyber attack chains

Clint Gibler

NewsletterNewsletter

Oct 10, 2024

[tl;dr sec] #251 - Vuln Discovery at Scale, Multi-Cloud Testing Tool, AI-powered Container Scanning

Finding dangling DNS records and secrets at scale, new tool with 80+ attack techniques, NVIDIA's AI blueprint to auto-triage your container CVEs

Clint Gibler

NewsletterNewsletter

Oct 03, 2024

[tl;dr sec] #250 - CNAPP Guide, OpenAI's o1 vs CTFs, Cloud Logging Tips

Detailed CNAPP overview and Day 2 guide, o1 semi-escapes to solve a broken challenge, config tips & tricks for cloud control plane logs

Clint Gibler

NewsletterNewsletter

Sep 26, 2024

[tl;dr sec] #249 - Atomic Cloud IOCs, Russian APT Tool Matrix, Netflix Paved Road Webinar

Cloud-specific indicators of compromise, tools regularly used by Russian government threat actors, webinar on secure guardrails & building Netflix's Paved Road

Clint Gibler

NewsletterNewsletter

Sep 19, 2024

[tl;dr sec] #248 - 10X Your Cloud Security, Secure by Design, AI OffSec Benchmarks

Excellent scaling CloudSec resources, SANS + AWS white paper, two OSS benchmarks for measuring the offensive capabilities of AI models

Clint Gibler

NewsletterNewsletter

Sep 12, 2024

[tl;dr sec] #247 - LinkedIn's AI Security Posture Platform, PyPI Defaults 😭, IAM Least Privilege

LinkedIn's dynamic infra mapping system that streamlines vuln management, register any removed package name because #yolo, creating least privilege roles at scale

Clint Gibler

NewsletterNewsletter

Sep 05, 2024

[tl;dr sec] #246 - GitHub Actions Attack Diagram, The Worst Places to Leak Secrets, Red Team TTPs

Common attack paths in identifying GHA vulns, how quickly AWS tokens are found by location, resources for red teamers and defenders

Clint Gibler