tl;dr sec logo
tl;dr sec
Guides
Subscribe
  • tl;dr sec
  • Topics
  • Newsletter

Newsletter

NewsletterSummaryBlogPodcast
NewsletterNewsletter
[tl;dr sec] #284 - Google Cloud CISO Interview, AWS Threat Technique Catalog, Finding Secrets with AI
Jun 19, 2025

[tl;dr sec] #284 - Google Cloud CISO Interview, AWS Threat Technique Catalog, Finding Secrets with AI

4 ways Google uses AI for security, catalog of AWS threat actor techniques, training a custom small language model to find secrets

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #283 - Awesome Black Hat Tools, Evading EDR, Disrupting Malicious Uses of AI
Jun 12, 2025

[tl;dr sec] #283 - Awesome Black Hat Tools, Evading EDR, Disrupting Malicious Uses of AI

Huge list of tools presented at various Black Hat conferences, how attackers evade modern EDR, OpenAI's report on threat actor campaigns they've disrupted

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #282 - Weaponizing Dependabot, Ultimate Guide to JWT Vulnerabilities, Multi-Agent Automated Vulnerability Discovery
Jun 05, 2025

[tl;dr sec] #282 - Weaponizing Dependabot, Ultimate Guide to JWT Vulnerabilities, Multi-Agent Automated Vulnerability Discovery

Using Dependabot to merge malicious code and bypass branch protections, JWT attack guide with mitigations and labs, AI agents found a new Linux Kernel USB protocol stack vulnerability

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #281 - Free AI Red Teaming Labs, Cloud Security Roadmaps, o3 Finds 0-day
May 29, 2025

[tl;dr sec] #281 - Free AI Red Teaming Labs, Cloud Security Roadmaps, o3 Finds 0-day

Free Black Hat training by Microsoft's AI red team, a cloud security roadmap for your start-up, o3 finds an 0-day in the Linux kernel’s SMB implementation

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #280 - Hardening GitHub Actions, Uber's Multi-Cloud Secret Management, Prompts are the New IOCs
May 22, 2025

[tl;dr sec] #280 - Hardening GitHub Actions, Uber's Multi-Cloud Secret Management, Prompts are the New IOCs

Detailed guide on all the ways to harden GitHub Actions, Uber's Secret Management Platform that manages >150,000 secrets, "LLM TTPs" + a tool to detect and hunt adversarial prompts

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #279 - Security for High Velocity Engineering, Cloud Incident Readiness, AI-powered Malware Implants
May 15, 2025

[tl;dr sec] #279 - Security for High Velocity Engineering, Cloud Incident Readiness, AI-powered Malware Implants

How to build a Paved Road that improves dev productivity and security, what to do before/after a cloud breach, command & control (C2) that executes attacks using natural language

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #278 - North Korean IT Workers, How Sentinel One Defends Itself, How Threat Actors Use Claude
May 08, 2025

[tl;dr sec] #278 - North Korean IT Workers, How Sentinel One Defends Itself, How Threat Actors Use Claude

Several posts on DPRK IT workers infiltrating companies, Sentinel One on fighting off threat actors, Anthropic shares how attackers were using Claude

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #277 - Cybersecurity (Anti)Patterns, $64K from Deleted Files, New from Meta AI Security
May 01, 2025

[tl;dr sec] #277 - Cybersecurity (Anti)Patterns, $64K from Deleted Files, New from Meta AI Security

How to avoid Busywork Generators, bug bounty story of secrets in deleted files, new AI security tools and evals from Meta

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #276 - AI-created PoC Exploit, Cloud Snitch, Kubernetes Attack Simulation
Apr 24, 2025

[tl;dr sec] #276 - AI-created PoC Exploit, Cloud Snitch, Kubernetes Attack Simulation

AI creating/debugging an exploit for the recent Erlang/OTP SSH vuln, map visualization and firewall for AWS activity, a multi-stage attack simulation tool for k8s

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #275 - Damn Vulnerable MCP, Figma's Modern Endpoint Strategy, BloodHound for AWS IAM
Apr 17, 2025

[tl;dr sec] #275 - Damn Vulnerable MCP, Figma's Modern Endpoint Strategy, BloodHound for AWS IAM

Deliberately vulnerable MCP to practice your hacking chops, how Figma's balances usability & security, a new tool to put a leash on naughty AWS permissions

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #274 - Model Context Protocol + Security Part Deux, Securing GitHub Actions, S3 Scanner
Apr 10, 2025

[tl;dr sec] #274 - Model Context Protocol + Security Part Deux, Securing GitHub Actions, S3 Scanner

More MCP links than you can shake a stick at, GHA runtime monitoring & why pinning is hard, scan S3 buckets for misconfigs and ransomware prevention

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #273 - Model Context Protocol + Security Tools, Compromising CodeQL, Red Teaming with ServiceNow
Apr 03, 2025

[tl;dr sec] #273 - Model Context Protocol + Security Tools, Compromising CodeQL, Red Teaming with ServiceNow

MCPs for Ghidra, Semgrep, and SecOps, a CodeQL supply chain issue, using ServiceNow offensively

Clint Gibler
Clint Gibler
The best way to keep up with cybersecurity research. Join >90,000 security professionals getting the best tools, talks, and resources right in their inbox for free.

tl;dr sec

The best way to keep up with cybersecurity research. Join >90,000 security professionals getting the best tools, talks, and resources right in their inbox for free.

Home

Posts

Authors

Guides

Guides

© 2025 tl;dr sec.

Privacy policy

Terms of use

Powered by beehiiv