tl;dr sec

tl;dr sec
Topics
Newsletter

Feb 20, 2025

[tl;dr sec] #267 - China on the NSA, Passkeys, Prioritizing CVEs with AI

Insights from Chinese intel reports on the NSA's TTPs, understanding and testing passkeys, how Databricks leverages AI to focus on business critical CVEs

Clint Gibler

NewsletterNewsletter

Feb 13, 2025

[tl;dr sec] #266 - AI CVE Analysis, Hijacking Abandoned S3 Buckets, Doing Less in AppSec

NVIDIA's Agentic CVE investigation workflow, compromising the Internet via abandoned S3 buckets, do more in AppSec by doing less

Clint Gibler

NewsletterNewsletter

Feb 06, 2025

[tl;dr sec] #265 - Google's Secure-by-Design Web Framework, AI-powered Phishing, How Palantir Secures Source Control

How Google eliminates vuln classes, human expert-level AI spear phishing, how Palantir hardens their code writing process

Clint Gibler

NewsletterNewsletter

Jan 30, 2025

[tl;dr sec] #264 - Applying AI to AppSec, Threat Modeling in AWS, Behavioral Cloud IOCs

How to autofix code and reduce noise, guide on creating infra diagrams and relevant threat modeling tools, identifying cloud TTPs and threat actors

Clint Gibler

NewsletterNewsletter

Jan 23, 2025

[tl;dr sec] #263 - Tarpit for AI Crawlers, Google's OSS SCA Tool, Backdooring Backdoors

Tool to sinkhole and misinform AI bots crawling your site, Google's new software composition analysis tool, hijacking backdoors in web shells at scale

Clint Gibler

NewsletterNewsletter

Jan 16, 2025

[tl;dr sec] #262 - Red Teaming AI, AWS Org Policies Deep Dive, Anti-EDR Compendium

Microsoft and OpenAI on red teaming AI, SCPs and Resource Control Policies in detail, how EDR works and how to bypass it

Clint Gibler

NewsletterNewsletter

Jan 09, 2025

[tl;dr sec] #261 - Cloud Invariants, Cross-IdP impersonation, AI-powered Cloud Defense

Protecting your Cloud Admin account, getting hacked via IdPs you don't even use, paper & tool about LLM-powered dynamic cloud defense

Clint Gibler

NewsletterNewsletter

Jan 02, 2025

[tl;dr sec] #260 - Reddit's Self Hosted Code Scanning, Build an Offensive AI Agent, OpenSSF's Package Analysis

Reddit's flexible code scanner for any CLI tool, an agent that analyzes JS and tests routes, new tool to scan OSS packages

Clint Gibler

NewsletterNewsletter

Dec 12, 2024

[tl;dr sec] #259 - What Sucks in Security, Supply Chain Firewall, AWS re:Invent Security Talks

Insights from 50+ security leaders, OSS tool to protect devs from malicious dependencies, playlist of re:Invent's security talks

Clint Gibler

NewsletterNewsletter

Dec 05, 2024

[tl;dr sec] #258 - AI-powered Fuzzing and SAST, What Hackers know about your AWS Account, EDR Vulnerabilities

Google's AI-powered fuzzing and augmenting SAST with AI, new OSINT/recon service for public AWS identifiers, finding EDR vulns with fuzzing

Clint Gibler

NewsletterNewsletter

Nov 21, 2024

[tl;dr sec] #257 - Autonomous AI Hacking, Buying us-east-1, macOS Security

AI finds an authentication bypass, what happens when you buy an AWS region name domain, fuzzing macOS and sandbox escapes

Clint Gibler

NewsletterNewsletter

Nov 14, 2024

[tl;dr sec] #256 - AI SOC Analyst, Detection Engineering, How to Ransomware in AWS

NVIDIA's AI SOC analyst you can speak to, embracing TDD and detection as code, tips on how 2 ransomware

Clint Gibler