Clint Gibler

Follow @clintgibler

28 Jan, 8 tweets, 22 min read

📚 tl;dr sec 68
* >5K subscribers! 🤯
* How AWS secures Lambda
* @DanielMiessler primer on @TomNomNom's recon tools
* @infosec_au Blind SSRF chains
* @RachelTobac InfoSec sea shanty
* @bradgeesaman Creating least priv custom roles in GCP

tldrsec.com/blog/tldr-sec-…

@DanielMiessler @TomNomNom @infosec_au @RachelTobac @bradgeesaman 📢 Sponsor: Go beyond the network - detect and block malicious actors, not just malicious IPs, with @SqreenIO’s RASP. Schedule your demo today sqreen.com/rasp

@DanielMiessler @TomNomNom @infosec_au @RachelTobac @bradgeesaman @SqreenIO @cryptogangsta Bypassing Signature Checks with Electron
parsiya.net/blog/2021-01-0…

SANS Virtual Summits FREE in 2021
sans.org/blog/sans-virt…

@IncludeSecurity Writing custom static analysis rules in Brakeman and Semgrep
blog.includesecurity.com/2021/01/ruby-s…

@DanielMiessler @TomNomNom @infosec_au @RachelTobac @bradgeesaman @SqreenIO @CryptoGangsta @IncludeSecurity @sameer_bhatt5 Bypassing client side encryption
bhattsameer.github.io/2021/01/01/cli…

@infosec_au A glossary of blind SSRF chains
blog.assetnote.io/2021/01/13/bli…

How AWS secures Lambda
d1.awsstatic.com/whitepapers/Ov…

@DanielMiessler @TomNomNom @infosec_au @RachelTobac @bradgeesaman @SqreenIO @CryptoGangsta @IncludeSecurity @sameer_bhatt5 @bradgeesaman Creating least priv custom roles in GCP
darkbit.io/blog/google-cl…

@wolfeidau OpenID proxy for static sites hosted in S3
github.com/wolfeidau/webs…

@sethsec Bad Pods: Kubernetes Pod Privilege Escalation
labs.bishopfox.com/tech-blog/bad-…

@DanielMiessler @TomNomNom @infosec_au @RachelTobac @bradgeesaman @SqreenIO @CryptoGangsta @IncludeSecurity @sameer_bhatt5 @wolfeidau @sethsec North Korea is targeting security researchers
blog.google/threat-analysi…

More from @richinseattle

https://twitter.com/richinseattle/status/1353864756109578241

@DanielMiessler primer on @TomNomNom's recon tools
danielmiessler.com/blog/a-tomnomn…

@DanielMiessler @TomNomNom @infosec_au @RachelTobac @bradgeesaman @SqreenIO @CryptoGangsta @IncludeSecurity @sameer_bhatt5 @wolfeidau @sethsec @richinseattle Automating internal threat intelligence and inventory
github.com/cloud-sniper/d…

Fraud Is No Fun Without Friends, H/T @jonoberheide for sharing
bloomberg.com/opinion/articl…

@0xdabbad00 on cast irons

https://twitter.com/0xdabbad00/status/1351961448545619968

@RachelTobac InfoSec sea shanty

https://twitter.com/RachelTobac/status/1352409636792492035

@DanielMiessler @TomNomNom @infosec_au @RachelTobac @bradgeesaman @SqreenIO @CryptoGangsta @IncludeSecurity @sameer_bhatt5 @wolfeidau @sethsec @richinseattle @jonoberheide @0xdabbad00 If you liked this thread, check out tl;dr sec, a weekly-ish newsletter I send out with:

📚 Summaries of great security talks
🛠️ The latest tools and useful blog posts
🧪 My various research projects

Thanks for reading, have a great day! 😎

tldrsec.com

• • •

Missing some Tweet in this thread? You can try to force a refresh

　

This Thread may be Removed Anytime!

Twitter may remove this content at anytime! Save it as PDF for later use!

More from @clintgibler

Clint Gibler

8 Jan 20

📚tl;dr sec 19
* @shehackspurple & @j_opdenakker on getting into security
* Google's BeyondProd & code provenance (thx @MayaKaczorowski)
* Cloud, API, and file access bug security tools

... and I've got something big planned next week, stay tuned 🤫

tldrsec.com/blog/tldr-sec-…

Static analysis tools to find security issues in:

🌎Terraform scripts:
* github.com/liamg/tfsec
* github.com/bridgecrewio/c…
* github.com/cesar-rodrigue…

☁️CloudFormation templates:
* github.com/Skyscanner/cfr…
* github.com/stelligent/cfn…

Other #security tools:

Docker container that wraps 7 other #AWS security tools:
github.com/z0ph/aws-secur…

Automatic API attack tool that takes API specs as input:
github.com/imperva/automa…

Finding file access bugs:
github.com/google/path-au…

Follow Us on Twitter!