Share this page!

Clint Gibler Profile picture
Twitter logo
14 Oct, 9 tweets, 30 min read
📚 tl;dr sec 105
* #DevSecOps - @NIST on microservices + service mesh
* @ErmeticSec Defending S3 from ransomware
* @falco_org labs
* Risk-Based Security Decision Making at @netflix
* @brutelogic XSS exercises
* @trailofbits osquery + macOS EndpointSec

tldrsec.com/blog/tldr-sec-…
@NIST @ErmeticSec @falco_org @netflix @brutelogic @trailofbits 📢 Sponsor: Learn how “Detection-as-Code” is changing how security teams write, test and harden detections. blog.runpanther.io/detections-as-…
@NIST @ErmeticSec @falco_org @netflix @brutelogic @trailofbits Risk-Based Security Decision Making at @netflix
eventbrite.com/e/risk-based-s…

@ztgrace A tool for detecting default and backdoor creds
github.com/ztgrace/change…

@omer_gil Bypassing required reviews using GitHub Actions
medium.com/cider-sec/bypa…
@NIST @ErmeticSec @falco_org @netflix @brutelogic @trailofbits @ztgrace @omer_gil @NIST #DevSecOps for Microservices-based App with Service Mesh
csrc.nist.gov/publications/d…

Building an end-to-end #Kubernetes-based DevSecOps software factory on AWS
aws.amazon.com/blogs/devops/b…

@alsmola on effectively "shifting left"
@NIST @ErmeticSec @falco_org @netflix @brutelogic @trailofbits @ztgrace @omer_gil @alsmola @righettod Custom Piper scripts for @Burp_Suite
github.com/righettod/burp…

@brutelogic Train your XSS Muscles #bugbountytips
brutelogic.com.br/blog/training-…

@zoph Analyzes the Twitch leak from an AWS Security Consultant perspective
@NIST @ErmeticSec @falco_org @netflix @brutelogic @trailofbits @ztgrace @omer_gil @alsmola @righettod @Burp_Suite @zoph @lancinimarco Checklist: So You Inherited an AWS Account
cloudsecdocs.com/aws/defensive/…

Visualize CloudFormation/SAM/CDK stacks
github.com/mhlabs/cfn-dia…

@ErmeticSec The Threat of #Ransomware to S3 Buckets
ermetic.com/blog/aws/new-r…
@NIST @ErmeticSec @falco_org @netflix @brutelogic @trailofbits @ztgrace @omer_gil @alsmola @righettod @Burp_Suite @zoph @lancinimarco @QuinnyPig An AWS Cloud pricing meeting


@quarkslab Context Discovery Tool for #Kubernetes
blog.quarkslab.com/kdigger-a-cont…

@falco_org labs
falco.org/labs/

k8s RBAC tool
github.com/alcideio/rbac-…

@vinumsec k8s Security Checklist
github.com/Vinum-Security…
@NIST @ErmeticSec @falco_org @netflix @brutelogic @trailofbits @ztgrace @omer_gil @alsmola @righettod @Burp_Suite @zoph @lancinimarco @QuinnyPig @quarkslab @vinumsec @trailofbits osquery + macOS EndpointSecurity
trailofbits.com/post/announcin…

@thomasuhrig Logging Best Practices
tuhrig.de/my-logging-bes…

@_ckosmic Super Mario 64 has been ported to iOS
old.reddit.com//r/SM64PC/comm…
@NIST @ErmeticSec @falco_org @netflix @brutelogic @trailofbits @ztgrace @omer_gil @alsmola @righettod @Burp_Suite @zoph @lancinimarco @QuinnyPig @quarkslab @vinumsec @ThomasUhrig @_ckosmic If you liked this thread, check out tl;dr sec, a weekly newsletter I send out with:

📚 Summaries of great security talks
🛠️ The latest tools and useful blog posts
🧪 My various research projects

Thanks for reading, have a great day! 😎

tldrsec.com

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Clint Gibler

Clint Gibler Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @clintgibler

Clint Gibler Profile picture
7 Oct
📚 tl;dr sec 104
* New Phrack
* @hakluke, @farah_hawaa 10 often missed web vulns
* @_fel1x C/C++ semantic search tool
* @black2fan, @s1r1u5_ Finding prototype pollution at scale
* @r2cdev Securing your GitHub Actions
* @alex_dhondt Exploiting drones

tldrsec.com/blog/tldr-sec-…
@hakluke @Farah_Hawaa @_fel1x @Black2Fan @S1r1u5_ @r2cdev @alex_dhondt 📢 Sponsor: The DevSecGuide to Infrastructure as Code:
🔬 Research on the state of IaC security
🦋 Practical steps for embracing a DevSecOps culture
🔐 Tips for embedding security throughout the DevOps lifecycle
➡️ Download for free from @bridgecrewio
bridgecrew.io/resource/the-d…
@hakluke @Farah_Hawaa @_fel1x @Black2Fan @S1r1u5_ @r2cdev @alex_dhondt @bridgecrewio @_fel1x C/C++ semantic search tool
github.com/googleprojectz…

@procenkoeg How we do SAST at Yandex
zeronights.ru/wp-content/upl…

@r2cdev Securing your GitHub Actions
r2c.dev/blog/2021/prot…
Read 9 tweets
Clint Gibler Profile picture
28 Jan
📚 tl;dr sec 68
* >5K subscribers! 🤯
* How AWS secures Lambda
* @DanielMiessler primer on @TomNomNom's recon tools
* @infosec_au Blind SSRF chains
* @RachelTobac InfoSec sea shanty
* @bradgeesaman Creating least priv custom roles in GCP

tldrsec.com/blog/tldr-sec-…
@DanielMiessler @TomNomNom @infosec_au @RachelTobac @bradgeesaman 📢 Sponsor: Go beyond the network - detect and block malicious actors, not just malicious IPs, with @SqreenIO’s RASP. Schedule your demo today sqreen.com/rasp
@DanielMiessler @TomNomNom @infosec_au @RachelTobac @bradgeesaman @SqreenIO @cryptogangsta Bypassing Signature Checks with Electron
parsiya.net/blog/2021-01-0…

SANS Virtual Summits FREE in 2021
sans.org/blog/sans-virt…

@IncludeSecurity Writing custom static analysis rules in Brakeman and Semgrep
blog.includesecurity.com/2021/01/ruby-s…
Read 8 tweets
Clint Gibler Profile picture
8 Jan 20
📚tl;dr sec 19
* @shehackspurple & @j_opdenakker on getting into security
* Google's BeyondProd & code provenance (thx @MayaKaczorowski)
* Cloud, API, and file access bug security tools

... and I've got something big planned next week, stay tuned 🤫

tldrsec.com/blog/tldr-sec-…
Static analysis tools to find security issues in:

🌎Terraform scripts:
* github.com/liamg/tfsec
* github.com/bridgecrewio/c…
* github.com/cesar-rodrigue…

☁️CloudFormation templates:
* github.com/Skyscanner/cfr…
* github.com/stelligent/cfn…
Other #security tools:

Docker container that wraps 7 other #AWS security tools:
github.com/z0ph/aws-secur…

Automatic API attack tool that takes API specs as input:
github.com/imperva/automa…

Finding file access bugs:
github.com/google/path-au…
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @clintgibler has new unrolls!

Check out other threads from @clintgibler!

Read all threads by @clintgibler

:(