Thread Reader
Share this page!
×
Tweet
Share
Email
Clint Gibler
Follow @clintgibler
🗡️ Head of Security Research @r2cdev 💙 #DevSecOps and automated bug finding 📚 Creator of https://t.co/FEoo2LrkjC newsletter
1 added to My Authors
Add to My Authors
Mar 8
•
15 tweets
•
10 min read
🚨Security Career Resource Thread 🚨
1️⃣ 2️⃣ resources to break into the field or take your career to the next level 👇
#infosec
#cybersecurity
#security
Learn:
🎓 How to get into various fields: pentesting, SOC analyst, AppSec, ...
🎫 Certs - do they matter? For which roles?
🧪 Doing security research
📣 Building your brand via blog posts, conference talks, and more
💸 How to think about compensation
Jan 11
•
11 tweets
•
5 min read
✅ How to *actually* roll out YubiKeys/WebAuthN
Industry advice is to "just do it"
But it's actually really hard in practice
8 resources on lessons learned from companies who've done it 🧵
1/
@frgx
on how Figma switched their Okta to only allow phish-proof WebAuthn/FIDO MFA
https://twitter.com/frgx/status/1379504541666701313
Jul 21, 2022
•
9 tweets
•
27 min read
📚 tl;dr sec 142
*
@fransrosen
Single click account takeovers via OAuth
*
@EricMichaud
,
@ConsensysAudits
Cryptocurrency security
*
@pry0cc
pdiscovery-bot
*
@miguelhzbz
,
@maellyssa
k8s Prometheus attack surface
*
@joseadanof
Awesome Cloud Native Trainings
tldrsec.com/blog/tldr-sec-…
@fransrosen
@EricMichaud
@ConsenSysAudits
@pry0cc
@MiguelHzBz
@maellyssa
@joseadanof
📢 Sponsor: Are your APIs still at risk? Read the Protecting APIs from Modern Security Risks white paper from
@SaltSecurity
for critical components needed to secure your APIs
content.salt.security/protecting-api…
Dec 16, 2021
•
12 tweets
•
45 min read
📚 tl;dr sec 113
* Log4Shell resources
*
@JubbaOnJeans
,
@yashvi3r
Security metrics
* How
@netflix
scales cloud detections
*
@orange_8361
CTF challenges
*
@prince_of_pasta
Least privilege IAM
* Free
@falco_org
101 course
* and more!
tldrsec.com/blog/tldr-sec-…
@JubbaOnJeans
@yashvi3r
@netflix
@orange_8361
@prince_of_pasta
@falco_org
📢 Sponsor:
@goteleport
Teleport 8 delivers industry best practices for remotely accessing Windows and Linux servers, databases, Kubernetes clusters, and internal web applications via a single secure, highly available endpoint. Learn more
goteleport.com/blog/rdp-acces…
Oct 28, 2021
•
10 tweets
•
34 min read
📚 tl;dr sec 107
*
@rung
Attacking and securing CI/CD pipelines
*
@xntrik
Threat modeling in HCL
*
@NCCGroupInfosec
Cracking random number generators w/ML
*
@kottireethi
GitHub Actions security best practices
*
@pdnuclei
Easily validate leaked API tokens
tldrsec.com/blog/tldr-sec-…
@rung
@xntrik
@NCCGroupInfosec
@kottireethi
@pdnuclei
📢 Sponsor: Join
@Tenable
,
@awscloud
,
@techmahindracsr
, & more at
#Accurics
Code to Cloud Security Summit on Wed. Nov 10 @ 8:30am PST. If you’re in the US, register by Fri. to receive a FREE snack box. Preparing for tomorrow’s security challenges today.
hopin.com/events/executi…
Oct 14, 2021
•
9 tweets
•
30 min read
📚 tl;dr sec 105
*
#DevSecOps
-
@NIST
on microservices + service mesh
*
@ErmeticSec
Defending S3 from ransomware
*
@falco_org
labs
* Risk-Based Security Decision Making at
@netflix
*
@brutelogic
XSS exercises
*
@trailofbits
osquery + macOS EndpointSec
tldrsec.com/blog/tldr-sec-…
@NIST
@ErmeticSec
@falco_org
@netflix
@brutelogic
@trailofbits
📢 Sponsor: Learn how “Detection-as-Code” is changing how security teams write, test and harden detections.
blog.runpanther.io/detections-as-…
Oct 7, 2021
•
9 tweets
•
27 min read
📚 tl;dr sec 104
* New Phrack
*
@hakluke
,
@farah_hawaa
10 often missed web vulns
*
@_fel1x
C/C++ semantic search tool
*
@black2fan
,
@s1r1u5_
Finding prototype pollution at scale
*
@r2cdev
Securing your GitHub Actions
*
@alex_dhondt
Exploiting drones
tldrsec.com/blog/tldr-sec-…
@hakluke
@Farah_Hawaa
@_fel1x
@Black2Fan
@S1r1u5_
@r2cdev
@alex_dhondt
📢 Sponsor: The DevSecGuide to Infrastructure as Code:
🔬 Research on the state of IaC security
🦋 Practical steps for embracing a DevSecOps culture
🔐 Tips for embedding security throughout the DevOps lifecycle
➡️ Download for free from
@bridgecrewio
bridgecrew.io/resource/the-d…
Aug 24, 2021
•
18 tweets
•
35 min read
Ever had to get up to speed in a new cloud environment?
It's tough to figure out what's where and how to start
New guide by
@ramimacisabird
:
➡️ Cloud Security Orienteering ⬅️
How to rapidly understand 🧠 and secure 🛡️ a cloud environment
A 🧵:
tldrsec.com/blog/cloud-sec…
@ramimacisabird
Covers:
☁️ Cloud architecture best practices (and why that's so hard)
🏅 Core principles
👷 Corporate Archeology - How and where to dig
📋 Prioritization - ♾ things you could do, where to start?
👩💼 Future Planning - Building a roadmap for impactful change
Jan 28, 2021
•
8 tweets
•
22 min read
📚 tl;dr sec 68
* >5K subscribers! 🤯
* How AWS secures Lambda
*
@DanielMiessler
primer on
@TomNomNom
's recon tools
*
@infosec_au
Blind SSRF chains
*
@RachelTobac
InfoSec sea shanty
*
@bradgeesaman
Creating least priv custom roles in GCP
tldrsec.com/blog/tldr-sec-…
@DanielMiessler
@TomNomNom
@infosec_au
@RachelTobac
@bradgeesaman
📢 Sponsor: Go beyond the network - detect and block malicious actors, not just malicious IPs, with
@SqreenIO
’s RASP. Schedule your demo today
sqreen.com/rasp
Jan 8, 2020
•
4 tweets
•
4 min read
📚tl;dr sec 19
*
@shehackspurple
&
@j_opdenakker
on getting into security
* Google's BeyondProd & code provenance (thx
@MayaKaczorowski
)
* Cloud, API, and file access bug security tools
... and I've got something big planned next week, stay tuned 🤫
tldrsec.com/blog/tldr-sec-…
Static analysis tools to find security issues in:
🌎Terraform scripts:
*
github.com/liamg/tfsec
*
github.com/bridgecrewio/c…
*
github.com/cesar-rodrigue…
☁️CloudFormation templates:
*
github.com/Skyscanner/cfr…
*
github.com/stelligent/cfn…