ProgramAnalysis's profile picture. ❤️ building security tools. Pentesting, static analysis, fuzzing, symbolic execution, and long walks on the beach

Practical Program Analysis

@ProgramAnalysis

❤️ building security tools. Pentesting, static analysis, fuzzing, symbolic execution, and long walks on the beach

Practical Program Analysis a reposté

📚 tl;dr sec 45 * @databricks protecting public s3 buckets * @TheDavisJam ReDoS cheatsheet * @dcuthbert “...something truly special happening in the static analysis world” * @cloudsa PrivEsc in Salesforce * @DanielMiessler attribution via reverse TM tldrsec.com/blog/tldr-sec-…


Practical Program Analysis a reposté

📚 tl;dr sec 43 * Continuously monitoring your web attack surface * @FSecure Threat modeling in agile envs * @RichardFeynman the problems you choose to tackle * @benthompson on Slack vs Microsoft Teams * @0xdabbad00 finding overprivileged users/roles tldrsec.com/blog/tldr-sec-…


Practical Program Analysis a reposté

📚 tl;dr sec 42 * Now with search 🔍! * @Azure Scalably snapshotting fleets of VMs * @DanielMiessler on Imposter Syndrome, procrastination, & more * @mubix on egress testing * @cryptodavidw's crypto book * @kylerankin on @Puri_sm's new laptop tldrsec.com/blog/tldr-sec-…


Practical Program Analysis a reposté

📚 tl;dr sec 41 * @lancinimarco threat modeling #Kubernetes * @stevespringett @owasp Software Component Verification Standard v1 * @Plazmaz benchmark repo for secret scanning tools * @PortSwigger's Youtube channel * @raesene vuln scanning containers tldrsec.com/blog/tldr-sec-…


Practical Program Analysis a reposté

📚 tl;dr sec 40 * Uber's continuous AWS monitoring * #AWS's hands-off deployments * Auto-remove unneeded feature flags * @PhilippeDeRyck on OAuth/OpenID Connect * @gerben_javado extract endpoints/params & @m4ll0k2 find sensitive data from JS and more! tldrsec.com/blog/tldr-sec-…


Practical Program Analysis a reposté

📚 tl;dr sec #39 * @FrenzChris The need for evidence based security * @madhuakula slides/training and #Kubernetes Goat * #NahamCon slides * @ajinabraham NodeJSScan v4 * @Doyensec InQL Scanner v2 * @0xdabbad00 denial of wallet attacks tldrsec.com/blog/tldr-sec-…


Practical Program Analysis a reposté

📚 tl;dr sec 38 * See our @devseccon panel: @justine_osborne @shehackspurple @dugdep @zanelackey * @ticarpi Forge/crack JWTs * @jgumbley threat modeling 4 devs * @jcfarris threat hunting in AWS * @christophetd #activedirectory detection labs in Azure tldrsec.com/blog/tldr-sec-…


Practical Program Analysis a reposté

📚 tl;dr sec #37 * #Kubernetes + OPA * @GHSecurityLab uncovers malware targeting open source supply chain * #SAST snark * @DanielMiessler on the changing economy & rising inequality * @0xdabbad00 record all AWS API calls * @blakkheim Linux hardening tldrsec.com/blog/tldr-sec-…


Practical Program Analysis a reposté

📚 tl;dr sec 36 * @0xdabbad00 AWS Security Maturity Roadmap * @pry0cc Spin up dynamic infra for security testing * @GuidoVranken @NetanelBenSimon @yoavalon @mboehme_ @gamozolabs Fuzzing * @DanielMiessler Analysis of the 2020 Verizon DBR * TerraGoat tldrsec.com/blog/tldr-sec-…


Practical Program Analysis a reposté

📚 tl;dr sec 35 * @0xdabbad00 building your career in security * @DanielMiessler securing your home network * @madhuakula security tool search * Testing #oauth implementations @abugzlife1 * @Burp_Suite plugin to handle session management tldrsec.com/blog/tldr-sec-…


Practical Program Analysis a reposté

📚 tl;dr sec 034 * @thedavidbrumley on game theory and 0days * Let @jaybeale teach you how to bust-a-kube * @fredrickl how to be a custodian of customer data * @jacobian on preventing SQLi in Django * @SpenGietz GCP priv esc * @andywgrant iCal shenanigans tldrsec.com/blog/tldr-sec-…


Practical Program Analysis a reposté

📚 tl;dr sec #33 * Free @splunk attack range - practice attacking/detection * @expel_io detecting compromised #aws creds * @va_start 30 reverse engineering tips * @redsift Examining Zoom's behavior with eBPF * Epic #IOS sandbox escape by @s1guza tldrsec.com/blog/tldr-sec-…


Practical Program Analysis a reposté

📚 tl;dr sec #32 * @fredrickl on building a positive security culture * @appseccouk: #Docker/#Kubernetes training * @ramimacisabird AWS security ramp-up guide * Protecting & attacking w/ Chrome extensions by @IAmMandatory * Lateral movement in Azure AD tldrsec.com/blog/tldr-sec-…


Practical Program Analysis a reposté

📚 tl;dr sec #31 * @shehackspurple's online learning platform * Free #AWS/#Azure security course by @appseccouk * Tools for continuous cloud and container security * A VM with 8 C2 frameworks to play with * ZAP GitHub Action * Use @fridadotre w/ Burp tldrsec.com/blog/tldr-sec-…


Practical Program Analysis a reposté

📚 tl;dr sec #30 * @csima @Scott_Helme on securing your home network * @libber lessons learned from running Facebook & Uber's #bugbounty program * @0xdabbad00 gotchas in setting up isolated networks in #AWS * @alsmola on IAM global condition context keys tldrsec.com/blog/tldr-sec-…


Practical Program Analysis a reposté

📚 tl;dr sec #29 * @leifdreizler how to run a #bugbounty program * @Doyensec released a #GraphQL testing tool * @0xdabbad00 #AWS Service Control Policy best practices * @samwcyo on attacking secondary contexts in web apps * @snyff on Unicode regex hijinks tldrsec.com/blog/tldr-sec-…


Practical Program Analysis a reposté

📚 tl;dr sec #28 * @richinseattle 25 years of #fuzzing keynote * @patrickwardle sniffing authn references on macOS * @adamshostack on #threatmodeling with questionnaires * @RiftRecon Free physical pentest PDF * @r2cdev finding Python ReDos vulns at scale tldrsec.com/blog/tldr-sec-…


Practical Program Analysis a reposté

📚 tl;dr sec 27 * Joined @johnlkinsella @Codexatron on @DevSecOpsWeekly * @latacora on getting your SOC2 * @chrisrohlf's C/C++ vuln discovery BH training * @fcremo view file in VS Code -> code exec * @DanielMiessler on compensation * Help save encryption tldrsec.com/blog/tldr-sec-…


Practical Program Analysis a reposté

Thinking about founding a security startup? 🚀 Learn from @jonoberheide's journey from bootstrapping Duo to having it be acquired by Cisco for $2.35B 💰 tldrsec.com/blog/learnings…


Practical Program Analysis a reposté

📚 tl;dr sec #26 * Lessons @jonoberheide learned from @duosec * @dwizzzleMSFT on keeping Windows secure * @JGamblin's container scanning API * @gollmann on #DevSecOps * Susan & @joesu11ivan on building @Cloudflare's ProdSec team * and more! tldrsec.com/blog/tldr-sec-…


Loading...

Something went wrong.


Something went wrong.