내가 좋아할 만한 콘텐츠
Defending your software supply chain is hard. Forming realistic attack scenarios to test your orgs detection/response capabilities? Also hard. Here’s an approach we tried that improved our readiness. Hope it helps you too. gitlab.com/gitlab-com/gl-…
Setting goals is easy. Finding effective strategies to meet those goals proves hard for me. I’ve started writing down goals, but also specific strategies in tandem. “I will do x for y hours on day z.” I also track if I do it or not. What strategies work best for you?
I had a good laugh that these two tweets just happened to show up right next to each other in my timeline @hellNbak_ 😅
"Learn not to add too many features right away, and get the core idea built and tested." - Leah Culver
@code_emitter present both an offensive & defensive perspective of an attack technique that hides malicious code in open source contributions & that reduce the likelihood of the mods being caught during review. Learn more about this #BHEU Briefing>> blackhat.com/eu-21/briefing…
I recently had a look at @gitpod and found two really nice bugs: about.gitlab.com/blog/2021/07/0…
about.gitlab.com
A brief look at Gitpod, two bugs, and a quick fix
Our security researcher takes a look at Gitpod and finds some access tokens under the carpet.
From my perspective, the greatest benefit of story mapping is not the map. It is the discussions, discovery, and alignment that result from the process of creating a map. #agile
If the thing that stands between you and a better answer is rules, break the rules. #leadership
No one that knew Dan Kaminsky well is talking about DNS today. They are talking about kindness, boundless energy and positivity, spontaneous adventures, and how hard he worked to lift others up. Want to emulate one of the greatest hackers of all time? Let that be your guide.
Me: I’m language agnostic! Seems like a good idea to write this CLI in NodeJS because JSON and Node dependency evaluation! Also me: Let’s talk about JavaScript for infosec tools. No really. Let’s take a good hard look at JavaScript.
This one hit too close to home today 😆
To help out those dealing with the recent exchange series of breaches we at @TrustedSec are sharing some of our scripts we are using in triaging and hunting for compromises. github.com/trustedsec/def… Hope it is of use to the defenders out there.
How we use collaboration, iteration and async communication in @GitLab issues to ensure consistency across severity ratings and #bugbounty payouts. via @gitlab about.gitlab.com/blog/2021/03/1…
about.gitlab.com
Inside the Bug Bounty Council at GitLab
We improve consistency across severity ratings and payouts in our bug bounty program with collaboration, iteration, and async communication.
The mistake is not the failure. Not taking ownership and not learning are the failures.
United States 트렌드
- 1. White House 366K posts
- 2. Good Tuesday 30.7K posts
- 3. Talus Labs 16K posts
- 4. Rick Scott 1,181 posts
- 5. Cobie 43.1K posts
- 6. #tuesdayvibe 1,949 posts
- 7. #3YearsOfMidnights N/A
- 8. NBA IS BACK 15.4K posts
- 9. Cuomo 73.7K posts
- 10. #ThunderUp N/A
- 11. East Wing 87.9K posts
- 12. Gucci 28.3K posts
- 13. The NBA 62.3K posts
- 14. Sanae Takaichi 90.4K posts
- 15. #TuesdayThoughts N/A
- 16. Happy NBA 5,567 posts
- 17. #TuesdayMotivation N/A
- 18. Joe Carter 3,528 posts
- 19. Curtis 42.8K posts
- 20. Brandon Graham 9,582 posts
Something went wrong.
Something went wrong.