tldrsec.com
Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-06-08.
| Date Added | Resource | Excerpt |
|---|---|---|
| 2026-06-08 2026 | [tl;dr sec] #327 - Finding Zero-days with Any Model, Practical Package Security, Measuring the AI Offense-Defense GapAISupply Chain | This edition of [tl;dr sec] covers three key topics. First, Niels Provos discusses using public AI models to discover zero-day vulnerabilities. Second, it provides practical advice on securing your use of third-party software packages. Finally, it introduces two open-source tools designed to measure the gap between AI offense and defense capabilities, complete with a dynamic lab environment for testing. |
| 2026-06-08 2026 | [tl;dr sec] #328 - Shai-Hulud's Source Code Leaked, Break Into Buildings for $, Reversing EDRs with AIAI | This summary highlights three key security developments. First, TeamPCP's offensive framework, "Shai-Hulud," was leaked on GitHub, indicating a potential security vulnerability. Second, a Reddit AMA discussed pursuing a career in physical penetration testing, which offers financial rewards. Finally, AI is making it easier to understand and reverse-engineer defensive tools like EDRs, potentially ending "opaque defense" strategies. |
| 2026-06-08 2026 | [tl;dr sec] #329 - AI-powered Honeypots, GitHub Action Canaries, Microsoft’s Agentic Security ScannerAI | This newsletter covers three key security advancements. Firstly, it explores how AI-powered honeypots can be used to detect and deceive attackers. Secondly, it details the use of GitHub Action canaries for identifying supply chain attacks. Finally, it highlights new developments from Microsoft's "Autonomous Code Security" team, including their agentic security scanner. |
| 2026-06-08 2026 | [tl;dr sec] #330 - AWS Pathfinding Labs, Running Codex Safely at OpenAI, Glasswing UpdatesAIAPI Sec | This digest covers three key security topics. First, AWS Pathfinding Labs offers over 100 deliberately vulnerable AWS environments for practicing cloud attack path discovery. Second, it details how OpenAI securely runs its Codex model internally. Finally, Anthropic shares updates on bugs found within their systems and their open-sourced harness for security testing. |
| 2026-06-08 2026 | [tl;dr sec] #331 - How Adversaries Use AI, Skill Issues, Using IDEs for C2AI | This tl;dr covers recent cybersecurity trends. Google's research reveals how adversaries are leveraging AI to enhance their attacks. The content also touches on bypassing malicious skill scanning techniques and the novel use of VS Code dev tunnels as a command and control (C2) channel for malicious operations. |
| 2023-08-11 2023 | [tl;dr sec] #194 - CNAPPGoat KubeFuzz tl;dr sec swagFuzzing | Library for deploying vulnerable-by-design cloud resources, CNAPPgoat, modularly provisions components across AWS, Azure, and GCP. Fuzzing Kubernetes Admission Controllers is enabled by KubeFuzz, a generative and mutative fuzzer designed to uncover unexpected behavior in complex admission controller setups. |
| 2021-09-17 2021 | Cloud Security OrienteeringRecon | Library for navigating unfamiliar AWS environments, this resource details a methodology for identifying risks, prioritizing remediation, and defining long-term cloud security strategies. It covers challenges in cloud security best practices, common adoption patterns, identifying ecosystem scope, and prioritizing important risks with open-source tools. The guide references the CIS benchmark for configuration, the Well-Architected Framework Security Pillar for architecture, and Scott Piper’s AWS Security Maturity Roadmap. |