
* @csima @Scott_Helme on securing your home network
* @libber lessons learned from running Facebook & Uber's #bugbounty program
* @0xdabbad00 gotchas in setting up isolated networks in #AWS
* @alsmola on IAM global condition context keys https://tldrsec.com/blog/tldr-sec-030/
As many of us are working from home these days, I found these posts by @csima and @Scott_Helme useful:
https://medium.com/@csima/how-i-protected-my-home-network-66797536a3cc https://scotthelme.co.uk/securing-your-home-network-for-wfh/
https://medium.com/@csima/how-i-protected-my-home-network-66797536a3cc https://scotthelme.co.uk/securing-your-home-network-for-wfh/
Some high quality, free security resources:
Stanford released the videos, slides, reading material, and course assignments for their Web Security course:
https://web.stanford.edu/class/cs253/
Google released a 550+ page book on Building Secure & Reliable Systems
https://landing.google.com/sre/books/
Stanford released the videos, slides, reading material, and course assignments for their Web Security course:
https://web.stanford.edu/class/cs253/
Google released a 550+ page book on Building Secure & Reliable Systems
https://landing.google.com/sre/books/
@0xdabbad00 gotchas in setting up isolated networks in AWS
https://summitroute.com/blog/2020/03/31/isolated_networks_on_aws/
@alsmola Fine-tuning access with IAM global condition context keys https://medium.com/@alsmola/fine-tuning-access-with-aws-iam-global-condition-context-keys-784d6374ee
https://summitroute.com/blog/2020/03/31/isolated_networks_on_aws/
@alsmola Fine-tuning access with IAM global condition context keys https://medium.com/@alsmola/fine-tuning-access-with-aws-iam-global-condition-context-keys-784d6374ee
Using Vault with #Kubernetes
https://medium.com/hashicorp-engineering/hashicorp-vault-delivering-secrets-with-kubernetes-1b358c03b2a3
ATT&CK Matrix for Kubernetes
https://www.microsoft.com/security/blog/2020/04/02/attack-matrix-kubernetes/
https://medium.com/hashicorp-engineering/hashicorp-vault-delivering-secrets-with-kubernetes-1b358c03b2a3
ATT&CK Matrix for Kubernetes
https://www.microsoft.com/security/blog/2020/04/02/attack-matrix-kubernetes/
Does DNS over HTTP affect DNS rebinding? @sanktjodel & @gerald_doussot investigate
https://research.nccgroup.com/2020/03/30/impact-of-dns-over-https-doh-on-dns-rebinding-attacks/
Get #dns results easily in JSON
$ curl -H "accept: application/dns-json" \\
" https://cloudflare-dns.com/dns-query?name=nccgroup.com&type=A"
https://research.nccgroup.com/2020/03/30/impact-of-dns-over-https-doh-on-dns-rebinding-attacks/
Get #dns results easily in JSON

$ curl -H "accept: application/dns-json" \\
" https://cloudflare-dns.com/dns-query?name=nccgroup.com&type=A"
Running a #bugbounty master class by @libber
http://collingreene.com/5_years_of_bug_bounty.html
Stats from 1,300 phishing campaigns
https://research.nccgroup.com/2020/04/03/crave-the-data-statistics-from-1300-phishing-campaigns/
Regardless of sector, 50% of people who click a link will supply credentials
http://collingreene.com/5_years_of_bug_bounty.html
Stats from 1,300 phishing campaigns
https://research.nccgroup.com/2020/04/03/crave-the-data-statistics-from-1300-phishing-campaigns/
Regardless of sector, 50% of people who click a link will supply credentials

If you liked this thread, check out tl;dr sec, a weekly-ish newsletter I send out with:
Summaries of great security talks
The latest tools and useful blog posts
My various research projects
Thanks for reading, have a great day!
https://tldrsec.com/



Thanks for reading, have a great day!
