https://abs.twimg.com/emoji/v2/... draggable="false" alt="📚" title="Books" aria-label="Emoji: Books"> tl;dr sec #30
* @csima @Scott_Helme on securing your home network
* @libber lessons learned from running Facebook & Uber& #39;s #bugbounty program
* @0xdabbad00 gotchas in setting up isolated networks in #AWS
* @alsmola on IAM global condition context keys https://tldrsec.com/blog/tldr-sec-030/">https://tldrsec.com/blog/tldr...
[tl;dr sec] #30 - Securing Your Home Network, ATT&CK for Kubernetes, Google on Building Secure...

How to secure your home WiFi network, Microsoft releases ATT&CK matrix for Kubernetes, free 550+ page book by Google’s SREs on building secure systems.

https://tldrsec.com/blog/tldr-sec-030/
As many of us are working from home these days, I found these posts by @csima and @Scott_Helme useful:

https://medium.com/@csima/how-i-protected-my-home-network-66797536a3cc">https://medium.com/@csima/ho... https://scotthelme.co.uk/securing-your-home-network-for-wfh/">https://scotthelme.co.uk/securing-...
Securing your home network in preparation for Working From Home

I'm fortunate to have spent the last few years either working from home or travelling the World doing training, consultancy and public speaking. With the recent Coronavirus epidemic having quite...

https://medium.com/@csima/how-i-protected-my-home-network-66797536a3cc
Some high quality, free security resources:

Stanford released the videos, slides, reading material, and course assignments for their Web Security course:
https://web.stanford.edu/class/cs253/ 

Google">https://web.stanford.edu/class/cs2... released a 550+ page book on Building Secure & Reliable Systems
https://landing.google.com/sre/books/ ">https://landing.google.com/sre/books...
@0xdabbad00 gotchas in setting up isolated networks in AWS
https://summitroute.com/blog/2020/03/31/isolated_networks_on_aws/

https://summitroute.com/blog/2020... href="https://twitter.com/alsmola">@alsmola Fine-tuning access with IAM global condition context keys https://medium.com/@alsmola/fine-tuning-access-with-aws-iam-global-condition-context-keys-784d6374ee">https://medium.com/@alsmola/...
Fine-tuning access with AWS IAM global condition context keys

IAM policies answer the question “who gets access to what?”, IAM policy conditions answer the question “who gets access to what, when?”.

https://summitroute.com/blog/2020/03/31/isolated_networks_on_aws/
Using Vault with #Kubernetes
https://medium.com/hashicorp-engineering/hashicorp-vault-delivering-secrets-with-kubernetes-1b358c03b2a3

ATT&CK">https://medium.com/hashicorp... Matrix for Kubernetes
https://www.microsoft.com/security/blog/2020/04/02/attack-matrix-kubernetes/">https://www.microsoft.com/security/...
Does DNS over HTTP affect DNS rebinding? @sanktjodel & @gerald_doussot investigate
https://research.nccgroup.com/2020/03/30/impact-of-dns-over-https-doh-on-dns-rebinding-attacks/

Get">https://research.nccgroup.com/2020/03/3... #dns results easily in JSON https://abs.twimg.com/emoji/v2/... draggable="false" alt="🤘" title="Sign of the horns" aria-label="Emoji: Sign of the horns">

$ curl -H "accept: application/dns-json" \
" https://cloudflare-dns.com/dns-query?name=nccgroup.com&type=A"">https://cloudflare-dns.com/dns-query...
Impact of DNS over HTTPS (DoH) on DNS Rebinding Attacks

DNS over HTTPS (DoH) is a new protocol to perform DNS resolution over HTTPS. It has been in the news recently as Google and Mozilla have both implemented DoH in Chrome and Firefox respectively. DoH…

https://research.nccgroup.com/2020/03/30/impact-of-dns-over-https-doh-on-dns-rebinding-attacks/
Running a #bugbounty master class by @libber
http://collingreene.com/5_years_of_bug_bounty.html

Stats">https://collingreene.com/5_years_o... from 1,300 phishing campaigns
https://research.nccgroup.com/2020/04/03/crave-the-data-statistics-from-1300-phishing-campaigns/

Regardless">https://research.nccgroup.com/2020/04/0... of sector, 50% of people who click a link will supply credentials https://abs.twimg.com/emoji/v2/... draggable="false" alt="😅" title="Smiling face with open mouth and cold sweat" aria-label="Emoji: Smiling face with open mouth and cold sweat">
Crave the Data: Statistics from 1,300 Phishing Campaigns

tl;dr 1,300 phishing campaigns were analysed involving over 360,000 usersTargets in Charities to be over 3 times more likely to click than the Health SectorHowever once clicked half of all targets …

http://collingreene.com/5_years_of_bug_bounty.html
If you liked this thread, check out tl;dr sec, a weekly-ish newsletter I send out with:

https://abs.twimg.com/emoji/v2/... draggable="false" alt="📚" title="Books" aria-label="Emoji: Books"> Summaries of great security talks
https://abs.twimg.com/emoji/v2/... draggable="false" alt="🛠️" title="Hammer and wrench" aria-label="Emoji: Hammer and wrench"> The latest tools and useful blog posts
https://abs.twimg.com/emoji/v2/... draggable="false" alt="🧪" title="Test tube" aria-label="Emoji: Test tube"> My various research projects

Thanks for reading, have a great day! https://abs.twimg.com/emoji/v2/... draggable="false" alt="😎" title="Smiling face with sunglasses" aria-label="Emoji: Smiling face with sunglasses"> https://tldrsec.com/ ">https://tldrsec.com/">...
tl;dr sec Newsletter

Keep up with security research.

https://tldrsec.com/
You can follow @clintgibler.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
There are a lot of misconceptions about the Turkish diaspora in Germany. Since i just finished writing an essay about this topic I thought it's time to give other people
Read more
Las mejores calculadoras online en 2020A thread http://totumat.com/2020/11/26/las-mejores-calculadoras-online-en-2020/ Cuando se estudian asignaturas que requieren de cálculos complicados, nada mejor que contar con una buena calculadora.
Read more
Mitigating #ClimateChange is as much about taking up new techs as about leaving others behindMost studies focus on #coal's global downfall but another #energy tech decline is loomingRead my new
Read more