
* @shehackspurple's online learning platform
* Free #AWS/ #Azure security course by @appseccouk
* Tools for continuous cloud and container security
* A VM with 8 C2 frameworks to play with
* ZAP GitHub Action
* Use @fridadotre w/ Burp https://tldrsec.com/blog/tldr-sec-031
Support security content creators! 

Check out @shehackspurple teaching #DevSecOps, #AppSec, and cloud security: https://www.shehackspurple.dev/
@DanielMiessler's newsletter: https://danielmiessler.com/subscribe/
@lancinimarco writing about cloud security: https://www.buymeacoffee.com/marcolancini


Check out @shehackspurple teaching #DevSecOps, #AppSec, and cloud security: https://www.shehackspurple.dev/
@DanielMiessler's newsletter: https://danielmiessler.com/subscribe/
@lancinimarco writing about cloud security: https://www.buymeacoffee.com/marcolancini

Brida, a Burp extension that bridges @Burp_Suite and @fridadotre by @apps3c
https://techblog.mediaservice.net/2020/04/brida-0-4-is-out/
Web interface to manipulate Android Java classes and methods at runtime by @mobilesecurity_ https://github.com/m0bilesecurity/RMS-Runtime-Mobile-Security
Massive list of open source tools from @RSAConference 2020
https://www.rsaconference.com/rsac-programs/open-source-tools
C experts panel AMA including my friend @RCS
https://news.ycombinator.com/item?id=22865357
ZAP baseline scan GitHub Action https://www.zaproxy.org/blog/2020-04-09-automate-security-testing-with-zap-and-github-actions/
https://www.rsaconference.com/rsac-programs/open-source-tools
C experts panel AMA including my friend @RCS
https://news.ycombinator.com/item?id=22865357
ZAP baseline scan GitHub Action https://www.zaproxy.org/blog/2020-04-09-automate-security-testing-with-zap-and-github-actions/
Great site by @Cloudflare that gives a nice overview of BGP security, including a 1-click button to check if your ISP is doing BGP securely (it's probably not)
https://isbgpsafeyet.com/
Concise overview of TLS 1.3 security benefits by @netflix https://netflixtechblog.com/how-netflix-brings-safer-and-faster-streaming-experience-to-the-living-room-on-crowded-networks-78b8de7f758c
https://isbgpsafeyet.com/
Concise overview of TLS 1.3 security benefits by @netflix https://netflixtechblog.com/how-netflix-brings-safer-and-faster-streaming-experience-to-the-living-room-on-crowded-networks-78b8de7f758c
@HashiCorp Enforcing S3 Security Best Practices Using Terraform & Sentinel
https://medium.com/hashicorp-engineering/enforcing-aws-s3-security-best-practice-using-terraform-sentinel-ddcd181ff4b7
Identify vulns in containers, images, hosts & repositories using @deepfence's Runtime Threat Mapper
https://github.com/deepfence/ThreatMapper
@appseccouk cloud training
https://github.com/appsecco/breaking-and-pwning-apps-and-servers-aws-azure-training
https://medium.com/hashicorp-engineering/enforcing-aws-s3-security-best-practice-using-terraform-sentinel-ddcd181ff4b7
Identify vulns in containers, images, hosts & repositories using @deepfence's Runtime Threat Mapper
https://github.com/deepfence/ThreatMapper
@appseccouk cloud training

Play with 8 different command & control frameworks with the Slingshot C2 Matrix VM #redteam
https://howto.thec2matrix.com/slingshot-c2-matrix-edition
@MDSecLabs on abusing legacy Firefox functionality to achieve command execution in enterprise environments
https://www.mdsec.co.uk/2020/04/abusing-firefox-in-enterprise-environments/
https://howto.thec2matrix.com/slingshot-c2-matrix-edition
@MDSecLabs on abusing legacy Firefox functionality to achieve command execution in enterprise environments
https://www.mdsec.co.uk/2020/04/abusing-firefox-in-enterprise-environments/
If you liked this thread, check out tl;dr sec, a weekly-ish newsletter I send out with:
Summaries of great security talks
The latest tools and useful blog posts
My various research projects
Thanks for reading, have a great day!



Thanks for reading, have a great day!
