📚 tl;dr sec #31
* @shehackspurple's online learning platform
* Free #AWS/ #Azure security course by @appseccouk
* Tools for continuous cloud and container security
* A VM with 8 C2 frameworks to play with
* ZAP GitHub Action
* Use @fridadotre w/ Burp https://tldrsec.com/blog/tldr-sec-031
[tl;dr sec] #31 - Instrument with Frida, Free Course on Attacking Apps in AWS/Azure, VM with 8 C&C...

Use Frida from a Burp extension or web interface, continuous cloud security, fighting misinformation at scale.

https://tldrsec.com/blog/tldr-sec-031
Support security content creators! 🌈💰

Check out @shehackspurple teaching #DevSecOps, #AppSec, and cloud security: https://www.shehackspurple.dev/ 

@DanielMiessler's newsletter: https://danielmiessler.com/subscribe/ 

@lancinimarco writing about cloud security: https://www.buymeacoffee.com/marcolancini 
Marco Lancini

Hi, I'm Marco Lancini. I'm a Security Engineer, mainly interested in cloud native technologies, and devops.

https://www.shehackspurple.dev/
🛠️Instrumentation tooling

Brida, a Burp extension that bridges @Burp_Suite and @fridadotre by @apps3c
https://techblog.mediaservice.net/2020/04/brida-0-4-is-out/

Web interface to manipulate Android Java classes and methods at runtime by @mobilesecurity_ https://github.com/m0bilesecurity/RMS-Runtime-Mobile-Security
m0bilesecurity/RMS-Runtime-Mobile-Security

Runtime Mobile Security (RMS) is a powerful web interface that helps you to manipulate Android Java Classes and Methods at Runtime - m0bilesecurity/RMS-Runtime-Mobile-Security

https://techblog.mediaservice.net/2020/04/brida-0-4-is-out/
Massive list of open source tools from @RSAConference 2020
https://www.rsaconference.com/rsac-programs/open-source-tools

C experts panel AMA including my friend @RCS
https://news.ycombinator.com/item?id=22865357

ZAP baseline scan GitHub Action https://www.zaproxy.org/blog/2020-04-09-automate-security-testing-with-zap-and-github-actions/
Automate Security Testing with ZAP and GitHub Actions

How ZAP baseline and GitHib actions can help to automate the security testing

https://www.rsaconference.com/rsac-programs/open-source-tools
Great site by @Cloudflare that gives a nice overview of BGP security, including a 1-click button to check if your ISP is doing BGP securely (it's probably not)
https://isbgpsafeyet.com/ 

Concise overview of TLS 1.3 security benefits by @netflix https://netflixtechblog.com/how-netflix-brings-safer-and-faster-streaming-experience-to-the-living-room-on-crowded-networks-78b8de7f758c
How Netflix brings safer and faster streaming experience to the living room on crowded networks…

By Sekwon Choi

https://isbgpsafeyet.com/
@HashiCorp Enforcing S3 Security Best Practices Using Terraform & Sentinel
https://medium.com/hashicorp-engineering/enforcing-aws-s3-security-best-practice-using-terraform-sentinel-ddcd181ff4b7

Identify vulns in containers, images, hosts & repositories using @deepfence's Runtime Threat Mapper
https://github.com/deepfence/ThreatMapper

@appseccouk cloud training🔥 https://github.com/appsecco/breaking-and-pwning-apps-and-servers-aws-azure-training
appsecco/breaking-and-pwning-apps-and-servers-aws-azure-training

Course content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training! - appsecco/breaking-and-pwning-apps-and-servers...

https://medium.com/hashicorp-engineering/enforcing-aws-s3-security-best-practice-using-terraform-sentinel-ddcd181ff4b7
Play with 8 different command & control frameworks with the Slingshot C2 Matrix VM #redteam
https://howto.thec2matrix.com/slingshot-c2-matrix-edition

@MDSecLabs on abusing legacy Firefox functionality to achieve command execution in enterprise environments
https://www.mdsec.co.uk/2020/04/abusing-firefox-in-enterprise-environments/
Slingshot C2 Matrix Edition

Virtual Machine image to try some of the most popular command and control frameworks

https://howto.thec2matrix.com/slingshot-c2-matrix-edition
If you liked this thread, check out tl;dr sec, a weekly-ish newsletter I send out with:

📚 Summaries of great security talks
🛠️ The latest tools and useful blog posts
🧪 My various research projects

Thanks for reading, have a great day! 😎
You can follow @clintgibler.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
There are a lot of misconceptions about the Turkish diaspora in Germany. Since i just finished writing an essay about this topic I thought it's time to give other people
Read more
Las mejores calculadoras online en 2020A thread http://totumat.com/2020/11/26/las-mejores-calculadoras-online-en-2020/ Cuando se estudian asignaturas que requieren de cálculos complicados, nada mejor que contar con una buena calculadora.
Read more
Mitigating #ClimateChange is as much about taking up new techs as about leaving others behindMost studies focus on #coal's global downfall but another #energy tech decline is loomingRead my new
Read more