A round-up of AI and LLMs being applied to deepfakes and phishing

Walkthrough of 10+ Azure attack paths, how Google rolls out security features at scale, a tracker for incidents reported in 8-Ks

A database of cloud security incidents, campaigns, and techniques, Portswigger's labs on testing LLMs in web apps, using Azure logs for detection

And why software engineering can help us to mature the security industry

How to backdoor every GitHub repo, bypassing AWS WAF, using GPT-4 to respond convincingly to any HTTP request

Useful secure defaults + SCPs for your AWS account, a chatbot LLM ReAct agent for prompt injection practice, vulnerable by design AWS Cloud Development Kit infrastructure

Guide by AWS on configuring AWS security services, free lab to learn to bypass common EDR detection mechanisms, massive list of vulnerable apps to practice on

Automating fuzz targets with LLMs, detailed guide by Microsoft, my interview with the Director of ProdSec @ HashiCorp

Consolidated list of interview questions for senior roles from many companies, an AI-copilot for pentesters, learn cloud security from free ~30min labs every week

Datadog's insights on the security posture of 1000's of orgs, a collection of breach reports with TTPs, how red teamers can abuse Slack

A collection of interesting AI tools, products, resources, papers, and more I’ve come across.

List of >100 security-focused GPT agents, join Chris Hughes and I's supply chain security webinar, Docker image with k8s pentesting tools