The Worst AI Metric
The “how many r’s in strawberry” test for AI intelligence is dumb. As a writer to write a quality sentence...
Read more →Category: Mix
![[tl;dr sec] #291 - Build a GuardDuty Triage Agent, Scaling Netflix's Threat Detection Pipelines, Claude for Security Review](https://cybernoz.com/wp-content/uploads/2025/08/tldr-sec-291-Build-a-GuardDuty-Triage-Agent-Scaling.png "[tl;dr sec] #291 - Build a GuardDuty Triage Agent, Scaling Netflix's Threat Detection Pipelines, Claude for Security Review 2")
[tl;dr sec] #291 – Build a GuardDuty Triage Agent, Scaling Netflix’s Threat Detection Pipelines, Claude for Security Review
Hacker Summer Camp Once more, hackers have descended onto Vegas for our annual Hacker Summer Camp pilgrimage. I hope you...
Read more →
The Desync Delusion: Are You Really Protected Against HTTP Request Smuggling?
Andrzej Matykiewicz | 06 August 2025 at 22:22 UTC The Hidden Threat That’s Slipping Past Your Security HTTP request smuggling...
Read more →
HTTP/1.1 Must Die: What This Means for Contract Pentesters and MSSPs
Andrzej Matykiewicz | 06 August 2025 at 22:23 UTC At Black Hat USA and DEFCON 2025, PortSwigger’s Director of Research,...
Read more →
HTTP/1.1 Must Die: What This Means for Bug Bounty Hunters
Andrzej Matykiewicz | 06 August 2025 at 22:23 UTC At Black Hat USA and DEFCON 2025, PortSwigger’s Director of Research,...
Read more →
HTTP/1.1 Must Die: What This Means for In-House Pentesters
Andrzej Matykiewicz | 06 August 2025 at 22:23 UTC At Black Hat USA and DEFCON 2025, PortSwigger’s Director of Research,...
Read more →
HTTP/1.1 Must Die: What This Means for AppSec Leadership
Andrzej Matykiewicz | 06 August 2025 at 22:23 UTC At Black Hat USA and DEFCON 2025, PortSwigger’s Director of Research,...
Read more →Why Marcus Is Wrong About AI
My friend Marcus Hutchins put out a long, well-written, and entertaining piece about all the reasons he thinks AI is...
Read more →
HTTP Request Smuggling Explained: with seasoned bug bounty hunter NahamSec and world-class researcher James Kettle
Amelia Coen | 05 August 2025 at 11:08 UTC Ever wondered how attackers can compromise modern websites by exploiting invisible...
Read more →Why Platforms Like Substack Won’t Make Sense for Much Longer
I think the future of Substack is self-hosting. Or—more directly—I don’t think they have much of a future. I’m sure...
Read more →
Why We Built a Museum Instead of a Booth — API Security
Think you know what to expect from a conference booth? Think again. Forget the cliches: the swag destined for the...
Read more →Launching Daemon: My Personal API
Super hyped to be launching the first version of Daemon today! My daemon is my personal API that anyone—or any...
Read more →