SecurityTrails Blog SecurityTrails Blog · Nov 13 · SecurityTrails team Making the Web a Better Place: Fixing Caddy Web Server Hostname Enumeration Vulnerability (CVE-2018-19148) TL;DR The web server software Caddy leaked information on which SSL certificates were on each installation through enumeration. We submitted a bug report, built a proof of concept, submitted a CVE and the developer of Caddy Matt Holt fixed it and released Caddy 0.11.1. SecurityTrails Blog · Nov 08 · SecurityTrails team SurfaceBrowser: a Passive Intelligence Tool for Exploring the Surface of Any Company A few weeks ago we launched our new IP, Domain and Company Enrichment Feeds, and today we’re excited to show you one of the most robust information gathering utilities available on the Internet. SecurityTrails Blog · Nov 06 · SecurityTrails team An Ode to White Hats: What Is Ethical Hacking? The first thing that comes to mind when people hear a word “hacker” is some sort of criminal, someone we should be scared of when browsing the Internet. This shouldn’t worry true professionals, the “white hats”, as the number of people who understand the importance of their role in Internet safety just keeps growing. But the question remains: What is an ethical hacker? SecurityTrails Blog · Oct 31 · SecurityTrails team Ripped from the Headlines: Discovered Link Between Jacob Wohl and Surefire Intelligence SecurityTrails data can be leveraged for many uses, ranging from helping security researchers and companies defend against future attacks with up-to-date data to helping non-technical users discover valuable information about the legitimacy of companies and their domains. SecurityTrails Blog · Oct 30 · SecurityTrails team Why Should I Perform a DNS Audit? DNS auditing is a critical task when it comes to infrastructure and system administration. Ironically, it’s also one of the most underrated internet services available, often overlooked when someone is performing IT auditing tasks.