SecurityTrails Blog
Meet SQL Explorer: One of the Best Alternatives to Shodan
In this modern age of IP reconnaissance and security research combined with the ever-growing list of software services accessible via the public internet, it’s critical to stay ahead of the curve.
Business Email Compromise (BEC) Attacks: The Most Dangerous Form of Email Scam
Business email compromise attacks will have you doubting any email you receive, whether it’s from your co-worker or even the CEO of your company.
Kerberoasting Attacks Explained: Definition, How They Work and Mitigation Techniques
In 2014, researcher Tim Medin, a senior SANS instructor and content developer, took the Infosec milieu by surprise when he disclosed Kerberoast.
The 10 Most Popular Bug Bounty Courses and Training Programs for Beginners
While hackers were once thought of as hooded figures sitting in dark rooms, inhabiting mysterious and secluded parts of the internet, the times are thankfully changing. The popularity of white hats and ethical hacking is soaring, and becoming a lucrative career option for many.
Top 40 Shodan Dorks for Finding Sensitive IoT Data
With its ever-growing database and ease of use, Shodan has become one of the most popular tools used by security researchers for gathering IoT intelligence.
Reactive vs. Proactive Security: Which Is Better?
As networks and technology rapidly evolve, many organizations face the challenges of expanding their attack surface. A truly successful approach to dealing with these challenges involves multiple layers of protection that encompass networks, devices, data and people. And to add more fuel to issues brought on by technology and security sprawl growth, malicious actors are constantly working on new techniques, tools and methods to execute attacks on organizations’ data.
5 minutes to Build a Basic Monitoring and Alerting System for New Subdomains
I spent a very long time automating my recon for bug bounties. I collaborated with a couple of friends for about 12 months to build out an automation beast. We had a custom framework, and constant recon scanning with good distribution (at times we scaled up to 100+ servers). We stored data on millions of targets and had Slack notifications for vulnerability detection. It was the third iteration of our automation and we thought it was great. I mean, it was pretty great, and it definitely helped us earn some cash on a few popular bounty programs.
Shadow IT and Its Security Risks - Managing the Unseen
Cloud computing is beneficial. Many organizations already know this and are reaping the benefits cloud adoption has brought them: reduced IT costs, scalability, collaboration efficiency and, above all else, flexibility in accessing storage and software to meet their needs. Users can now more easily engage services and solutions that will make their everyday jobs easier.
Internet Scanning: Definition, Benefits, Brief History and Tools
Since its inception, the concept known as the “Internet” has been shaped and reshaped under a constant barrage of new ideas and architectural improvements. As a result, the distributed network has also endured, with various success rates, a growing influx of forbidding conditions ranging from a dizzying array of malicious artifacts to skillful attacks on its very fabric and functionality. For all its breadth and depth, this established reality should come as no surprise; after all, the internet wades deeper and deeper into the tapestry of human culture, amassing remarkable achievements even amidst the most sophisticated threats.
Cyber Extortion: Definition, Examples and Prevention
In 2020, Travelex—the world’s largest currency dealer at the time—was caught in the middle of a public and devastating cyber extortion campaign. Attackers exploited a vulnerability in the Pulse Connect Secure VPN (which had a patch available) to extract data, for which they demanded payment of a $6 million ransom in exchange for its release.