SecurityTrails Blog
The 10 Largest Data Breaches and Leaks: Overview, Impact and Settlements
Today, every company holds some sensitive information that can be of value to malicious actors. To say that we now see cyber attacks and data breaches happen routinely would be an understatement. We’re hit almost weekly with news about attacks crippling entire fuel pipelines, exposing government and largest-enterprise networks to attackers, and personal information belonging to billions of people all around the world put up for sale on the dark web.
Experience Upgrade: SecurityTrails Product Redesign
Last week we announced the general release of SecurityTrails SQL. And today we’re excited to let you know that we’ve been working on improving the overall UX experience of many of our products with a new, unified design.
Intrusion Prevention Systems: Definition, Types, IDS vs. IPS
Every organization with a cybersecurity strategy has the goal of stopping cyber threats before they become real attacks and cause damage. Because of this, most cybersecurity strategies have turned to more proactive approaches, rather than relying only on reactive security measures.
Best Cybercrime Investigation and Digital Forensics Courses and Certifications
Cyber criminals target networks in the private and public sector every day, and their threat is growing. Cyber attacks are becoming more common, more menacing, and in the public sector, can compromise public services and put sensitive data at risk. It happens all the time in the private sector too: companies are attacked for trade secrets, customer information and other confidential details. Individuals aren’t spared either and are falling victim to identity theft, fraud and various other types of cybercrime.
Announcing SecurityTrails SQL: a Completely New Way to Access SecurityTrails Data
Over the past few months, we’ve been perfecting our new SQL-like query language, one that will allow security teams to perform massive intelligence collection as well as automate their findings. Today, we’re excited to announce the general release of this powerful new product: SecurityTrails SQL.
Blast Radius: Mapping, Controlling, and Exploiting Dynamic Self-Registration Services
Vendors such as Datto, GeoVision, Synology and others leverage and depend on self-registered services for their products. These devices frequently leak critical data or have insecure design, unintentional or even intentional design decisions and application flaws. Through insecure network design and installation practices, they can be easily mapped, discovered and attacked by cyber criminals via insecure vendor, software and integrator practices.
Blast Radius: Misconfigured Kubernetes
Recognized as a leader in the container market, Kubernetes is an open source microservices cluster manager used by millions of companies worldwide. Bolstering its popularity is its considerable ability in managing container workloads, as it allows for the easy deployment of numerous servers with appropriate scaling as they grow.
From Chokeslams To Pwnage: Phillip Wylie Shares His Journey From Pro Wrestling To Offensive Security
Cybersecurity is a lucrative career, but knowing which path to follow to break into the industry can be daunting for fresh graduates, enthusiasts, and those switching careers.
Blast Radius: DNS Takeovers
Subdomain takeover remains a common vulnerability, and a destructive one at that. On one hand, there are types that practically don’t exist anymore, such as CNAME takeovers—while there are still plenty of hanging DNS records, PoC creation is nearly impossible due to restrictions put in place by major cloud providers (mainly AWS).
How I Lost the SecurityTrails #ReconMaster Contest, and How You Can Win: Edge-Case Recon Ideas
A while back, SecurityTrails announced that they would be running a contest dubbed “Recon Master”—the aim of which is to find hostnames that resolve to an IPv4 address that haven’t already been found by SecurityTrails. As it had been a while since I flexed my recon muscles, that sounded very interesting to me. These days, the majority of my asset discovery phase is spent literally just using SecurityTrails, so this would force me to think outside of the box and stop being so lazy.