How I Lost the SecurityTrails #ReconMaster Contest, and How You Can Win: Edge-Case Recon Ideas
A while back, SecurityTrails announced that they would be running a contest dubbed “Recon Master”—the aim of which is to find hostnames that resolve to an IPv4 address that haven’t already been found by SecurityTrails. As it had been a while since I flexed my recon muscles, that sounded very interesting to me. These days, the majority of my asset discovery phase is spent literally just using SecurityTrails, so this would force me to think outside of the box and stop being so lazy.
Blast Radius: Apache Airflow Vulnerabilities
Apache Airflow is an open-source workflow management platform that started at Airbnb in 2014 as a solution to manage complex workflows. It allows organizations to programmatically author, schedule and monitor their workflows over their web-based interfaces that are connected to internet databases and many other systems.
AssetFinder: A Handy Subdomain and Domain Discovery Tool
IP and DNS intelligence gathering has become a critical part of any organization’s cybersecurity outlook.
Intrusion Detection Systems: Types, Detection Methods and Challenges
For years now, network security has been one of the main investments organizations of all sizes make to protect their networks, users and data.
IP Discovery: How to Create a Full IP Map of Your Organization
IP intelligence involves information gathering on the IP addresses used to provide access to web applications and web services within an organization.
#ProTips: Catching Bugs with Adrien Jeanneau
Despite the growing myriad of bug bounty platforms, accessible resources for beginners as well as those looking to further their skills and enhance their toolstacks, and the considerable strength of its online community, bug bounty hunting still remains a challenge for many. As we’ve said before, bug bounty hunting is both an art and a science—it’s about taking the road less traveled when it comes to vulnerability searching strategies.
JA3 Fingerprinting: Functionality, Pitfalls, and Future Outlook
With challenges as complex as the myriad of technologies involved, the need for accurate representation regarding all things cyber remains an elusive endeavour.
Introducing the new OWASP Amass Information Sharing Feature: a Big Community Effort to Share Accurate Domain and Subdomain data, for everyone
A while ago, we wrote about the fantastic OWASP Amass tool, and as we believe in the open source movement as the primary fuel of the Internet, Jeff Foley has since become one of our sponsored open-source developers.
SecurityTrails as a Threat Intelligence Platform
The number of cyberattacks is increasing rapidly, leading to significant losses in businesses’ revenue and reputation. According to Cyber Security Ventures, the global cost of cybercrime is projected to reach USD 10.05 trillion by 2025 annually.