SecurityTrails Blog
Insider Threats in Cybersecurity: The Enemy Comes From Within
People, process, and technology are the pillars of cybersecurity. And while people are every organization’s best asset, they are also its biggest weakness. Security technology continuously evolves to counter emerging security threats and new techniques, but there is one threat that can’t be thwarted by merely employing new tools and processes. The biggest security threats of today are not the result of malicious attackers, advanced persistent threats, or malware. They come from within.
Recon-ng: An Open Source Reconnaissance Tool
The OSINT tools arsenal is now filled with more pieces of code that help “get things done” better, faster and more effectively than ever before. And Recon-ng, with its modular design, brings you a familiar way to operate a command line while its similar syntax to the Metasploit framework allows you to mount different purpose modules and configure them independently.
What is Security Orchestration? Where Can it Help, its Benefits and What is SOAR
When looking at any security team, one thing you might notice is that there is a tool for everything. And we do mean everything: ticketing, threat intelligence, security investigations, malware analysis, detection, incident response, advanced persistent threats, security monitoring… the list goes on.
Subfinder: A Practical Subdomain Exploration Tool
In one of our previous posts about information gathering, we covered the basics on how to get the right intel information about any organization, and that of course includes DNS intelligence.
What is Hacktivism? Civil Disobedience, Cyberterrorism, or Something Else?
There are different motivations behind hackers’ actions. They can be stirred by anything from monetary gain to bragging rights to boredom (‘because they can’). But frequently, the driving force behind breaking into systems, stealing information and disrupting services is to demonstrate civil disobedience.
DNS Privacy: Minimizing end-to-end Exposure
The Domain Name System (DNS) is one of the most important services running behind the scenes that allows the Internet to work effectively every day. Also, it’s one of the most forgotten and abused which was covered previously in the “DNS attacks” article. Today we’ll address some of the ins and outs of its inner workings and review some helpful resources that will help minimize the chances of traffic sniffing (password leaking anyone?).
Zero Trust Model: What’s a Zero Trust Network in Cyber Security?
We often highlight an important philosophy, a particular mindset that should be taken when dealing with security. Organizations shouldn’t sit around wondering whether or not they’ll fall victim to a cyber attack or data breach. Instead, it’s important to actually anticipate one. Don’t ponder the “if” but ask yourself “when.”
IVRE: A Versatile Network Reconnaissance Framework
Being an infosec researcher requires more than just installing Kali Linux and watching a few YouTube tutorials. Being able to navigate the hundreds of tools available at your fingertips and knowing which tool is best for the job requires a good amount of self-learning or, at the very least, finding in-depth reviews to help you figure things out.
Security Automation: Definition, Benefits, Best Practices and Tools
Even if some people believe that robots and automation will replace the entire workforce and machines will do everything for us, the truth is that automation helps us to be more productive and work more efficiently. It relieves us from the most tedious and monotonous tasks in our daily work and lives.
Gophish: An Open-Source Phishing Framework
If you or any friend, family member, or acquaintance has ever used an email account, chances are that at some point, they’ve received a phishing email. And while during the early stages of the internet, such deception usually looked so fake and misaligned that you could spot it right away as an attempt to mislead you, this isn’t so true anymore.