SecurityTrails Blog
Best Cybercrime Investigation and Digital Forensics Courses and Certifications
Cyber criminals target networks in the private and public sector every day, and their threat is growing. Cyber attacks are becoming more common, more menacing, and in the public sector, can compromise public services and put sensitive data at risk. It happens all the time in the private sector too: companies are attacked for trade secrets, customer information and other confidential details. Individuals aren’t spared either and are falling victim to identity theft, fraud and various other types of cybercrime.
Announcing SecurityTrails SQL: a Completely New Way to Access SecurityTrails Data
Over the past few months, we’ve been perfecting our new SQL-like query language, one that will allow security teams to perform massive intelligence collection as well as automate their findings. Today, we’re excited to announce the general release of this powerful new product: SecurityTrails SQL.
Blast Radius: Mapping, Controlling, and Exploiting Dynamic Self-Registration Services
Vendors such as Datto, GeoVision, Synology and others leverage and depend on self-registered services for their products. These devices frequently leak critical data or have insecure design, unintentional or even intentional design decisions and application flaws. Through insecure network design and installation practices, they can be easily mapped, discovered and attacked by cyber criminals via insecure vendor, software and integrator practices.
Top 30+ Most Popular Red Team Tools
Organizations are having a hard time detecting new tactics and techniques employed by cyber criminals looking to breach their defenses. The only sure way to thwart possible cyber threats is to discover any unknown weaknesses and vulnerabilities in the systems and existing defenses. And what better way to do this than to rely on expertise of red and blue teams, and even adopting a security methodology of a purple team.
Blast Radius: Misconfigured Kubernetes
Recognized as a leader in the container market, Kubernetes is an open source microservices cluster manager used by millions of companies worldwide. Bolstering its popularity is its considerable ability in managing container workloads, as it allows for the easy deployment of numerous servers with appropriate scaling as they grow.
From Chokeslams To Pwnage: Phillip Wylie Shares His Journey From Pro Wrestling To Offensive Security
Cybersecurity is a lucrative career, but knowing which path to follow to break into the industry can be daunting for fresh graduates, enthusiasts, and those switching careers.
Blast Radius: DNS Takeovers
Subdomain takeover remains a common vulnerability, and a destructive one at that. On one hand, there are types that practically don’t exist anymore, such as CNAME takeovers—while there are still plenty of hanging DNS records, PoC creation is nearly impossible due to restrictions put in place by major cloud providers (mainly AWS).
How I Lost the SecurityTrails #ReconMaster Contest, and How You Can Win: Edge-Case Recon Ideas
A while back, SecurityTrails announced that they would be running a contest dubbed “Recon Master”—the aim of which is to find hostnames that resolve to an IPv4 address that haven’t already been found by SecurityTrails. As it had been a while since I flexed my recon muscles, that sounded very interesting to me. These days, the majority of my asset discovery phase is spent literally just using SecurityTrails, so this would force me to think outside of the box and stop being so lazy.
Blast Radius: Apache Airflow Vulnerabilities
Apache Airflow is an open-source workflow management platform that started at Airbnb in 2014 as a solution to manage complex workflows. It allows organizations to programmatically author, schedule and monitor their workflows over their web-based interfaces that are connected to internet databases and many other systems.
AssetFinder: A Handy Subdomain and Domain Discovery Tool
IP and DNS intelligence gathering has become a critical part of any organization’s cybersecurity outlook.
