Blog Home

SecurityTrails Blog

Best Cybercrime Investigation and Digital Forensics Courses and Certifications.
SecurityTrails Blog · Aug 31 2021 · by Sara Jelen

Best Cybercrime Investigation and Digital Forensics Courses and Certifications

Cyber criminals target networks in the private and public sector every day, and their threat is growing. Cyber attacks are becoming more common, more menacing, and in the public sector, can compromise public services and put sensitive data at risk. It happens all the time in the private sector too: companies are attacked for trade secrets, customer information and other confidential details. Individuals aren’t spared either and are falling victim to identity theft, fraud and various other types of cybercrime.

Announcing SecurityTrails SQL: a Completely New Way to Access SecurityTrails Data.
SecurityTrails Blog · Aug 25 2021 · by Sara Jelen,

Announcing SecurityTrails SQL: a Completely New Way to Access SecurityTrails Data

Over the past few months, we’ve been perfecting our new SQL-like query language, one that will allow security teams to perform massive intelligence collection as well as automate their findings. Today, we’re excited to announce the general release of this powerful new product: SecurityTrails SQL.

Blast Radius: Mapping, Controlling, and Exploiting Dynamic Self-Registration Services.
SecurityTrails Blog · Aug 24 2021 · by Ken Pyle

Blast Radius: Mapping, Controlling, and Exploiting Dynamic Self-Registration Services

Vendors such as Datto, GeoVision, Synology and others leverage and depend on self-registered services for their products. These devices frequently leak critical data or have insecure design, unintentional or even intentional design decisions and application flaws. Through insecure network design and installation practices, they can be easily mapped, discovered and attacked by cyber criminals via insecure vendor, software and integrator practices.

Top 30+ Most Popular Red Team Tools.
SecurityTrails Blog · Last updated on Oct 14 2021 · by Sara Jelen

Top 30+ Most Popular Red Team Tools

Organizations are having a hard time detecting new tactics and techniques employed by cyber criminals looking to breach their defenses. The only sure way to thwart possible cyber threats is to discover any unknown weaknesses and vulnerabilities in the systems and existing defenses. And what better way to do this than to rely on expertise of red and blue teams, and even adopting a security methodology of a purple team.

Blast Radius: Misconfigured Kubernetes.
SecurityTrails Blog · Aug 17 2021 · by Robert Wiggins

Blast Radius: Misconfigured Kubernetes

Recognized as a leader in the container market, Kubernetes is an open source microservices cluster manager used by millions of companies worldwide. Bolstering its popularity is its considerable ability in managing container workloads, as it allows for the easy deployment of numerous servers with appropriate scaling as they grow.

Blast Radius: DNS Takeovers.
SecurityTrails Blog · Aug 03 2021 · by Patrik Hudák

Blast Radius: DNS Takeovers

Subdomain takeover remains a common vulnerability, and a destructive one at that. On one hand, there are types that practically don’t exist anymore, such as CNAME takeovers—while there are still plenty of hanging DNS records, PoC creation is nearly impossible due to restrictions put in place by major cloud providers (mainly AWS).

How I Lost the SecurityTrails #ReconMaster Contest, and How You Can Win: Edge-Case Recon Ideas.
SecurityTrails Blog · Jul 29 2021 · by Luke Stephens

How I Lost the SecurityTrails #ReconMaster Contest, and How You Can Win: Edge-Case Recon Ideas

A while back, SecurityTrails announced that they would be running a contest dubbed “Recon Master”—the aim of which is to find hostnames that resolve to an IPv4 address that haven’t already been found by SecurityTrails. As it had been a while since I flexed my recon muscles, that sounded very interesting to me. These days, the majority of my asset discovery phase is spent literally just using SecurityTrails, so this would force me to think outside of the box and stop being so lazy.

Blast Radius: Apache Airflow Vulnerabilities.
SecurityTrails Blog · Jul 27 2021 · by Ian Carroll

Blast Radius: Apache Airflow Vulnerabilities

Apache Airflow is an open-source workflow management platform that started at Airbnb in 2014 as a solution to manage complex workflows. It allows organizations to programmatically author, schedule and monitor their workflows over their web-based interfaces that are connected to internet databases and many other systems.

X