SecurityTrails Blog

From Chokeslams To Pwnage: Phillip Wylie Shares His Journey From Pro Wrestling To Offensive Security
Cybersecurity is a lucrative career, but knowing which path to follow to break into the industry can be daunting for fresh graduates, enthusiasts, and those switching careers.

Blast Radius: DNS Takeovers
Subdomain takeover remains a common vulnerability, and a destructive one at that. On one hand, there are types that practically don't exist anymore, such as CNAME takeovers—while there are still plenty of hanging DNS records, PoC creation is nearly impossible due to restrictions put in place by major cloud providers (mainly AWS).

How I Lost the SecurityTrails #ReconMaster Contest, and How You Can Win: Edge-Case Recon Ideas
A while back, SecurityTrails announced that they would be running a contest dubbed "Recon Master"—the aim of which is to find hostnames that resolve to an IPv4 address that haven't already been found by SecurityTrails.

Blast Radius: Apache Airflow Vulnerabilities
Apache Airflow is an open-source workflow management platform that started at Airbnb in 2014 as a solution to manage complex workflows. It allows organizations to programmatically author, schedule and monitor their workflows over their web-based interfaces that are connected to internet databases and many other systems.

AssetFinder: A Handy Subdomain and Domain Discovery Tool
IP and DNS intelligence gathering has become a critical part of any organization's cybersecurity outlook.

Intrusion Detection Systems: Types, Detection Methods and Challenges
For years now, network security has been one of the main investments organizations of all sizes make to protect their networks, users and data.

IP Discovery: How to Create a Full IP Map of Your Organization
IP intelligence involves information gathering on the IP addresses used to provide access to web applications and web services within an organization.

#ProTips: Catching Bugs with Adrien Jeanneau
Despite the growing myriad of bug bounty platforms, accessible resources for beginners as well as those looking to further their skills and enhance their toolstacks, and the considerable strength of its online community, bug bounty hunting still remains a challenge for many.

JA3 Fingerprinting: Functionality, Pitfalls, and Future Outlook
With challenges as complex as the myriad of technologies involved, the need for accurate representation regarding all things cyber remains an elusive endeavour.

Introducing the new OWASP Amass Information Sharing Feature: a Big Community Effort to Share Accurate Domain and Subdomain data, for everyone
A while ago, we wrote about the fantastic OWASP Amass tool, and as we believe in the open source movement as the primary fuel of the Internet, Jeff Foley has since become one of our sponsored open-source developers.