SecurityTrails Blog
Exploring Google Hacking Techniques
Some time ago we wrote an interesting post about the OSINT concept and its importance in the security researching world, showing how easy it is to get information from publicly available sources on the Internet. Last week one of our developers shared an interesting link he found — one that was exposing many supposedly “private” resources from different websites.
Domain Theft: How to Avoid Buying Stolen Domain Names and Protect Your Own Domains
Previously we shared some interesting tips about domain hijacking, where we discussed a few concepts, information and tips to prevent this kind of malicious activity against your domain names. Domain stealing, also known as domain theft, is a common criminal activity on the Internet. It consists in transferring your domain name illegally to another registrar, without you knowing about it.
Making the Web a Better Place: Fixing Caddy Web Server Hostname Enumeration Vulnerability (CVE-2018-19148)
TL;DR The web server software Caddy leaked information on which SSL certificates were on each installation through enumeration. We submitted a bug report, built a proof of concept, submitted a CVE and the developer of Caddy Matt Holt fixed it and released Caddy 0.11.1.
Top 10 Common Network Security Threats Explained
The old childhood warning “Stranger danger!” has withstood the test of time even in our modern, developed world. Now that most of our daily procedures and activities are automatized and available for use on the Internet, we need to take the same level of precaution we did as children, crossing to the other side of the street whenever we saw a suspicious stranger. This precaution is needed even more after seeing some critical statistics surface, claiming that nearly one-third of the world’s computers are infected with some type of malware.
Is WordPress Secure?
WordPress is one of the most high-profile open source CMS's in use today. Being that 60% of all CMS websites use Wordpress, and 31% of all websites on the Internet use it, it's safe to say that it's a frequent target of security exploits.
Top 15 Ethical Hacking Tools Used by Infosec Professionals
Automated tools now rule the Internet; you can find a few to make your social networks grow, others to answer emails automatically, and even bots to help your online customers. Of course, hacking has evolved too: nowadays you can find a lot of automated OSINT Tools that can help anyone with security research and intel reconnaissance in a way that just wasn’t possible twenty years ago.