Cybersecurity Tools - Reviews and Articles

It seems as if we encounter new security threats every day. Threats that turn into successful cyber attacks can have devastating consequences to organizations, including financial loss, compromised or destroyed data, reputational damage, and more. And with the escalating nature of security threats and risks, organizations are required to enforce the best strategies, infrastructure and controls to achieve the highest level of security possible.

Every organization needs the right security and infosec tools to monitor their networks, detect threats, assess risks, identify vulnerabilities, prevent unauthorized access, encrypt communication, etc. In the past few years we have been blessed with a booming expansion of security tools and solutions that help organizations address different security needs and perform various functions.

But even with the multitude of options available, it isn’t always about using the most tools, it’s about using the right ones — which involves knowing which tool is best for performing the task at hand. Recognizing the importance of security tools, and the skills needed to navigate them, we deliver blog posts that will help empower your security toolkits.

In this category you’ll find posts dedicated to a specific tool along with an in-depth review featuring a description of the tool and a look at its installation, pros, cons, and tests that showcase the tool in action. Additionally, we also provide posts that examine a collection of tools that serve a specific security task and purpose, such as those for red teams, blue teams, OSINT, and the like.

Axiom: A Distributed Hacking Framework for Pentesters and Red Teamers.
SecurityTrails Blog · Mar 04 · by Gianni Perez

Axiom: A Distributed Hacking Framework for Pentesters and Red Teamers

With the arrival of the concept known as dynamic cloud a few years ago, leaders in the computing and security industries immediately seized the opportunity. Not only did this new paradigm offer flexibility and scalability, its dynamic nature also entailed a more diverse portfolio of applications and similar consumables, readily available and masterfully presented as a single, coherent platform. To security practitioners, and to penetration testers in specific, this newfound agility forever transformed the traditional in-house penetration-testing ecosystem into an entirely dynamic framework.

JARM: A Solid Fingerprinting Tool for Detecting Malicious Servers.
SecurityTrails Blog · Dec 23 2020 · by Gianni Perez

JARM: A Solid Fingerprinting Tool for Detecting Malicious Servers

The literature on defensive security unanimously recognizes one fact: every so often, a tool comes out that provides blue teamers with an important advantage over their adversaries. This ever-elusive quest features essential requirements and commonalities, such as the ability to proactively seek and detect malicious hosts, or the capacity to swiftly respond to targeted network threats. And with a sharp rise in the number of incidents involving some form of malware or command and control (C2) activity resulting in data theft, vendors are in a tight race to gain their customers’ trust—by leveraging newer alternatives to legacy solutions amidst shrinking budgets.

OpenVAS/GVM: An Open Source Vulnerability Scanning and Management System.
SecurityTrails Blog · Nov 19 2020 · by Esteban Borges

OpenVAS/GVM: An Open Source Vulnerability Scanning and Management System

Vulnerability scanning is one of the foundations of standard enterprise security. An enterprise with a good security posture will have: a firewall, some type of asset-mapping, a vulnerability scanner and possibly even a security team that does some type of pentesting. Keep in mind that the list above is not exhaustive, but the rudimentary outline of an enterprise with a few good security measures in place.