We’re #hiring a new Security Consultant based in Buenos Aires. Apply today or share this post with your network ????.
关于我们
Kulkan Security - Creative minds breaking your Apps. Our team of security experts will plan and execute controlled attacks and partner up with you in an effort to identify, mitigate and remediate security vulnerabilities.
- 网站
-
https://www.kulkan.com
Kulkan Security的外部链接
- 所属行业
- 计算机和网络安全
- 规模
- 11-50 人
- 总部
- Houston,TX
- 类型
- 私人持股
- 创立
- 2011
- 领域
- Software Security Assessments、Network Penetration Testing、Penetration Testing、Web Application Security Testing和Mobile Application Security Testing
地点
-
主要
US,TX,Houston,1425
Kulkan Security员工
动态
-
Gitxray v1.0.17.2 is out with enhancements to the HTML report. A new Highlights section at the beginning of the report groups any findings flagged by Gitxray as "WARNING" which may belong to a repository or its contributors. These highlighted findings can include remarks around tampered commits, dangerous workflows, similar repositories sharing the same name, fake or suspicious accounts sharing PGP keys, and more! Install it via pypi: pip3 install gitxray --upgrade or clone it from https://lnkd.in/dR-PfrF8
-
-
In our latest blog post, Nahuel D. Sánchez and Ignacio Molina share their writeups for three of Ekoparty 2024's main CTF track challenges, starting with patching a NES game and then moving to cmd injection and double encoding techniques to get flags. Blog post is available at ?? https://lnkd.in/daZxs7ry Have a fun read!
-
?????????????? - Extracts data from GitHub using REST APIs - Useful for OSINT investigators, forensic examiners and pentesters." ???????? GitXray automates the extraction of critical data from GitHub repositories, uncovering hidden insights for in-depth security assessments, OSINT, forensics, and pentesting. ? https://lnkd.in/gArCV_hm #OWASP #Cybersecurity #BugBounty #HackerOne #Bugcrowd #Intigriti #Pentest #Hacking #Pethuraj #RedTeam #BugBountyTips #BurpSuite #EthicalHacking #InfoSec #InformationSecurity #Pentesting #APIsecurity #NucleiTemplates #CISA #OSINT #Forensics #GitHub
-
-
Recently came across a very useful tool called Gitxray for identifying fake contributors, PR rejections to merge malicious code, fake starring of repositories. All of these are very crucial as modern attacks involve registration of fake packages in popular package management platforms. This is made worse when attackers carefully curate the names of the packages to resemble ones hallucinated by Generative AI tools. Using this awesome tool released by Kulkan Security, we can now be safely scanning these repositories for fake starring, private repos suddenly going public, looking out for malicious releases, and anonymous contributors. Thanks to Clint Gibler for throwing light on this tool. I wanted to share it here so that we can all take advantage of this amazing tool and add it as one more tool in our security defense arsenal.
-
TL;DR issue 262 is out, and our beloved Gitxray is featured in the AppSec category. Subscribe to TL;DR for a curated weekly Security feed at https://tldrsec.com/ - Find out more about Gitxray at https://www.gitxray.com/ - Cheers to Clint Gibler for the mention.
?? tl;dr sec 262 - Red Teaming AI AWS Org Policies Deep Dive Anti-EDR Compendium ? Highlights ???? AppSec ???? - Repo of Intigriti's CTF challenges - Gitxray: a security X-Ray for GitHub repositories - Lucas Lavarello - Vigilante Justice on GitHub - Dylan Ayrey - Unsafe Archive Unpacking: Labs and Semgrep Rules - Michael J. Pastor ? Cloud Security ? - iam-simulate - Cloud Pilot - Fast Unauthenticated Role Scanning - Ryan G. - The Security Canary Maturity Model - Rami McCarthy - Deep Dive - AWS Organization Policies - Naman Sogani ? Supply Chain ? - 2024 CVE Data Review - Jerry Gamblin - OSV's 2024 year in review - PyPI's Project Quarantine - Mike Fiedler - Snyk security researcher deploys malicious NPM packages targeting Cursor.com - Paul McCarty ?? Blue Team ?? - 100 days of YARA 2024 - YARAVM - extract YARA rules from a binary format - Summiting the Pyramid: Bring the Pain with Robust and Accurate Detection - Michaela Adams, Roman Daszczyszak, Steve Luke - How Google Does It: Modernizing threat detection - Anton Chuvakin and Tim Nguyen ?? Red Team ?? - Sandbox environment for malware development and payload testing - Open source Cobalt Strike Beacon - The (Anti-)EDR Compendium - Dobin R. ?? AI + Security ?? - New course: Securing Generative AI on AWS - 3 takeaways from red teaming 100 genAI products - Blake Bullwinkel, Ram Shankar Siva Kumar - Two OpenAI whitepapers on red teaming AI https://lnkd.in/gtXCV6hh #cybersecurity #infosec #security #ciso #ai
-
Gitxray is now available in multiple Playbooks in Satori. Satori CI performs automated testing of software & systems. Static and dynamic tests can be run on demand, with a certain frequency or when pushing new code on CI. Explore Satori and create Git X-Rays of your repositories automatically! https://lnkd.in/dEZXZt7R https://lnkd.in/dCXPUQxw https://lnkd.in/dC-bAFTD
-
-
In our latest blog post, Lucas Cebrero Lell and Matias Forti share the solution to their Nmap-based CTF challenge, Map the Flag, and highlight some of the creative approaches players used to solve it. Created for Ekoparty 2024’s main CTF track, the challenge focused on exploiting a call to Nmap to achieve remote command execution (RCE) and grab the flag. Try it out yourself! The challenge is available on our GitHub: https://lnkd.in/dMVxfZFD Blog post at ?? https://lnkd.in/dB5SqDMT #ctf #ekoparty #challenge
-
Farewell to 2024! Here's a snapshot of our year: ? 33% YoY Revenue Growth – A milestone we're very proud of! ?? Welcomed 14 amazing new clients – We're thrilled to help them grow while staying secure. ?? 15+ CTF Competitions – Our team pushed boundaries, learned, and had fun along the way. ?? 18 Kulkan Talks Hosted in our Office – From penetration testing to research and soft skills, we’ve loved sharing knowledge with the community. ?? Security Conferences – We sponsored Ekoparty, attended BlackHat, Defcon and Ekoparty, and even added challenges to Ekoparty's main CTF track! Thank you for your trust and support ??. We'll continue striving to be a specialized offensive security firm that not only values its team but actively invests in their growth, ensuring alignment between what we say and what we do. 2025, we're ready for you! ??
-