Kulkan Security

We’re #hiring a new Security Consultant based in Buenos Aires. Apply today or share this post with your network ????.

Gitxray v1.0.17.2 is out with enhancements to the HTML report. A new Highlights section at the beginning of the report groups any findings flagged by Gitxray as "WARNING" which may belong to a repository or its contributors. These highlighted findings can include remarks around tampered commits, dangerous workflows, similar repositories sharing the same name, fake or suspicious accounts sharing PGP keys, and more! Install it via pypi: pip3 install gitxray --upgrade or clone it from https://lnkd.in/dR-PfrF8

In our latest blog post, Nahuel D. Sánchez and Ignacio Molina share their writeups for three of Ekoparty 2024's main CTF track challenges, starting with patching a NES game and then moving to cmd injection and double encoding techniques to get flags. Blog post is available at ?? https://lnkd.in/daZxs7ry Have a fun read!

?????????????? - Extracts data from GitHub using REST APIs - Useful for OSINT investigators, forensic examiners and pentesters." ???????? GitXray automates the extraction of critical data from GitHub repositories, uncovering hidden insights for in-depth security assessments, OSINT, forensics, and pentesting. ? https://lnkd.in/gArCV_hm #OWASP #Cybersecurity #BugBounty #HackerOne #Bugcrowd #Intigriti #Pentest #Hacking #Pethuraj #RedTeam #BugBountyTips #BurpSuite #EthicalHacking #InfoSec #InformationSecurity #Pentesting #APIsecurity #NucleiTemplates #CISA #OSINT #Forensics #GitHub

Recently came across a very useful tool called Gitxray for identifying fake contributors, PR rejections to merge malicious code, fake starring of repositories. All of these are very crucial as modern attacks involve registration of fake packages in popular package management platforms. This is made worse when attackers carefully curate the names of the packages to resemble ones hallucinated by Generative AI tools. Using this awesome tool released by Kulkan Security, we can now be safely scanning these repositories for fake starring, private repos suddenly going public, looking out for malicious releases, and anonymous contributors. Thanks to Clint Gibler for throwing light on this tool. I wanted to share it here so that we can all take advantage of this amazing tool and add it as one more tool in our security defense arsenal.

TL;DR issue 262 is out, and our beloved Gitxray is featured in the AppSec category. Subscribe to TL;DR for a curated weekly Security feed at https://tldrsec.com/ - Find out more about Gitxray at https://www.gitxray.com/ - Cheers to Clint Gibler for the mention.

I learned that leaving your computer unlocked can cost you some croissants... and an unforgettable lesson in cyber-security. ???? What better way to apply the attacker mindset than starting with your own mistakes? (Click the image to read the full article...)

Gitxray is now available in multiple Playbooks in Satori. Satori CI performs automated testing of software & systems. Static and dynamic tests can be run on demand, with a certain frequency or when pushing new code on CI. Explore Satori and create Git X-Rays of your repositories automatically! https://lnkd.in/dEZXZt7R https://lnkd.in/dCXPUQxw https://lnkd.in/dC-bAFTD

In our latest blog post, Lucas Cebrero Lell and Matias Forti share the solution to their Nmap-based CTF challenge, Map the Flag, and highlight some of the creative approaches players used to solve it. Created for Ekoparty 2024’s main CTF track, the challenge focused on exploiting a call to Nmap to achieve remote command execution (RCE) and grab the flag. Try it out yourself! The challenge is available on our GitHub: https://lnkd.in/dMVxfZFD Blog post at ?? https://lnkd.in/dB5SqDMT #ctf #ekoparty #challenge

Farewell to 2024! Here's a snapshot of our year: ? 33% YoY Revenue Growth – A milestone we're very proud of! ?? Welcomed 14 amazing new clients – We're thrilled to help them grow while staying secure. ?? 15+ CTF Competitions – Our team pushed boundaries, learned, and had fun along the way. ?? 18 Kulkan Talks Hosted in our Office – From penetration testing to research and soft skills, we’ve loved sharing knowledge with the community. ?? Security Conferences – We sponsored Ekoparty, attended BlackHat, Defcon and Ekoparty, and even added challenges to Ekoparty's main CTF track! Thank you for your trust and support ??. We'll continue striving to be a specialized offensive security firm that not only values its team but actively invests in their growth, ensuring alignment between what we say and what we do. 2025, we're ready for you! ??