We just published a Blog post on our GitHub Forensics CTF challenge that was part of Ekoparty's main CTF track.?The Post covers a detailed walk through on how to obtain the flag by leveraging GitHub's REST APIs and then shows how to do the same using Gitxray: https://lnkd.in/dNEgtPAw Kudos to?Daniel Correa from?NullLife and?Ekoparty for organizing the main CTF track and giving us the opportunity to contribute. More to come as we are also in the process of documenting and sharing our walkthrough for the "Map the Flag" challenge that we contributed to the Web category.
关于我们
Kulkan Security - Creative minds breaking your Apps. Our team of security experts will plan and execute controlled attacks and partner up with you in an effort to identify, mitigate and remediate security vulnerabilities.
- 网站
-
https://www.kulkan.com
Kulkan Security的外部链接
- 所属行业
- 计算机和网络安全
- 规模
- 11-50 人
- 总部
- Houston,TX
- 类型
- 私人持股
- 创立
- 2011
- 领域
- Software Security Assessments、Network Penetration Testing、Penetration Testing、Web Application Security Testing和Mobile Application Security Testing
地点
-
主要
US,TX,Houston,1425
Kulkan Security员工
动态
-
Ekoparty rocked! Our team participated in multiple activities and CTFs and even claimed prizes; shout outs to Matias Forti for going on stage and for his write-up on Saiko's hardware badge, below. More posts and writeups from the team to come, stay stuned!
I had an amazing time at this year’s Ekoparty ! ?? Thrilled to have finished in the top 3 in two different CTFs, earning some great prizes along the way. I also had the opportunity to participate in SaikoCTF, where I completed the the hardware badge challenges and wrote a detailed write-up. If you’re curious, you can check it out here: https://lnkd.in/dsNgyS6P It’s always inspiring to learn, compete, and connect with such a vibrant community.
-
We're interviewing at Ekoparty 's Speed Interviews! Friday is the last day; come take a sit, and have a chat if you're around.
-
We're participating in Ekoparty's Security Conference this year in multiple ways! ?? We've created 2 CTF challenges for the main CTF; look them up under Web and Forensics once they become available at ctf.ekoparty.org! ???? We'll be present at the "Speed Interviews" session every day, interviewing potential candidates for a couple of hours. ?? We're once again Sponsors, and this year we're all attending all three (3) days of the event, in alignment to our Vision. See you there? ?? ??
Cybersecurity is my passion | Contratamos talento para democratizar el comercio, el dinero y los pagos en Latam
?? Get ready for one more exciting challenge this year! ?? We’re thrilled to bring you a new edition of our Capture the Flag (Main CTF) competition as part of Ekoparty 2024. It’s the perfect opportunity to dive into easy and complex challenges, showcase your hacking skills, and have a great time with the community. We want to give a special shout-out to the Ekoparty team for supporting us and making this event possible for a whole decade! Leonardo Pig?er Federico Kirschbaum Francisco Müller Amato ?? ?? When: nov 13th 13:00 GMT - nov 15th 19:00 GMT ?? Where: https://ctf.ekoparty.org ?? Prizes: 2k usd distributed for Top 3 Bring your best game and join us for this epic experience! #CTF #Ekoparty #Cybersecurity
-
Gitxray now creates HTML reports ?? for easier navigation of results. How cool is this?! ?? Plus results are processed in a way to help you get ALL contributor results for a category in one click (eg. Listing all information disclosures via PGP Keys), and it highlights in Yellow the items that Gitxray thinks may benefit from your attention (e.g. Shared keys, potential fake accounts) - More at: https://lnkd.in/enjDUZ4z or www.gitxray.com - Haven't you tried running Gitxray on your GitHub repos or Organization yet? Super easy to deploy and run, it's in PyPi and now even in NixOS thanks to fabaff@gh.
-
One of the many ways we share knowledge is through Kulkan Talks, our internal, in-person space where the team presents research and shares ideas. Special thanks this Q3'24 to Matias Perez Fumega, Octavio Gorrini, Matias Forti, Lucas Cebrero Lell, Agustín Bender, Juan Martin Alba Harrington, Agustin Dendarys and Juan Francisco Tierno for your valuable research and contributions. ??
-
?? Gitxray v1.0.15 released. This release includes Enhanced Repository Name Search and Reputation Warnings to prevent confusion, Commit Time Analysis for deeper insights into contributor activity patterns, and the brand-new Workflows X-Ray Module for comprehensive monitoring and securing your GitHub workflows. Additionally, we've implemented significant User Experience Enhancements like progress displays and lifted caps for heavy queries to ensure a smoother and more responsive experience.
Gitxray v1.0.15
Kulkan Security,发布于领英
-
We’re excited to share that we've been recognized by Latio Tech as "a great pentesting shop specializing in hybrid environments"! ?? Thank you, James Berthoty, for adding us to the directory and for the recognition. We truly appreciate the support in showcasing what we love the most—breaking things! ??
Two major updates to the Latio Tech List this week, this is part 1! Version 1.17 is live, over 20 new vendor additions, changes below! - Added AiStrike to Boundary Breakers - Unique combo of SIEM + CSPM with LLMs layered throughout - Added NanoVMs to Boundary Breakers - A dope implementation of unikernels - I didn't know what these were - Added Security Runners to Boundary Breakers - Neat project to test cloud detection rules, with misconfigured resources deployed with Go - Added Dropzone AI to Boundary Breakers - Security analyst but with LLMs - Added Cloud-fence to Boundary Breakers - Too useable to be "just a CSPM", great focus on practioner needs with network and identity in the cloud, with network being a hugely overlooked area of the cloud - Added Chaser Systems to Boundary Breakers - Unique enforcement of network egress traffic via security groups and a virtual appliance - Added Kosli to Boundary Breakers - Granular attestation for files, which can be applied to a bunch of use cases - Added Vicarius to Remediation Platforms - A modern Tenable alternative - Added CodeShield to CSPM - Attack simulation (attack paths) focusing on identifying risky permissions - Added Aim Security to LLM - A fully featured LLM Security platform - Added Unbound Security (YC S24) to LLM - A browser plugin and proxy based approach for sanitization and visibility - Added AppSOC to LLM - More of an MLBOM approach to LLM security, focusing on the governance and risk of model choice - Added Phoenix Security | ASPM - Phoenix continues to grow in native and integration application vulnerability management - Added SOOS to ASPM, SCA, SAST, & Container - All in one code scanner - Added Codacy to ASPM - Code health and security, a la sonarcloud, with rich integration support - Added Start Left? Security to ASPM, SCA, IaC, SAST, and Container - All in one code scanner - Added Uptycs to CNAPP, ASPM, Container Runtime, - Most fully featured CNAPP, even though that creates usability bloat. Good K8s visibility - Added Kulkan Security to Pentesting - great pentesting shop specializing in hybrid environments - Added Deepflow to ADR - open source application tracing and profiling - Added Autonomous to Container Vulnerability - Evolution of Docker Slim for creating low profile images, better than other approaches?? - Added Oasis Security to Cloud Identity - Comprehensive non-human identity scanning and access graphs - Added Token Security to Cloud Identity - Identity scanner with some workload support, looking for identity configuration issues - Added Fortra to MDR - A surprisingly robust set of homegrown features - from ELK to WAF - to provide comprehensive mid market security coverage Added Aikido Security to API Security - The homies squeak into this category with their RASP and DAST - Added BalkanID to Corporate Identity - Platform for SaaS access management - from over-privileged detection to workflows View the changes here: https://list.latio.tech/
-
If you're getting started in offensive security, I've been in it since the mid-90s, here's some short and incomplete unsolicited advice (which likely applies to other fields) from this halfway dinosaur who's been interviewing and helping new generations for some time now.
Advice for newcomers to [offensive] Security
Lucas Lavarello,发布于领英
-
Gitxray v1.0.14 is out! The new version analyzes workflow runs and flags when a workflow/action is executed by non-contributors. It also parses through all comments in Commits, Issues and PRs and informs whenever a comment is updated a day after having been created. Also included, parsing of Reactions (+1, -1, laugh, eyes, etc) - And a lot more described in the ChangeLog at: https://lnkd.in/dAegsuFy Update via PyPi easily with: pip install gitxray --upgrade Run a full verbose X-Ray to your org today with: gitxray -o https://lnkd.in/dmQiteEW -v
gitxray/CHANGELOG.md at main · kulkansecurity/gitxray
github.com