Kulkan Security

💡 Start validating your infrastructure with the latest industry standards. Check out the full technical breakdown and the open-source tool by Serafin Cepeda here: blog.kulkan.com/mxchecksec-val…

The tool provides human-readable output with actionable recommendations. It also provides recommendations for domains not actively used for email; a critical blind spot that leaves organizations open to impersonation attacks. 🥷 Ready to ensure your domains are properly configured? 👇

Email security is often a "set and forget" task until a security incident takes place. 🛡️📧 Serafin Cepeda has developed MxCheckSec to simplify the validation of SPF, DKIM, and DMARC records to ensure a secure email setup. How does it work? 👇🧵

💡 The research focuses on how AitM attacks work, how Evilginx tries to stay hidden, and how we can detect and disrupt these campaigns in the wild. 👉 Read the full article here: blog.kulkan.com/see-no-evil-gi…

🥷 Adversary-in-the-Middle (AitM) attacks proxy traffic between a victim and a service, capturing credentials & session tokens in real-time. Unlike traditional phishing, AitM bypasses MFA by proxying the entire authentication flow. So, is it possible to detect this? 👇

📝 New blog: Matias Forti dives into Evilginx, a popular reverse proxy phishing toolkit. It functions as a transparent HTTP proxy, intercepting and relaying traffic between a victim and a legitimate site using "Phishlets" to tailor campaigns. But, why is this critical? 👇🧵

Ready to run Cisco’s latest security model on your own hardware? 🚀 💡 Check out the full technical breakdown and the DIY guide to running Foundation-sec-8B-Reasoning in Ollama here: blog.kulkan.com/how-to-run-cis…

Using a sandboxed Docker approach, we guide you through the conversion and quantization process, followed by a custom Modelfile, trying our best to ensure the correct parameters are applied to keep the model's "chain of thought" logic intact. Learn how to achieve this. 👇

Cisco just released Foundation-sec-8B-Reasoning: a model that "thinks" through a multi-step process before answering. 🧠🛡️ Want to run it locally with Ollama but can’t find an official version in their Library? We've published a practical guide on how to do it. 👇

💡 Serafin explains how MxCheckSec parses these records as a receiving server would, identifying security risks like weak keys, missing policies, or unprotected domains. 👉 Read the full article: blog.kulkan.com/mxchecksec-val…

📝 New Blog: Serafin Cepeda introduces MxCheckSec, a tool designed to simplify the validation of SPF, DKIM, and DMARC records for secure email setup. These mechanisms can be complex to configure, leaving domains vulnerable to impersonation attacks. Learn more. 👇

💡 Gitxray 1.0.20 also extracts emails from “Co-authored-by” trailers in commit messages and cross-references them across accounts, helping uncover hidden relationships between contributors. 👉 Read the article to discover all updates: blog.kulkan.com/gitxray-v1-0-2…

📝 New blog post: We've released Gitxray 1.0.20! This release adds timezone inference based on disclosed profile location, then compares it with commit days and hours to surface suspicious timing patterns and flag automated/bot-like activity. Keep reading to learn more. 👇

💡 A hands-on article that explores polyglot files and risky scenarios; and sample use cases for tools like Mitra and ExifTool that can be used to create and test them in practice. 👉 blog.kulkan.com/a-hands-on-int…

📝 New Blog Post: Felipe Raczkowski introduces polyglot files and explains why they remain a powerful vehicle for identifying and exploiting vulnerabilities. Learn how these files, when interpreted differently, can help bypass upload controls and trigger unexpected behavior. 👇

💡 Moreover, discover how SSRF, IDOR, injection and more risks appear across MCP implementations and how they can be tested using MCP Inspector and NCC’s HTTP Bridge. 👉 blog.kulkan.com/assessing-the-…

📝 New blog: Matias Forti examines the attack surface of remote MCP servers. 💡 Explore how MCP servers expand the attack surface across prompts, resources, and tools, and how to test them with MCP Inspector and NCC’s HTTP Bridge. 👉 blog.kulkan.com/assessing-the-…

💡 The following article includes a hands-on walkthrough showing how to exploit and prevent CSPT attacks, with practical mitigation strategies for both frontend and backend. 👉 blog.kulkan.com/client-side-pa…

📝 New blog: @_czx_0 explores Client-Side Path Traversal attacks and how they resurrect CSRF in JWT-based apps. Attackers manipulate frontend routing to trick the app into sending authenticated requests to unintended endpoints. How does it work and how to mitigate it? 👇