Showcase

Here are some samples of blogs that we've written for our customers.

5 Python Libraries for Automating OSINT Operations

Python is a pretty common choice for a lot of security specialists developing tooling due to its elegant syntax and a huge library of handy modules, packages, and libraries. Its interpreted nature means it’s flexible, has dynamic typing, easy to debug, and cross-platform.

Discovering the Infrastructure of an iCloud Phishing Scam

In a lot of major cities in the world, pickpocketing and phone-snatch robberies are very common. Modern smartphones are expensive and easy to sell, and it makes them better targets than wallets that often contain no cash. There’s a reassuring catch to this malicious activity however

Blog

Intel 471 empowers cybersecurity teams worldwide to be proactive with its TITAN platform and comprehensive coverage into the criminal underground.

Using SpiderFoot to Investigate a Public Bug Bounty Program

My name is Jude, I’m a Security Analyst working with a Security Operations Center (SOC) team based in Australia. Outside of the usual SOC tasks (alert management, detection use cases), I work on specialist engagements around analyzing and understanding the external attack surface of companies using…

An OSINT Story: It’s late Friday evening…

Taking a little break from our regular OSINT-themed posts, we wanted to mix it up a little this time and talk about the power of OSINT through a little story, inspired by the amazing Stealing the Network volume of books.

Hacking Together an ASM Platform Using ProjectDiscovery Tools

Introduction In this article, we’re going to walk through hacking together a simple attack surface monitoring platform by using ProjectDiscovery tools, bash, and flask. We will also be using MongoDB & Redis for scan data and scan queues. This tool was written for the pure purpose of this article, if

Building a Fast One-Shot Recon Script for Bug Bounty

Introduction In this article we are going to build a fast one-shot recon script to collect the bulk of the information we need to serve as a starting point for our bug bounty testing. This blog post is complementary to the article on building an attack surface monitoring solution. Automation,

All the OSINT You Can Get From a Single Webpage Request

Before busting out your arsenal of tools to rip a website apart, it can be really useful to just go back to basics and start by simply making a request to the website and analyzing its response. This applies to beginners as well; before learning all of the different tools and commands it’s…

Implementing Nuclei into your GitHub CI/CD pipelines

It is critical that an organisation secures all of their assets along their entire software supply chain. For instance, in a DevOps lifecycle, as a developer, ensuring the security and stability of your code is crucial. One effective way to do this is by implementing automated security testing as part

The Ultimate Guide to Finding Bugs With Nuclei

Efficient, extensible, flexible, open source vulnerability scanning. Introduction Nuclei is a fast, efficient, and extensible vulnerability scanner. It can scan thousands of hosts in just a few minutes. The nuclei engine uses text-file templates to define the steps required to detect a vulnerability. It is an open-source tool that encourages

Using SpiderFoot for Offensive Reconnaissance: Part 1 – Discovery

My name is Jude, I’m a Security Analyst working with a Security Operations Center (SOC) team based in Australia. Outside of the usual SOC tasks (alert management, detection use cases), I work on specialist engagements around analyzing and understanding the external attack surface of companies using…

ProjectDiscovery's Best Kept Secrets

A tour of ProjectDiscovery's less-known public tools, and how to use them by @pry0cc Introduction For those unaware, ProjectDiscovery is a group of talented hackers and creators that have massively disrupted the offensive tooling industry by creating tooling that genuinely makes the lives of hackers easier. If you’re active

How to Share Social Media Credentials Securely

Sharing access to social media accounts is a common task for organisations - but it’s also a huge cybersecurity risk! In this article we discuss the secure way to share access, and the potential consequences if you don’t.

Enumerating WordPress Plugins at Scale - WPSec

Author: Duncan Jepson 22% of compromised WordPress websites occurred via vulnerabilities in their installed plugins. This was a staggering statistic to me when I first heard it. Because of this, I decided to take a bit of a dive into researching WordPress plugins and their vulnerabilities

Security in WordPress plugin development - WPSec

While WordPress core is well-tested and widely used, it allows plugins to be installed. Those plugins can be developed by, well, anyone! They enable many significant enhancements to the core platform but also have the potential to compromise the security of the entire website, even when they are not

Using SpiderFoot for Offensive Reconnaissance: Part 2 – Validation

My name is Jude, I’m a Security Analyst working with a Security Operations Center (SOC) team based in Australia. Outside of the usual SOC tasks (alert management, detection use cases), I work on specialist engagements around analyzing and understanding the external attack surface of companies using…

Proxify - A portable CLI-based HTTP/Socks proxy written in Golang

In this blog we’ll discuss the basics of proxies, explain what Proxify is and how it can be used. You’ll learn how to: 1. Install and run Proxify 2. Customize proxy output files and addresses 3. Use DSL language to match and/or replace requests/responses from CLI.

Top 5 OSINT Sources for Attack Surface Management

Probably the most frequently asked question we get from SpiderFoot users is “with so many options available, what API keys should I get for my use case?” So, we asked hakluke and dccybersec to go on a mission and figure out the top 5 for the three most common SpiderFoot use cases:

How OSINT Can Be Used to Elevate DFIR

My name is Jude, I’m a Security Analyst working with a Security Operations Center (SOC) team based in Australia. Outside of the usual SOC tasks (alert management, detection use cases), I work on specialist engagements

Discovering Vulnerabilities in WordPress Plugins at Scale - WPSec

Author: Luke (@hakluke) Stephens It always blows me away to think that WordPress runs 43% of all websites, including those without a content management system (CMS) 🤯. A single open source project is responsible for such a huge part of the internet! It's interesting to think about what might happ

Best Practices for Securing Your WordPress Site - WPSec

Author: Devansh Bordia WordPress is the world's most popular content management platform, used on 45% of websites. This also makes it an attractive target for malicious attackers! In 2021, more than 1.5 million WordPress websites were compromised. In this article, we will cover many ways that

Building Your Own Historical DNS Solution with DNSx

If you’ve been following these blogs, you’ll see that in the last article, we hacked together a basic attack surface monitoring platform using projectdiscovery tools. Using some of those basic building blocks, we’re going to build a basic historical DNS bot that will continuously enumerate domains and

OSINT without APIs

We recently published a bunch of posts about the top 5 APIs for Threat Intelligence, Attack Surface Monitoring, Security Assessments and People Investigations, but in this post we’ve asked hakluke to write about OSINT/reconnaissance techniques that don’t leverage any APIs – best of all, they are…

A Guide to DNS Takeovers: The Misunderstood Cousin of Subdomain Takeovers

Introduction Let's start with this: A DNS takeover is not the same as a subdomain takeover. Subdomain takeovers are old news. Hackers who caught onto them early made busloads of bounties by automating their detection and exploitation.  They're still out there, but competition is fierce. Crafty hackers built bots that

A hacker's guide to SSL certificates, featuring TLSx

Introduction In today's digital world, online security is more important than ever. As we rely increasingly on the internet, we must have a way to keep our communications private and secure. That's where SSL and TLS come in. SSL (Secure Sockets Layer) and TLS (Transport Layer Security) are like secret

Top 5 OSINT Sources for People Investigations

If you’re one of the thousands of people getting started in Information Security, Cyber Security or Private Investigation, you have probably already heard the term “Open Source Intelligence” (OSINT). OSINT is data collected on an individual or organisation from publicly available sources to be used…

Top 5 OSINT Sources for Penetration Testing and Bug Bounties

One of the key trends in information security over the last decade has been the proliferation of the concept that monitoring an organization’s external assets is critical to their overall security posture. As a result, many organizations have sprung up with the sole purpose of providing…