Kulkan Newsletter

Kulkan Security is a quality-focused offensive security firm. Subscribe to receive information specific to offensive security as well as select company and team updates.

Client-Side Path Traversal, Ekoparty Takeaways, and AI-Driven Attack Trends

This month, we break down how Client-Side Path Traversal resurrects CSRF in modern header-based auth environments. Plus, we share our participation as sponsors at Ekoparty 2025 and highlight key offensive security trends emerging from AI-powered systems.

Sep 30, 2025

Presenting In4m and a Write-Up on YesWeHack Dojo #43

Our latest updates include a deep dive into a YesWeHack Remote Code Execution challenge and a lightweight tool to stay on top of security news. Plus, Kulkan will be sponsoring Ekoparty 2025; discover key insights on non-human identities, AI risks, and the gap between compliance and proactive security.

Aug 29, 2025

New Gitxray Features, GitLab Checklist, and Other Offensive Security Highlights

Our latest updates include Gitxray v1.0.18 with VirusTotal integration, the first version of our GitLab self-hosted security checklist, and recent posts on offensive security. We’re also actively participating in key industry cybersecurity conferences.

burp bambdasburp bambdas

+1+1

Jul 11, 2025

Bypassing Watermarks and crafting Bambdas for quick wins

Our latest articles on bypassing watermark implementations, and using Burp Bambdas for quick hacks that can help spot vulnerabilities across multi-step flows. And we're also sponsoring the Ekoparty Security Conference again this year.

WarGamesWarGames

+4+4

May 31, 2025

Identifying Threat actors on GitHub, plus a Quiz on WarGames, Sneakers, and more

Kali Linux now includes Gitxray, our open-source GitHub scanner, which is also available via PyPi. And we've created a Trivia online on a series of Hacker-related movies, hoping you find it fun to play!