Kulkan Newsletter
Kulkan Security is a quality-focused offensive security firm. Subscribe to receive information specific to offensive security as well as select company and team updates.
Archive
Evilginx Research, Running Cisco’s Security Model in Ollama, and Other Offensive Security Takeaways
In our latest newsletter, we explore how to detect and stop AitM attacks through the Evilginx proxy. We also share a DIY guide for running Cisco’s Foundation-sec-8B-Reasoning locally in Ollama, along with team highlights from our K-Talks and our upcoming participation at Segurinfo Iberoamericano.
MxCheckSec for Email Security, Enhanced OSINT Capabilities, and Other Pentesting Takeaways
In the first newsletter of the year, we're introducing MxCheckSec, a tool designed to validate SPF, DKIM, and DMARC records to prevent email impersonation and phishing attacks, along with a new version of the Gitxray open-source tool and highlights from the 2026 opening K-Talks sessions.
Polyglot Files, Gitxray v1.0.19, and Other Offensive Security Takeaways
In our final 2025 edition, we share a hands-on introduction to polyglot files and how they can be used to bypass upload controls and trigger unexpected behavior, along with improvements to the Gitxray open-source tool, and insights from our latest K-Talks sessions.
Assessing the Attack Surface of Remote MCP Servers
This edition dives into our latest analysis of remote MCP servers and how integrations expand the attack surface for LLM-based systems. We also share quick updates from our recent K-Talks session, industry events, and why feedback plays a key role in delivering stronger pentesting assessments.
Client-Side Path Traversal, Ekoparty Takeaways, and AI-Driven Attack Trends
This month, we break down how Client-Side Path Traversal resurrects CSRF in modern header-based auth environments. Plus, we share our participation as sponsors at Ekoparty 2025 and highlight key offensive security trends emerging from AI-powered systems.
Presenting In4m and a Write-Up on YesWeHack Dojo #43
Our latest updates include a deep dive into a YesWeHack Remote Code Execution challenge and a lightweight tool to stay on top of security news. Plus, Kulkan will be sponsoring Ekoparty 2025; discover key insights on non-human identities, AI risks, and the gap between compliance and proactive security.
New Gitxray Features, GitLab Checklist, and Other Offensive Security Highlights
Our latest updates include Gitxray v1.0.18 with VirusTotal integration, the first version of our GitLab self-hosted security checklist, and recent posts on offensive security. We’re also actively participating in key industry cybersecurity conferences.
