• Kulkan Newsletter
  • Posts
  • Evilginx Research, Running Cisco’s Security Model in Ollama, and Other Offensive Security Takeaways

Evilginx Research, Running Cisco’s Security Model in Ollama, and Other Offensive Security Takeaways

In our latest newsletter, we explore how to detect and stop AitM attacks through the Evilginx proxy. We also share a DIY guide for running Cisco’s Foundation-sec-8B-Reasoning locally in Ollama, along with team highlights from our K-Talks and our upcoming participation at Segurinfo Iberoamericano.

February 25, 2026

📝 Latest from Our Blog:

See no Evil(ginx) / Detecting and stopping AitM phishing threats

Unlike traditional phishing, Adversary-in-the-Middle (AitM) attacks can bypass MFA by proxying the entire authentication flow. Matias Forti dives into research on Evilginx, a popular reverse proxy intercepting traffic between a victim and a legitimate site.

The research focuses on how these attacks work, how Evilginx tries to stay hidden, and how we can detect and disrupt these campaigns in the wild.

How to Run Cisco’s Foundation-sec-8B-Reasoning in Ollama (DIY Guide!)

Cisco’s new model release extends their previous model with structured reasoning capabilities, allowing it to generate explicit reasoning traces and think through complex, multi-step security problems before presenting an answer.

While the model isn’t in the Ollama library yet, this article reveals how to take the raw weights, pack them into a compressed GGUF, and run the model locally so you don’t have to trust a third party.

🎙️ K-Talks:

Continuous learning and team collaboration are part of our DNA. In our latest session, Sebastián Savini led a deep dive into Content Security Policy (CSP), aligning the team’s criteria on how we analyze and report common misconfigurations and edge cases.

Following that, Agustin Dendarys presented “Site Map Companion”, showcasing an internal tool meant to improve the efficiency of surface mapping whilst preserving all of the guarantees we want and need to achieve a responsible and complete attack surface map.

🗓️ Key Industry Events:

We're sponsoring Segurinfo Iberoamericano this March! It’s a key summit that brings together industry leaders to discuss, share experiences, and analyze today's information security challenges across the region.

Our team will be on-site in Buenos Aires to share Kulkan's offensive security perspective, helping more organizations strengthen their defenses through an attacker-led approach.

Ready to strengthen your security posture?

If you’re planning upcoming penetration testing initiatives, let’s start the conversation and explore how our attacker-led approach can help secure your business and support its growth.