• Kulkan Newsletter
  • Posts
  • MxCheckSec for Email Security, Enhanced OSINT Capabilities, and Other Pentesting Takeaways

MxCheckSec for Email Security, Enhanced OSINT Capabilities, and Other Pentesting Takeaways

In the first newsletter of the year, we're introducing MxCheckSec, a tool designed to validate SPF, DKIM, and DMARC records to prevent email impersonation and phishing attacks, along with a new version of the Gitxray open-source tool and highlights from the 2026 opening K-Talks sessions.

January 29, 2026

šŸ“ Latest from Our Blog:

MxCheckSec: Validate SPF, DKIM, DMARC, and More

Serafin Cepeda introduces MxCheckSec, a tool designed to simplify the validation of SPF, DKIM, and DMARC records to ensure a secure email setup.

While these mechanisms are essential for protection against cyberattacks, their complex configuration can leave domains vulnerable to impersonation and phishing attacks. MxCheckSec parses these records as a receiving server would, identifying security risks like weak keys, missing policies, or unprotected domains.

ā­ Highlight:

"None of the open-source tools out there which validate SPF, DKIM and DMARC produce a human-readable output with recommendations for the setup. Thatā€™s the reason why I decided to create MxCheckSec."

Serafin Cepeda - Security Consultant

šŸ†• Gitxray v1.0.20 is out!

New features and checks for OSINT on contributors and identifying potentially malicious repositories.

šŸš€ Key Updates:

Timezone inference based on a contributorā€™s disclosed profile location: Gitxray compares inferred timezones with commit days and hours to assess location consistency, surface commit-time patterns, and flag automated or bot-like behavior.

This release also extracts email addresses from ā€œCo-authored-byā€ trailers in commit messages and cross-references them across accounts, which can help uncover hidden relationships between contributors.

šŸŽ™ļø K-Talks:

We're starting 2026 the Kulkan way: with continuous learning and team collaboration. This collaborative approach and continuous knowledge sharing remain essential for delivering the assessments our clients rely on.

In our last K-Talk, Ignacio Molina explored Digispark capabilities for BadUSB attacks, covering optimization techniques and showcasing a live PoC. The session continued with Joaquin Miranda sharing practical tips for troubleshooting multiple error scenarios in Linux including defective peripherals and networking.

Ready to strengthen your security posture?

If youā€™re planning upcoming penetration testing initiatives, letā€™s start the conversation and explore how our attacker-led approach can help secure your business and support its growth.