- Kulkan Newsletter
- Posts
- Presenting In4m and a Write-Up on YesWeHack Dojo #43
Presenting In4m and a Write-Up on YesWeHack Dojo #43
Our latest updates include a deep dive into a YesWeHack Remote Code Execution challenge and a lightweight tool to stay on top of security news. Plus, Kulkan will be sponsoring Ekoparty 2025; discover key insights on non-human identities, AI risks, and the gap between compliance and proactive security.
📝 Latest from Our Blog:
Solving YWH Dojo #43: Custom CCTV Firmware ChallengeOctavio Gorrini shares his write-up on solving YesWeHack Dojo #43. By predicting pseudo-random tokens and exploiting unsafe YAML parsing, he demonstrates how timing, rate-limiting, and untrusted input handling can lead to Remote Code Execution. |  |
In4m: Keeping up with the Latest Infosec NewsStaying up to date with emerging threats and vulnerabilities is crucial in today’s fast-paced security landscape. Florian Reyes presents In4m, a lightweight tool that collects the latest security news from trusted sources. |  |
🗓️ Key Industry Events:
Kulkan Security will be participating and sponsoring Ekoparty 2025, sharing perspectives and best practices on penetration testing and offensive security at Latin America’s leading cybersecurity conference.
During the event, we’ll also be interviewing candidates at EkoJobs, looking for top-notch hacker talent to join the Kulkan team.
💡 Security Highlights:
Finally, we're sharing a selection of articles covering attack and methodology trends in offensive security and penetration testing:
 | Non-Human Identities: The Hidden Attack SurfaceService accounts, API keys, and certificates are multiplying faster than organizations can track. Our pentesting engagements reveal how long-lived, unmanaged credentials expose critical risks… |
 | Can AI Turn Against Your Business?Hidden instructions in everyday content can manipulate enterprise AI systems, creating new attack vectors and exposing sensitive data… |
 | Compliance is Necessary, But Proactive Security is CriticalMeeting standards like PCI DSS or SOC 2 is just the starting point. Proactive security uncovers the gaps attackers exploit before frameworks catch up… |
That’s all for now, thanks for your time!
Thinking about hiring our team for upcoming penetration testing projects? Let’s start the conversation and explore how offensive security can strengthen your business.