Kulkan Security – Medium

Kulkan Security

Breaking Into a Govee Smart Display: From UART Shell to Device Impersonation

Hi! I’m Matias Fumega, security consultant at Kulkan Security. This post covers my research on the Govee H8630 smart display. Starting from…

Mar 26

Breaking Into a Govee Smart Display: From UART Shell to Device Impersonation

Mar 26

See no Evil(ginx) / Detecting and stopping AitM phishing threats

Hi! I’m Matias Forti, technical lead at Kulkan Security. In this post, we’ll dive into some research focused on Evilginx, a popular reverse…

Feb 9

See no Evil(ginx) / Detecting and stopping AitM phishing threats

Feb 9

Published in

How to Run Cisco’s Foundation-sec-8B-Reasoning in Ollama (DIY Guide!)

Cisco’s new model release extends their previous 8B model with structured reasoning capabilities. This allows it to generate explicit…

Feb 3

How to Run Cisco’s Foundation-sec-8B-Reasoning in Ollama (DIY Guide!)

Feb 3

Published in

MxCheckSec: Validate SPF, DKIM, DMARC, and more.

Introducing MxCheckSec for SPF, DKIM and DMARC validation, and more.

Jan 28

MxCheckSec: Validate SPF, DKIM, DMARC, and more.

Jan 28

Gitxray v1.0.20: Inferring Timezones for Contributors, Commit Pattern Analysis, and more.

Our latest version for Gitxray is out and already updated in PyPI. Several new features and association checks included that can help with…

Jan 9

Gitxray v1.0.20: Inferring Timezones for Contributors, Commit Pattern Analysis, and more.

Jan 9

A Hands-On Introduction to Polyglot Files

The goal of this post is to explore the nature of polyglot files and the scenarios where they are most effective for discovering…

Dec 18, 2025

A Hands-On Introduction to Polyglot Files

Dec 18, 2025

Published in

Assessing the Attack Surface of Remote MCP Servers

Hello! I’m Matias Forti, technical lead here at Kulkan Security. As the AI landscape continues to evolve I’ve been really interested in…

Nov 3, 2025

Assessing the Attack Surface of Remote MCP Servers

Nov 3, 2025

Client-Side Path Traversal: Exploiting CSRF in Header-based auth scenarios

Hello! Lucas Cebrero here, Security Consultant at Kulkan. As part of an internal training activity I’ve been working on a small lab to…

Oct 14, 2025

Client-Side Path Traversal: Exploiting CSRF in Header-based auth scenarios

Oct 14, 2025

Solving YWH Dojo #43 — Custom CCTV Firmware Challenge

Hello everyone! Octavio Gorrini here, security consultant at Kulkan. As a way to continue learning I like to play CTFs, participate in…

Sep 24, 2025

Solving YWH Dojo #43 — Custom CCTV Firmware Challenge

Sep 24, 2025

In4m: Keeping up with the Latest Infosec News

At Kulkan, we believe it’s essential to stay continuously informed about the latest security threats that could impact both our customers…

Sep 1, 2025

In4m: Keeping up with the Latest Infosec News

Sep 1, 2025

Kulkan Security

Kulkan Security

Creative minds breaking your Apps. Our team of security experts will plan and execute controlled attacks. We are CREST accredited. Visit https://www.kulkan.com/

Following

Help

Status

About

Careers

Press

Blog

Privacy

Rules

Terms

Text to speech