<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"><channel><title>Naunet Blog</title><description>The latest cybersecurity insights and news from Naunet.</description><link>https://naunet.eu/</link><item><title>OpenClaw: When a “helpful assistant” becomes an attack surface</title><link>https://naunet.eu/blog/openclaw-when-a-helpful-assistant-becomes-an-attack-surface/</link><guid isPermaLink="true">https://naunet.eu/blog/openclaw-when-a-helpful-assistant-becomes-an-attack-surface/</guid><description>OpenClaw is an open source AI assistant that runs on your machine and connects to chat apps like Telegram, Discord, and Slack. It is useful because it collapses message intake, web access, tool invocation, and stored authority into one runtime. These features make it a very inviting application however that is also the core danger.</description><pubDate>Thu, 02 Apr 2026 00:00:00 GMT</pubDate><author>Mate Torok</author></item><item><title>How to use Evilginx 3 with Custom Certificates</title><link>https://naunet.eu/blog/how-to-use-evilginx-3-with-custom-certificates/</link><guid isPermaLink="true">https://naunet.eu/blog/how-to-use-evilginx-3-with-custom-certificates/</guid><description>Two ways to use Evilginx 3 community edition with custom (even wildcard) certificates.</description><pubDate>Mon, 31 Mar 2025 00:00:00 GMT</pubDate><author>Bence Szabo</author></item><item><title>How Not to Land in SPAM During Your Phishing Campaign</title><link>https://naunet.eu/blog/how-not-to-land-in-spam-during-your-phishing-campaign/</link><guid isPermaLink="true">https://naunet.eu/blog/how-not-to-land-in-spam-during-your-phishing-campaign/</guid><description>Last year, I conducted a phishing campaign as part of a red team assessment. Let me share what I learned about SPAM filters. I also had access to the internal mailing system, allowing me to test my theories on the target.</description><pubDate>Fri, 28 Mar 2025 00:00:00 GMT</pubDate><author>Bence Szabo</author></item><item><title>Stealthier than Nmap: ShadowProbe</title><link>https://naunet.eu/blog/stealthier-than-nmap-shadowprobe/</link><guid isPermaLink="true">https://naunet.eu/blog/stealthier-than-nmap-shadowprobe/</guid><description>ShadowProbe is a custom-made, TCP-only port scanner designed for multiple targets, featuring an inbuilt scheduler. It is a tool intended to run for days or even weeks once started.</description><pubDate>Fri, 28 Mar 2025 00:00:00 GMT</pubDate><author>Bence Szabo</author></item><item><title>LegolAD: A Stealthier Approach to Active Directory Enumeration for Red Teams</title><link>https://naunet.eu/blog/legolad-a-stealthier-approach-to-active-directory-enumeration-for-red-teams/</link><guid isPermaLink="true">https://naunet.eu/blog/legolad-a-stealthier-approach-to-active-directory-enumeration-for-red-teams/</guid><description>LegolAD is an enumeration tool that allows configurable network traffic for LDAP requests in Active Directory. It can be configured for scope, pagination, and jitter. The idea behind it was to evade detection by custom monitoring systems.</description><pubDate>Thu, 27 Mar 2025 00:00:00 GMT</pubDate><author>Bence Szabo</author></item><item><title>Effective Penetration Testing - Matching Business Needs with the Right Approach</title><link>https://naunet.eu/blog/effective-penetration-testing-matching-business-needs-with-the-right-approach/</link><guid isPermaLink="true">https://naunet.eu/blog/effective-penetration-testing-matching-business-needs-with-the-right-approach/</guid><description>In this article, we’ll explore the different types of penetration tests—compliance-driven, penetration testing as a service (PTaaS), and threat-led testing. We’ll discuss when and why each type is necessary, who benefits from them, and how to determine the best option for your organization’s specific security needs.</description><pubDate>Fri, 21 Mar 2025 00:00:00 GMT</pubDate><author>Naunet</author></item><item><title>AIMS eCrew Authorization Bypass (CVE-2024-44450)</title><link>https://naunet.eu/blog/aims-ecrew-authorization-bypass-cve-2024-44450/</link><guid isPermaLink="true">https://naunet.eu/blog/aims-ecrew-authorization-bypass-cve-2024-44450/</guid><description>Access control vulnerabilities are still the most common problems in web applications. This blog post summarizes several access control issues we found in our target web application.</description><pubDate>Mon, 03 Mar 2025 00:00:00 GMT</pubDate><author>Norbert Bajko</author></item><item><title>Email Security – Part 1: The Fundamentals of SPF, DKIM, and DMARC</title><link>https://naunet.eu/blog/email-security-part-1-the-fundamentals-of-spf-dkim-and-dmarc/</link><guid isPermaLink="true">https://naunet.eu/blog/email-security-part-1-the-fundamentals-of-spf-dkim-and-dmarc/</guid><description>Email remains the primary attack vector for phishing and ransomware, making robust authentication essential for protecting organizations. This article introduces SPF, DKIM, and DMARC—three key technologies that help verify sender identity, prevent spoofing, and enhance email security.</description><pubDate>Thu, 20 Feb 2025 00:00:00 GMT</pubDate><author>Norbert Bajko</author></item><item><title>Configuring Burp Suite for Testing Vaadin-based Applications</title><link>https://naunet.eu/blog/configuring-burp-suite-for-testing-vaadin-based-applications/</link><guid isPermaLink="true">https://naunet.eu/blog/configuring-burp-suite-for-testing-vaadin-based-applications/</guid><description>Vaadin-based applications rely on synchronization values to maintain UI state. During security testing, missing or incorrect values can terminate sessions, making automated scans ineffective. This article explores how to navigate these challenges using Burp Suite.</description><pubDate>Fri, 07 Feb 2025 00:00:00 GMT</pubDate><author>Norbert Bajko</author></item></channel></rss>