Research

Research Resources

Research

Latest Research Resources

Recent InfoSec Talks, Defcon 32 Demo Labs - Farming n-days with GreyNoise
Dec 10, 2024 3 min read

Recent InfoSec Talks, Defcon 32 Demo Labs - Farming n-days with GreyNoise

In this series the service delivery team writes about an outstanding talk they saw at a conference and implementing those lessons at scale.
READ MORE
One Proxy to Rule Them All
Jul 15, 2024 11 min read

One Proxy to Rule Them All

Bypass WAFs with gigaproxy: an HTTP proxy that rotates IPs using mitmproxy, AWS API Gateway, and Lambda. Read the blog to learn more.
READ MORE
I Love Lucee: Building Lucee Extensions for Remote Code Execution
Mar 15, 2024 7 min read

I Love Lucee: Building Lucee Extensions for Remote Code Execution

During the past few assessments, Sprocket has encountered improperly configured instances of Lucee 5 and 4. This blog post will detail a straightforward method to execute remote code after acquiring administrative access to a Lucee login panel.
READ MORE
Directory Brute-forcing at Scale
Feb 15, 2024 8 min read

Directory Brute-forcing at Scale

Tools such as dirbuster, gobuster, feroxbuster, dirb, and ffuf have been instrumental in uncovering hidden content on websites. These tools and wordlists designed to discover files and directories have become staples in the toolkits of penetration testers and bug bounty hunters. Now more than ever, technology plays a vital role in cybersecurity practices.
READ MORE
Introducing Security Testing in QA
Jan 10, 2024 5 min read

Introducing Security Testing in QA

Fixing these vulnerabilities in production is more expensive than finding and fixing them earlier in the SDLC. One way that organizations can drive down the cost of vulnerability management is by integrating security testing into software quality assurance (QA) testing.
READ MORE
Surfacing the Invisible: A Guide to Web Application Attack Surface Management
Dec 05, 2023 7 min read

Surfacing the Invisible: A Guide to Web Application Attack Surface Management

The top five web application-specific attack surface management opportunities Sprocket Security sees regularly.
READ MORE
1 2 3 »