Research Resources
Latest Research Resources
Recent InfoSec Talks, Defcon 32 Demo Labs - Farming n-days with GreyNoise
In this series the service delivery team writes about an outstanding talk they saw at a conference and implementing those lessons at scale.
READ MORE
One Proxy to Rule Them All
Bypass WAFs with gigaproxy: an HTTP proxy that rotates IPs using mitmproxy, AWS API Gateway, and Lambda. Read the blog to learn more.
READ MORE
I Love Lucee: Building Lucee Extensions for Remote Code Execution
During the past few assessments, Sprocket has encountered improperly configured instances of Lucee 5 and 4. This blog post will detail a straightforward method to execute remote code after acquiring administrative access to a Lucee login panel.
READ MORE
Directory Brute-forcing at Scale
Tools such as dirbuster, gobuster, feroxbuster, dirb, and ffuf have been instrumental in uncovering hidden content on websites. These tools and wordlists designed to discover files and directories have become staples in the toolkits of penetration testers and bug bounty hunters. Now more than ever, technology plays a vital role in cybersecurity practices.
READ MORE
Introducing Security Testing in QA
Fixing these vulnerabilities in production is more expensive than finding and fixing them earlier in the SDLC. One way that organizations can drive down the cost of vulnerability management is by integrating security testing into software quality assurance (QA) testing.
READ MORE
Surfacing the Invisible: A Guide to Web Application Attack Surface Management
The top five web application-specific attack surface management opportunities Sprocket Security sees regularly.
READ MORE