Sprocket Security

Essential Resources

Explore resources found within the Essential and categories.

Follow & Subscribe

Browse Classifications

Browse Categories

Browse Topics

Browse Tags

Latest Resources

  • 4 min read

What Is an Attack Surface... and Why Protect It?

Maybe you’ve heard your IT security team talking about attack surfaces? Or, maybe the term has come up during a virtual conference or in your newsfeed. It’s important to take a step back and understand what an attack… read more →

  • 1 min read

VIDEO: How Continuous Penetration Testing Works (the best)

Trying to wrap your head around what separates Continuous Penetration Testing from other forms of network security testing? Well, we get it. That’s why we’ve put together this handy little video. Sit back, have a… read more →

  • 5 min read

What Vulnerability Scanners Miss... and the Cost

Automated Vulnerability Scanners, on the surface, have a lot of appeal to IT directors. They run in the background and are “always on”. They alert you when you have an issue. But the harsh reality is they provide a… read more →

  • 10 min read

Reliable Username Enumeration: A step-by-step guide

Collecting and validating an organization’s employee base is critical for any successful offensive information security operation. read more →

Continuous Pen Testing vs. Bug Bounties: A Comprehensive Comparison

In-depth info. to consider before choosing how you’ll test network security. If you’ve thought about using a bug-bounty program to test your organization’s network, hit pause and read this first. read more →

  • 5 min read

Launching a pentest: How to discover related DNS records

When starting a penetration test, we first try to discover domains associated with our target apex domain. To help you navigate this part of the process, we’re going to detail it, highlighting tips and tricks for… read more →

  • 8 min read

Leveraging hijacked Slack sessions on macOS

We are going to dig into Slack workspace compromise to provide additional information and tooling you can use to leverage access. This guidance will build off of “Abusing Slack for Offensive Operations”, a great article… read more →

  • 4 min read

Why Users Are a Top Threat – And Bug Bounties Fall Short

Bug-bounty programs live and die by their ability to target public-facing assets and then expose related vulnerabilities. But one asset is out of their reach, and it’s arguably the most dangerous to your network. read more →

  • 5 min read

How to hunt for SolarWinds Orion usage

Recent reports from FireEye revealed a large-scale campaign to infect company networks using a modified version of the SolarWinds Orion monitoring agent. read more →

  • 3 min read

Bug Bounty vs. Continuous Pen Testing: Understanding the Basics

Oh, the world of good ol’ bug-bounty programs. In recent months they’ve become a hot topic for IT teams looking to unearth vulnerabilities. And it’s easy to see why. They’re flashy and promise the world. Your company… read more →

  • 1 min read

InBusiness column: How testing protects your data – and bottom line

Getting hacked hurts. Not only is it often a PR nightmare and the cause of sleepless nights – a company data breach is a financial fright fest that can cost you millions of dollars. read more →

Top 5 ways hackers break into your network

Practical, expert-tested guidance you can apply to immediately improve your network security. read more →

Continuous Human & Automated Security

The Expert-Driven Offensive
Security Platform

Continuously monitor your attack surface with advanced change detection. Upon change, testers and systems perform security testing. You are alerted and assisted in remediation efforts all contained in a single security application, the Sprocket Platform.

Watch Demo Request Quote

Expert-Driven Offensive Security Platform

  • Attack Surface Management
  • Continuous Penetration Testing
  • Adversary Simulations