Red Team Reading
Find the latest content from the Sprocket Testing Team. Topics include bleeding edge testing, webinars, findings and more!
Red Team Reading
Zip Slip Exploitation in File Uploads with Hackvertor
Custom Tags are one of Hackvertor's most powerful features. They allow you to run Python, Java, or JavaScript with a one-liner inside any Burp request. In this blog post, we will discuss performing Zip Slip testing with… read more →
Patch Diffing CVE-2024-3400 from a Palo Alto NGFW Marketplace AMI
One of the needs during CVE-2024-3400 testing was the ability to test against a live non-production vulnerable instance. We opted for the Palo Alto NGFW AWS Marketplace AMI. read more →
From Twitter to Exploit: The Sprocket Security Lifecycle of Exploitation
Our approach to mass exploitation of the latest and greatest vulnerability. On the chopping block, this time around: CVE-2024-3400. read more →
Surfacing the Invisible Web Application Attacks and Attack Surface Management
Watch for an insightful webinar as Will merges the worlds of web application penetration testing and Attack Surface Management (ASM) data. Using examples from real life penetration tests, he will demonstrate some of the… read more →
Lessons Learned: Physical Penetration Testing
Watch for an engaging and informative exploration of Physical Penetration Testing (PPT) with Nate Fair, a Penetration Tester at Sprocket Security! In this session, Nate will cover the complexities of PPT, sharing… read more →
Halloween Hack-O-Lantern: Spooky Tales from the Dark Side of Authentication
Uncover the eerie secrets of authentication in our upcoming Webinar, "Halloween Hack-O-Lantern: Spooky Tales from the Dark Side of Authentication." Join us as we explore authentication bypass, from ghostly vishing calls… read more →