Resources
Latest External Testing Resources
Leading and Empowering Your Team During Log4j
The Log4j vulnerability has created havoc. The effects are serious. As we navigate the immediate and residual fall out, two important questions for non-security leaders to ask themselves are: Will an event like this… read more →
Reliable Username Enumeration: A step-by-step guide
Collecting and validating an organization’s employee base is critical for any successful offensive information security operation. read more →
Launching a pentest: How to discover related DNS records
When starting a penetration test, we first try to discover domains associated with our target apex domain. To help you navigate this part of the process, we’re going to detail it, highlighting tips and tricks for… read more →
How to hunt for SolarWinds Orion usage
Recent reports from FireEye revealed a large-scale campaign to infect company networks using a modified version of the SolarWinds Orion monitoring agent. read more →
How to defend against password spraying
Given how often we see this tactic used, we’re going to break down the basics. We want to help you understand how password spraying works, along with some effective steps you can take to prevent it from being used… read more →
Credential Stuffing: 5 basics you need to understand
It’s tempting to re-use the same password for multiple online accounts. Many of us have done it (it’s OK; this is a safe space). Convenient as it seems, this action puts you at high risk to get hacked via credential… read more →
Multi-Factor Authentication: How attackers still abuse these (often forgotten about) logins
Over the past years, we’ve urged companies to start using Multi-factor authentication (MFA) – and many have followed through. Unfortunately, we have a long way to go. First, the good news. MFA protects by adding a… read more →
Continuous Penetration Testing: Key Benefits and How It Differs from Traditional Methods
You need more value out of your pentests. The traditional point-in-time testing isn't cutting it. Continuous penetration testing brings an innovative methodology that better protects you and your business. This post… read more →
Autored - Using Terraform to Quickly Launch Empire
This is the start of a series I'm calling Autored. My goal is to quickly stand up temporary systems I commonly use during an engagement. In this post I'll cover how to deploy an Empire server in AWS in less than 3… read more →
Continuous Human & Automated Security
The Expert-Driven Offensive
Security Platform
Continuously monitor your attack surface with advanced change detection. Upon change, testers and systems perform security testing. You are alerted and assisted in remediation efforts all contained in a single security application, the Sprocket Platform.
Expert-Driven Offensive Security Platform
- Attack Surface Management
- Continuous Penetration Testing
- Adversary Simulations