Resources
Latest Penetration Testing Resources
Top 8 Penetration Testing Types, Techniques, and Best Practices
Penetration testing is a simulated cyber-attack against a computer system, network, or application to evaluate its security posture.
Read more
Automated Penetration Testing: Process, Pros/Cons and Best Practices
Automated penetration testing uses specialized software to quickly identify vulnerabilities across networks and applications without manual intervention. Read on to learn about the pros and cons of this pentesting… read more →
We Surveyed 200 In-House Pentesters; Here’s a Sample of What We Learned
We’ve just released our latest report, “Voice of an In-House Pentester,” diving deep into the world of penetration testing. With insights from 200 in-house security practitioners, this report reveals key trends,… read more →
Red Team vs Blue Team: Roles, Skills, Tools, and Tips
Red and Blue Teams play critical roles in the ever-evolving field of cybersecurity. Red Teams simulate real-world attacks, testing an organization’s defenses by identifying vulnerabilities and potential entry points.… read more →
Website Penetration Testing: Types, Methods, and Best Practices
Website penetration testing is a simulated cyberattack designed to identify vulnerabilities in a web application. This process replicates the techniques used by real attackers to uncover security gaps. By proactively… read more →
Penetration Testing in 2024: Why, What, and How
Discover how penetration testing identifies security vulnerabilities to protect systems and data from real-world attacks. Learn the key phases and methods. read more →
Forbidden! Are 403 bypasses worth looking for?
403 status code bypasses might seem niche and impractical at first glance, but they can be surprisingly valuable for uncovering vulnerabilities at scale. This blog delves into the nuances of 403 bypass techniques,… read more →
Recent InfoSec Talks, Defcon 32 - SSHamble: Unexpected Exposures in the Secure Shell
Will Vandevanter discusses a talk he saw at Defcon 2024 that was jam-packed with knowledge, hunting an international criminal, 0 days, and a new open-source tool. Will also talks about some takeaways he got from the… read more →
Adopting a Continuous Security Mindset
Despite the increase of "continuous" security solutions, the fundamental issues in cybersecurity remain unresolved. The real challenge lies not in the availability of information but in how organizations use it to… read more →
Exploring Modern Password Spraying: Introduction to Entra Smart Lockout
Delve into the modern techniques and security controls surrounding password spraying. This series will explore the current techniques, tactics, and procedures (TTPs) for password spraying. read more →
Pwning SPA’s With Semgrep
Semgrep, or Semantic Grep (For Code) should be a part of your pentesting toolkit. If you think otherwise, read on to see why. read more →
PCI DSS 4.0 and a Continuous Offensive Security Strategy
In the ever-evolving landscape of cybersecurity, organizations are constantly challenged to protect their sensitive data. The Payment Card Industry Data Security Standard (PCI DSS) version 4.0 is the latest iteration of… read more →
Zip Slip Exploitation in File Uploads with Hackvertor
Custom Tags are one of Hackvertor's most powerful features. They allow you to run Python, Java, or JavaScript with a one-liner inside any Burp request. In this blog post, we will discuss performing Zip Slip testing with… read more →
Directory Brute-forcing at Scale
Tools such as dirbuster, gobuster, feroxbuster, dirb, and ffuf have been instrumental in uncovering hidden content on websites. These tools and wordlists designed to discover files and directories have become staples in… read more →
Continuous Human & Automated Security
The Expert-Driven Offensive
Security Platform
Continuously monitor your attack surface with advanced change detection. Upon change, testers and systems perform security testing. You are alerted and assisted in remediation efforts all contained in a single security application, the Sprocket Platform.
Expert-Driven Offensive Security Platform
- Attack Surface Management
- Continuous Penetration Testing
- Adversary Simulations