Find the latest Webinar content from the Sprocket Testing Team.
Resources Blog

Blog

Keep up to date with the latest offensive security news, knowledge, and resources.
Can We Beat the Adversary, or Am I Willing to Accept the Risk?

Can We Beat the Adversary, or Am I Willing to Accept the Risk?

Most security programs detect breaches. Fewer can prove they won't happen. Learn the offensive security framework that turns "are we secure?" into an answerable question.
Security Budget Downturn

Security Budget Downturn

Budget cuts don't reduce security risk. They relocate it. Here's the breach math CFOs need to see before the spreadsheet wins the argument.
The Human Touch in the Era of AI: Why Pentesting Still Needs a Human in the Loop

The Human Touch in the Era of AI: Why Pentesting Still Needs a Human in the Loop

AI accelerates pentesting but human judgement close the gap. See how two real engagements turned quiet banners and a single timestamp into critical findings.
Tenant Enumeration is Dead

Tenant Enumeration is Dead

Microsoft has fully patched the ACS metadata endpoint that powered tenant domain enumeration. Learn what the original technique was, why it's gone, and how azmap.dev now combines DKIM lookups, MX brute-force, and Graph API to still surface tenant names and related domains.
AI for Defenders: What's Actually Working in the Environments We Test

AI for Defenders: What's Actually Working in the Environments We Test

From alert triage to attack path prioritization, AI has moved past the marketing slides. A Sprocket SE breaks down what's working in real SOC workflows, where it falls short, and how to think about automation before it thinks for you.
Auditing AI Chat APIs: Beyond Prompt Injection

Auditing AI Chat APIs: Beyond Prompt Injection

Prompt injection isn't the only risk in AI chat APIs. See how we found a GraphQL BOLA in a healthcare SaaS AI assistant and why the transport layer matters.
1 2 3 4 5