Resources
Latest Technical Resources
Recent InfoSec Talks, Defcon 32 Demo Labs - Farming n-days with GreyNoise
In this series the service delivery team writes about an outstanding talk they saw at a conference and implementing those lessons at scale.
Read more
Application Security Testing (AST): Technologies and Best Practices
Application security testing involves analyzing and evaluating software applications to identify vulnerabilities. read more →
Top 10 Vulnerability Management Best Practices for 2024
Vulnerability management is the ongoing process of identifying, evaluating, treating, and reporting on security vulnerabilities in systems and software read more →
How to Conduct a Security Risk Assessment in 6 Steps
Security risk assessment is a systematic process to evaluate potential threats and vulnerabilities affecting an organization’s critical resources. read more →
Top 8 Penetration Testing Types, Techniques, and Best Practices
Penetration testing is a simulated cyber-attack against a computer system, network, or application to evaluate its security posture. read more →
7-Stage Vulnerability Management Process and How to Make It Great
Penetration testing is a simulated cyber-attack against a computer system, network, or application to evaluate its security posture. read more →
WebQL: Using CodeQL To Conduct JavaScript Security Analysis Against Modern Web Applications
Introducing WebQL, an automated JavaScript analysis tool that leverages CodeQL to identify and exploit vulnerabilities in modern web applications like SPAs and PWAs. By automating the extraction, beautification, and… read more →
I’m sick of 1000-line Python scripts.
This blog introduces snickerdoodle, a customized Cookiecutter template designed to help penetration testers quickly create and share complex CLI tools. By automating project setup with features like pre-configured CLI… read more →
Forbidden! Are 403 bypasses worth looking for?
403 status code bypasses might seem niche and impractical at first glance, but they can be surprisingly valuable for uncovering vulnerabilities at scale. This blog delves into the nuances of 403 bypass techniques,… read more →
Recent InfoSec Talks, Defcon 32 - SSHamble: Unexpected Exposures in the Secure Shell
Will Vandevanter discusses a talk he saw at Defcon 2024 that was jam-packed with knowledge, hunting an international criminal, 0 days, and a new open-source tool. Will also talks about some takeaways he got from the… read more →
One Proxy to Rule Them All
Bypass WAFs with gigaproxy: an HTTP proxy that rotates IPs using mitmproxy, AWS API Gateway, and Lambda. Read the blog to learn more. read more →
Exploring Modern Password Spraying: Introduction to Entra Smart Lockout
Delve into the modern techniques and security controls surrounding password spraying. This series will explore the current techniques, tactics, and procedures (TTPs) for password spraying. read more →
Continuous Human & Automated Security
The Expert-Driven Offensive
Security Platform
Continuously monitor your attack surface with advanced change detection. Upon change, testers and systems perform security testing. You are alerted and assisted in remediation efforts all contained in a single security application, the Sprocket Platform.
Expert-Driven Offensive Security Platform
- Attack Surface Management
- Continuous Penetration Testing
- Adversary Simulations