Nate Fair

The shift to remote work has led to significant changes in organizational dynamics and technology infrastructure, particularly in ticketing, help desk, and management platforms. Sprocket pentesters focus on evaluating the security risks associated with these evolving systems, especially in external SaaS environments where the impact can be substantial.

Did you know you can interact with LDAP using cURL? How about NTLM, proxy tunneling, or domain sockets? A deep dive into some less common and advanced features of cURL, including sending POST requests with a payload file, uploading files to a server, exploiting Spring4Shell, and exploiting SQL injection vulnerabilities using cURL.

Offensive operations require evasion techniques to bypass security controls. Testers will often find that their attacks against web applications, Office 365, and other external endpoints are quickly blocked. Read our guide outlining the tools we use here at Sprocket to help us effectively attack our client's infrastructure including Fireprox, proxybroker2 and http-proxy-ipv6-pool.

A basic guide on how Sprocket utilizes Continuous Penetration Testing to rapidly identify and exploit vulnerabilities.

Hey, you love printers right? They’re that reliable, steadfast piece of technology that always seems to work and never gives you any headaches ... right? Well, buckle up. Microsoft is releasing emergency security patches to address a critical privilege escalation and remote code execution vulnerability found within the Print Spooler service.