External Testing

Bypass WAFs with gigaproxy: an HTTP proxy that rotates IPs using mitmproxy, AWS API Gateway, and Lambda. Read the blog to learn more.

Our approach to mass exploitation of the latest and greatest vulnerability. On the chopping block, this time around: CVE-2024-3400.

One of the needs during CVE-2024-3400 testing was the ability to test against a live non-production vulnerable instance. We opted for the Palo Alto NGFW AWS Marketplace AMI.

The shift to remote work has led to significant changes in organizational dynamics and technology infrastructure, particularly in ticketing, help desk, and management platforms. Sprocket pentesters focus on evaluating the security risks associated with these evolving systems, especially in external SaaS environments where the impact can be substantial.

In this article, we will look at a few different takeover methods, detail how we find them, show how they are exploited, and the easy solution to fixing this potentially severe vulnerability.

Self-hosted Microsoft services, such as Exchange and Skype for Business, are ideal targets for password spraying attacks. Learn more about how these threats work and how to protect your business.