Research

During the past few assessments, Sprocket has encountered improperly configured instances of Lucee 5 and 4. This blog post will detail a straightforward method to execute remote code after acquiring administrative access to a Lucee login panel.

Tools such as dirbuster, gobuster, feroxbuster, dirb, and ffuf have been instrumental in uncovering hidden content on websites. These tools and wordlists designed to discover files and directories have become staples in the toolkits of penetration testers and bug bounty hunters. Now more than ever, technology plays a vital role in cybersecurity practices.

Fixing these vulnerabilities in production is more expensive than finding and fixing them earlier in the SDLC. One way that organizations can drive down the cost of vulnerability management is by integrating security testing into software quality assurance (QA) testing.

The top five web application-specific attack surface management opportunities Sprocket Security sees regularly.

In cybersecurity, various tools and strategies are at organizations' disposal to enhance their overall security posture. Among these, two frequently misunderstood strategies are vulnerability scanning and penetration testing. This article delves deep into these two approaches, shedding light on their distinct characteristics and highlighting the key differentiators that set them apart.

Ransomware has emerged as one of the most common and damaging malware threats in recent years. In fact, the volume and expense of ransomware attacks have caused some insurers to exclude them from cybersecurity coverage. Read on to learn more about the top 2023 ransomware attacks and how to protect yourself and your company.