Blog

Stay updated with the latest offensive security news, knowledge, and resources.

Latest Resources

A Showcase of the Top OWASP Risks
Dec 20, 2022 Sprocket Security

A Showcase of the Top OWASP Risks

Exploiting several Top 10 risks using the Damn Vulnerable Web Application (DVWA), as it’s expressly configured to highlight sub-optimal cybersecurity practices relevant to modern web applications.
The Top 7 Most Exploitable CVEs in 2022
Nov 04, 2022 Sprocket Security

The Top 7 Most Exploitable CVEs in 2022

Vulnerability management can be an overwhelming task with so many new vulnerabilities identified each year. Learn about the top vulnerabilities of 2022, which should be at the top of your patch priority list.
Why no Workstation Needs Inbound SMB
Oct 12, 2022 Sprocket Security

Why no Workstation Needs Inbound SMB

Know the risks and attack vectors associated with allowing inbound SMB port connectivity to workstations with an emphasis on lateral movement tools and techniques. See how Continuous Penetration Testing is highly useful for augmenting the current security control landscape implemented by the business.
Creating a CVE Trends Command Line Tool
Aug 29, 2022 Nicholas Anastasi

Creating a CVE Trends Command Line Tool

How to create a CVE Trends Command Line Tool and be notified in Slack via Webhooks.
Exploiting N-Day Vulnerabilities at Scale with CPT
Jul 19, 2022 Nate Fair

Exploiting N-Day Vulnerabilities at Scale with CPT

A basic guide on how Sprocket utilizes Continuous Penetration Testing to rapidly identify and exploit vulnerabilities.
Crossing the Log4j Horizon - A Vulnerability With No Return
Jan 10, 2022 Nicholas Anastasi

Crossing the Log4j Horizon - A Vulnerability With No Return

A vulnerability was recently disclosed for the Java logging library, Log4j. The vulnerability is wide-reaching and affects both open-source projects and enterprise software. VMWare announced shortly after the release of the issue that several of their products were affected. A proof of concept has been released for VMWare Horizon instances and allows attackers to execute code as an unauthenticated user...
1 2 3 4 5 »