Sometimes when conducting a Penetration Testing exercise or Red Team engagement, you might be interested in extracting password hashes or credentials of your target Windows user, without the use of Mimikatz to avoid detection. This is where you would resort to using an NTLM downgrade attack. In this article we shall discuss how you can be able to perform this...
Resources
Blog
Technical
Keep up to date with the latest offensive security news, knowledge, and resources.
Discover how Sprocket Security’s AWS Scanner continuously maps public cloud assets to keep penetration testing and attack surface management current.
Explore what we know about the emerging WatchGuard CVE-2025-14733 vulnerability — unauthenticated RCE risk, active attacks, affected versions, and response steps.
Emerging React and Next.js vulnerabilities (CVE-2025-55182, CVE-2025-66478): what Sprocket Security is seeing, current detection coverage, and guidance for teams.
Learn how Sprocket’s AI Remediation Assistance turns vague vulnerability findings into clear, actionable fixes.
OWASP’s 2025 Top 10 shows how security misconfigurations and software supply chain issues dominate. Here’s how continuous pentesting closes the gap.
