Microsoft's soft patch didn't kill tenant enumeration. Attackers have new ways to map cloud infrastructure. Learn how modern Azure and Microsoft 365 enumeration techniques work, why they're back, and what defenders should do next.
Resources
Blog
Testing Lab
Keep up to date with the latest offensive security news, knowledge, and resources.
Emerging React and Next.js vulnerabilities (CVE-2025-55182, CVE-2025-66478): what Sprocket Security is seeing, current detection coverage, and guidance for teams.
OWASP’s 2025 Top 10 shows how security misconfigurations and software supply chain issues dominate. Here’s how continuous pentesting closes the gap.
Follow a vulnerability researcher’s deep dive into FFmpeg’s LADSPA plugin loader and the discovery of CVE-2025-60616 — a logic flaw in how environment variables are trusted. Learn how this vulnerability enables code execution, why fuzzing missed it, and how proper validation and process isolation can prevent similar exploits.
Comcast Business Cybersecurity Threat Report analyzed events, revealing how attackers are shifting tactics and accelerating the pace at which exposures become exploitable. We will expand on four of the threats that keep showing up in breach postmortems, how they work in reality, and what organizations should do about them.
Sprocket Security's Director of Technical Operations reveals how Domain Admin access was gained through overlooked misconfigurations and intricate attack paths, with both insight and humor.
