Resources

Credential Abuse

Follow & Subscribe

Browse Classifications

Browse Categories

Browse Topics

Browse Tags

Better Security

Have you heard of Continuous Penetration Testing?

Read more

Latest Credential Abuse Resources

  • 10 min read
  • New

Password spraying and MFA bypasses in the modern security landscape

Any offensive security operator will tell you that guessing employee credentials is key to compromising your customer’s network – and therefore highlighting vulnerabilities – during a cyber-security engagement. The…

Read more
  • 7 min read

How to limit cleartext password storage and fix the issue in your organization

The key to our engagements often and unfortunately involve the discovery of credentials on internal network file shares. We’re going to show you how we find cleartext password storage problems and how to address them. read more →

  • 8 min read

Leveraging hijacked Slack sessions on macOS

We are going to dig into Slack workspace compromise to provide additional information and tooling you can use to leverage access. This guidance will build off of “Abusing Slack for Offensive Operations”, a great article… read more →

  • 5 min read

How to defend against password spraying

Given how often we see this tactic used, we’re going to break down the basics. We want to help you understand how password spraying works, along with some effective steps you can take to prevent it from being used… read more →

  • 3 min read

Credential Stuffing: 5 basics you need to understand

It’s tempting to re-use the same password for multiple online accounts. Many of us have done it (it’s OK; this is a safe space). Convenient as it seems, this action puts you at high risk to get hacked via credential… read more →

  • 4 min read

Multi-Factor Authentication: How attackers still abuse these (often forgotten about) logins

Over the past years, we’ve urged companies to start using Multi-factor authentication (MFA) – and many have followed through. Unfortunately, we have a long way to go. First, the good news. MFA protects by adding a… read more →

Protect your company with Sprocket

Know your threats when they emerge.

When your environment changes, or new threats affect your attack surface, we perform security testing. There is a lot more value from this modern approach to testing.

Request a quote Learn how it works

Continuous Penetration Testing Subscription

  • Pentests
  • Web App Testing
  • Red Teaming
  • Social Engineering
  • Adversary Simulations