Resources

External Testing

Latest External Testing Resources

Large Language Model (LLM) Security Testing: Types, Techniques, and Methodology

Get ready to learn the importance of LLM (Large Language Model) security testing, a vital process for identifying vulnerabilities in AI models, especially those integrated into web applications. The need for early…

Read more

One Proxy to Rule Them All

Bypass WAFs with gigaproxy: an HTTP proxy that rotates IPs using mitmproxy, AWS API Gateway, and Lambda. Read the blog to learn more. read more →

From Twitter to Exploit: The Sprocket Security Lifecycle of Exploitation

Our approach to mass exploitation of the latest and greatest vulnerability. On the chopping block, this time around: CVE-2024-3400. read more →

Patch Diffing CVE-2024-3400 from a Palo Alto NGFW Marketplace AMI

One of the needs during CVE-2024-3400 testing was the ability to test against a live non-production vulnerable instance. We opted for the Palo Alto NGFW AWS Marketplace AMI. read more →

Introduction to the Ticketing SaaS Landscape

The shift to remote work has led to significant changes in organizational dynamics and technology infrastructure, particularly in ticketing, help desk, and management platforms. Sprocket pentesters focus on evaluating… read more →

Subdomain Takeovers - It’s Always DNS

In this article, we will look at a few different takeover methods, detail how we find them, show how they are exploited, and the easy solution to fixing this potentially severe vulnerability. read more →

Password Spraying Self-Hosted Microsoft Services

Self-hosted Microsoft services, such as Exchange and Skype for Business, are ideal targets for password spraying attacks. Learn more about how these threats work and how to protect your business. read more →

Tools for Evading External Network Security Controls

Offensive operations require evasion techniques to bypass security controls. Testers will often find that their attacks against web applications, Office 365, and other external endpoints are quickly blocked. Read our… read more →

Why no Workstation Needs Inbound SMB

Know the risks and attack vectors associated with allowing inbound SMB port connectivity to workstations with an emphasis on lateral movement tools and techniques. See how Continuous Penetration Testing is highly useful… read more →

Password spraying and MFA bypasses in the modern security landscape

Any offensive security operator will tell you that guessing employee credentials is key to compromising your customer’s network – and therefore highlighting vulnerabilities – during a cyber-security engagement. The… read more →

Crossing the Log4j Horizon - A Vulnerability With No Return

A vulnerability was recently disclosed for the Java logging library, Log4j. The vulnerability is wide-reaching and affects both open-source projects and enterprise software. VMWare announced shortly after the release of… read more →

Leading and Empowering Your Team During Log4j

The Log4j vulnerability has created havoc. The effects are serious. As we navigate the immediate and residual fall out, two important questions for non-security leaders to ask themselves are: Will an event like this… read more →

Continuous Human & Automated Security

The Expert-Driven Offensive
Security Platform

Continuously monitor your attack surface with advanced change detection. Upon change, testers and systems perform security testing. You are alerted and assisted in remediation efforts all contained in a single security application, the Sprocket Platform.

Watch Demo Request Quote

Expert-Driven Offensive Security Platform

  • Attack Surface Management
  • Continuous Penetration Testing
  • Adversary Simulations