Sprocket Security
Latest Resources
Preventing Social Engineering Breaches
It’s pretty common for companies to bundle social engineering into their penetration testing programs. But when the report shows up, you may find you’re surprised and frustrated at the rate of employees clicking links… read more →
How to exploit Zerologon (CVE-2020-1472)
Recently, one of the most significant Microsoft Windows vulnerabilities since Eternal Blue (MS17-010) was brought to light. We’re going to show you how to exploit it during a pentest. read more →
How to: Execute passive internal recon during continuous penetration testing
When we launch continuous penetration testing in a new network, we don't want to raise suspicion of our presence. For one reason, we may be able to get credentials without doing anything intrusive at all. To do it, we… read more →
Credential Stuffing: 5 basics you need to understand
It’s tempting to re-use the same password for multiple online accounts. Many of us have done it (it’s OK; this is a safe space). Convenient as it seems, this action puts you at high risk to get hacked via credential… read more →
Multi-Factor Authentication: How attackers still abuse these (often forgotten about) logins
Over the past years, we’ve urged companies to start using Multi-factor authentication (MFA) – and many have followed through. Unfortunately, we have a long way to go. First, the good news. MFA protects by adding a… read more →
3 New Phishing Streams Beyond Email - And How To Safeguard Them
There are cybersecurity phishing streams & threats constantly growing and evolving. Email spam is no longer the front line of the battlefield. Here are 3 new phishing streams beyond email - and how to safeguard them. read more →
Creating Small Containers for Penetration Testing
In this article I show you how to create small containers that use up to date tools. By default, the Golang Docker container at its smallest is 123 MB. While seemingly small, this can result in annoying latency and… read more →
12 Ways You'll Benefit from Continuous Penetration Testing
You need more value out of your pentests. The traditional point-in-time testing isn't cutting it. Continuous penetration testing brings an innovative methodology that better protects you and your business. This post… read more →
Penetration Testing Dropbox Part 3 - Provisioning
This is part 3 in a series about managing dropboxes for internal penetration testing. This part is all about provisioning a dropbox to be used with our OpenVPN server that we setup in [part… read more →
Penetration Testing Dropbox Part 2 - VPN Infrastructure
In part 2 we go beyond autossh and create a OpenVPN server that our dropboxes and pentesters will connect to. We'll walk through configurations and certificates needed for seamless connectivity. read more →
Penetration Testing Dropbox Part 1 - Hardware
Setup and managing a pentest dropbox infrastructure should be simple, reliable, and versatile. In part 1 we'll show you the hardware options, and in part 2 we'll go beyond autossh and create a OpenVPN environment that… read more →
Getting started with MITRE CALDERA
The MITRE CALDERA project is an automated adversary emulation system. It's primary purpose is to execute a series of operations to help determine if adversarial tactics can be detected in your enterprise environment. read more →
Continuous Human & Automated Security
The Expert-Driven Offensive
Security Platform
Continuously monitor your attack surface with advanced change detection. Upon change, testers and systems perform security testing. You are alerted and assisted in remediation efforts all contained in a single security application, the Sprocket Platform.
Expert-Driven Offensive Security Platform
- Attack Surface Management
- Continuous Penetration Testing
- Adversary Simulations