Resources

Tag: Pentesting

Explore resources tagged with "Tag: Pentesting".

Latest "Tag: Pentesting" tagged resources

Leveraging hijacked Slack sessions on macOS

We are going to dig into Slack workspace compromise to provide additional information and tooling you can use to leverage access. This guidance will build off of “Abusing Slack for Offensive Operations”, a great article… read more →

Users are a top threat to your network – and here’s why bug bounties won’t help

Bug-bounty programs live and die by their ability to target public-facing assets and then expose related vulnerabilities. But one asset is out of their reach, and it’s arguably the most dangerous to your network. read more →

How to hunt for SolarWinds Orion usage

Recent reports from FireEye revealed a large-scale campaign to infect company networks using a modified version of the SolarWinds Orion monitoring agent. read more →

Bug Bounty vs. Continuous Pen Testing: Understanding the Basics

Oh, the world of good ol’ bug-bounty programs. In recent months they’ve become a hot topic for IT teams looking to unearth vulnerabilities. And it’s easy to see why. They’re flashy and promise the world. Your company… read more →

InBusiness column: How testing protects your data – and bottom line

Getting hacked hurts. Not only is it often a PR nightmare and the cause of sleepless nights – a company data breach is a financial fright fest that can cost you millions of dollars. read more →

Discovering Active Directory Controllers in your Client Network

After initially accessing an internal network during a penetration test, you need to find out what the Active Directory (AD) infrastructure looks like. Here, we’re going to examine methods for this process from both… read more →

How to defend against password spraying

Given how often we see this tactic used, we’re going to break down the basics. We want to help you understand how password spraying works, along with some effective steps you can take to prevent it from being used… read more →

How to exploit Zerologon (CVE-2020-1472)

Recently, one of the most significant Microsoft Windows vulnerabilities since Eternal Blue (MS17-010) was brought to light. We’re going to show you how to exploit it during a pentest. read more →

How to: Execute passive internal recon during continuous penetration testing

When we launch continuous penetration testing in a new network, we don't want to raise suspicion of our presence. For one reason, we may be able to get credentials without doing anything intrusive at all. To do it, we… read more →

3 New Phishing Streams Beyond Email - And How To Safeguard Them

There are cybersecurity phishing streams & threats constantly growing and evolving. Email spam is no longer the front line of the battlefield. Here are 3 new phishing streams beyond email - and how to safeguard them. read more →

Creating Small Containers for Penetration Testing

In this article I show you how to create small containers that use up to date tools. By default, the Golang Docker container at its smallest is 123 MB. While seemingly small, this can result in annoying latency and… read more →

12 Ways You'll Benefit from Continuous Penetration Testing

You need more value out of your pentests. The traditional point-in-time testing isn't cutting it. Continuous penetration testing brings an innovative methodology that better protects you and your business. This post… read more →

Protect your company with Sprocket

Know your threats when they emerge.

When your environment changes, or new threats affect your attack surface, we perform security testing. There is a lot more value from this modern approach to testing.

Request a quote Learn how it works

Continuous Penetration Testing Subscription

  • Pentests
  • Web App Testing
  • Red Teaming
  • Social Engineering
  • Adversary Simulations