Comcast Business Cybersecurity Threat Report analyzed events, revealing how attackers are shifting tactics and accelerating the pace at which exposures become exploitable. We will expand on four of the threats that keep showing up in breach postmortems, how they work in reality, and what organizations should do about them.
Testing Lab
Testing Lab
Where our research team shares tools, techniques, and threat intelligence
Security Research
Sprocket Security's Director of Technical Operations reveals how Domain Admin access was gained through overlooked misconfigurations and intricate attack paths, with both insight and humor.
Sprocket Security Senior Penetration Tester examines how transliteration and language backgrounds shape password creation, adding complexity for both users and attackers in his 2025 CypherCon talk.
Explore common pitfalls in Java and C# reflection practices—understand how insecure use of reflection can expose applications to vulnerabilities like code injection, unauthorized access, and bypassed security controls, and learn key strategies to harden your code.
Explore how Sprocket Security uncovered chained vulnerabilities and learn how overlooked parameters led to serious security risks.
What being a hacker really means—no title required. After a decade in offensive security, Nate Fair shares honest lessons on hacking.
Explore a security expert's take on validating the Next.js CVE-2025-29927 exploit, its impact, and techniques for assessing and mitigating the risk.
In this series the service delivery team writes about an outstanding talk they saw at a conference and implementing those lessons at scale.
Your Always-On Security Engine
Our team utilizes a custom blend of methodologies from the best penetration testing standards.
As an offensive security team, we are committed to providing a world-class capability that blends more seamlessly with your larger operations. While there’s always more work to do, we pride ourselves on our commitment to the continuous model, and expanded risk intelligence it can provide to our customers. If you’re locked into a contract, but are curious to know what this band of practitioners can do, consider engaging us for our Red Team Events.
Casey Cammilleri
Founder & CEO
No slides. No sales pitches. Just real talk about how security leaders evaluate, select, and justify security solutions.
Watch
No slides. No sales pitches. Just real talk about how security leaders evaluate, select, and justify security solutions.
Watch
Join Sprocket's Team as they expose real techniques used to bypass security tools and learn what this means for validating security tools before you buy.
Watch
Penetration testing remains a core pillar of cybersecurity, but not all tests are created equal. This webinar with Sprocket Security and ISC2 recorded on July 24, 2025 explores 5 types
...
Watch
Black Hat and DEFCON (affectionately dubbed Hacker Summer Camp) is right around the corner! Join us as "hackers" everywhere gear up for one of the most anticipated events of the
...
Watch
On this episode of Pentesters Chat, our team explored offensive security engagements.
Watch
Whether you're just starting to explore ASM or are looking to refine your existing strategy, this webinar will provide valuable insights and actionable advice to strengthen your organization’s security posture.
Watch
The Sprocket testing team discusses Single Sign On (SSO).
Watch
The Sprocket testing team discusses Attack Surface Management.
Watch
The Sprocket testing team discusses Password Protected Systems.
Watch
The Sprocket testing team discusses AI and Machine Learning Systems.
Watch
Casey Cammilleri appeared on David Spark's webinar, Super Cyber Friday to discuss all things around the future of pentesting
Watch
