Find the latest Webinar content from the Sprocket Testing Team.
Settings icon Testing Lab

Testing Lab

Where our research team shares tools, techniques, and threat intelligence

Gear icon Latest
JP blog

Please Show Your Work: Bypassing JavaScript Proof-of-Work CAPTCHAs

Juan Pablo Gomez Postigo

Senior Penetration Tester
Auth bypass cover

Vulnerability Hunting a Retired App Part 1 - Auth Bypass

Nick Aures

Senior Penetration Tester
Ecommerce

Putting the Token Before the Cart? A Guide on E-Commerce API Pentesting

Nate Fair

Senior Penetration Tester

Shield check icon Security Research

WebQL: Using CodeQL To Conduct JavaScript Security Analysis Against Modern Web Applications
Sep 23, 2024

WebQL: Using CodeQL To Conduct JavaScript Security Analysis Against Modern Web Applications

Nate Fair
Senior Penetration Tester
Introducing WebQL, an automated JavaScript analysis tool that leverages CodeQL to identify and exploit vulnerabilities in modern web applications like SPAs and PWAs. By automating the extraction, beautification, and analysis of client-side code, WebQL enhances penetration testing by uncovering security issues obscured by modern development practices.
READ
I’m sick of 1000-line Python scripts.
Sep 20, 2024

I’m sick of 1000-line Python scripts.

Nicholas Anastasi
Director of Technical Operations
This blog introduces snickerdoodle, a customized Cookiecutter template designed to help penetration testers quickly create and share complex CLI tools. By automating project setup with features like pre-configured CLI interfaces, Rich logging, and integrated dependency management using Poetry, Snickerdoodle allows security professionals to focus on coding rather than boilerplate setup.
READ
Forbidden! Are 403 bypasses worth looking for?
Aug 28, 2024

Forbidden! Are 403 bypasses worth looking for?

Nicholas Anastasi
Director of Technical Operations
403 status code bypasses might seem niche and impractical at first glance, but they can be surprisingly valuable for uncovering vulnerabilities at scale. This blog delves into the nuances of 403 bypass techniques, exploring how tools like Nuclei and Burpsuite can be leveraged to identify hidden admin panels and other restricted areas, even when traditional methods fall short.
READ
Recent InfoSec Talks, Defcon 32 - SSHamble: Unexpected Exposures in the Secure Shell
Aug 26, 2024

Recent InfoSec Talks, Defcon 32 - SSHamble: Unexpected Exposures in the Secure Shell

Will Vandevanter
Principal Researcher
Will Vandevanter discusses a talk he saw at Defcon 2024 that was jam-packed with knowledge, hunting an international criminal, 0 days, and a new open-source tool. Will also talks about some takeaways he got from the talk.
READ
One Proxy to Rule Them All
Jul 15, 2024

One Proxy to Rule Them All

Joseph Morris
Bypass WAFs with gigaproxy: an HTTP proxy that rotates IPs using mitmproxy, AWS API Gateway, and Lambda. Read the blog to learn more.
READ
Exploring Modern Password Spraying: Introduction to Entra Smart Lockout
Jun 21, 2024

Exploring Modern Password Spraying: Introduction to Entra Smart Lockout

Nicholas Anastasi
Director of Technical Operations
Delve into the modern techniques and security controls surrounding password spraying. This series will explore the current techniques, tactics, and procedures (TTPs) for password spraying.
READ
Pwning SPA’s With Semgrep
May 30, 2024

Pwning SPA’s With Semgrep

Nate Fair
Senior Penetration Tester
Semgrep, or Semantic Grep (For Code) should be a part of your pentesting toolkit. If you think otherwise, read on to see why.
READ
From Twitter to Exploit: The Sprocket Security Lifecycle of Exploitation
May 16, 2024

From Twitter to Exploit: The Sprocket Security Lifecycle of Exploitation

Nate Fair
Senior Penetration Tester
Our approach to mass exploitation of the latest and greatest vulnerability. On the chopping block, this time around: CVE-2024-3400.
READ
1 2 3 4

Your Always-On Security Engine

Our team utilizes a custom blend of methodologies from the best penetration testing standards.

Testing Lab Logos
Casey Cammilleri

As an offensive security team, we are committed to providing a world-class capability that blends more seamlessly with your larger operations. While there’s always more work to do, we pride ourselves on our commitment to the continuous model, and expanded risk intelligence it can provide to our customers. If you’re locked into a contract, but are curious to know what this band of practitioners can do, consider engaging us for our Red Team Events.

Casey Cammilleri
Founder & CEO
Eye icon

Webcasts

Explore our collection of webcasts to stay informed and inspired.

How Leaders Prove ROI: A Candid Conversation About Buying Security Solutions
Nov 05, 2025

How Leaders Prove ROI: A Candid Conversation About Buying Security Solutions

No slides. No sales pitches. Just real talk about how security leaders evaluate, select, and justify security solutions.
Watch Play icon
Continuous Penetration Testing: Closing the Gaps Between Threat and Response
Oct 23, 2025

Continuous Penetration Testing: Closing the Gaps Between Threat and Response

No slides. No sales pitches. Just real talk about how security leaders evaluate, select, and justify security solutions.
Watch Play icon
Pentesters Chat - How Attackers Actually Bypass Security Tools
Aug 22, 2025

Pentesters Chat - How Attackers Actually Bypass Security Tools

Join Sprocket's Team as they expose real techniques used to bypass security tools and learn what this means for validating security tools before you buy.
Watch Play icon
ISC2 Webinar: 5 Types of Penetration Testing and Why Continuous Testing Wins
Jul 24, 2025

ISC2 Webinar: 5 Types of Penetration Testing and Why Continuous Testing Wins

Penetration testing remains a core pillar of cybersecurity, but not all tests are created equal. This webinar with Sprocket Security and ISC2 recorded on July 24, 2025 explores 5 types ...
Watch Play icon
Pentesters Chat - Hacker Summer Camp 2025
Jun 24, 2025

Pentesters Chat - Hacker Summer Camp 2025

Black Hat and DEFCON (affectionately dubbed Hacker Summer Camp) is right around the corner! Join us as "hackers" everywhere gear up for one of the most anticipated events of the ...
Watch Play icon
Pentesters Chat - Deep Dive Offensive Security Engagements
Apr 04, 2025

Pentesters Chat - Deep Dive Offensive Security Engagements

On this episode of Pentesters Chat, our team explored offensive security engagements.
Watch Play icon
Attack Surface Management in Action: Stories from Cybersecurity Leaders
Apr 03, 2025

Attack Surface Management in Action: Stories from Cybersecurity Leaders

Whether you're just starting to explore ASM or are looking to refine your existing strategy, this webinar will provide valuable insights and actionable advice to strengthen your organization’s security posture.
Watch Play icon
Pentesters Chat - The Double-Edged Sword of Single Sign On (SSO)
Mar 07, 2025

Pentesters Chat - The Double-Edged Sword of Single Sign On (SSO)

The Sprocket testing team discusses Single Sign On (SSO).
Watch Play icon
Pentesters Chat - Breaking Down Attack Surface Management
Jan 31, 2025

Pentesters Chat - Breaking Down Attack Surface Management

The Sprocket testing team discusses Attack Surface Management.
Watch Play icon
Pentesters Chat - Breaking into Password Protected Systems
Dec 06, 2024

Pentesters Chat - Breaking into Password Protected Systems

The Sprocket testing team discusses Password Protected Systems.
Watch Play icon
Pentesters Chat - Breaking into AI and Machine Learning Systems
Nov 04, 2024

Pentesters Chat - Breaking into AI and Machine Learning Systems

The Sprocket testing team discusses AI and Machine Learning Systems.
Watch Play icon
Super Cyber Friday: "Hacking the Future of Pentesting"
Sep 13, 2024

Super Cyber Friday: "Hacking the Future of Pentesting"

Casey Cammilleri appeared on David Spark's webinar, Super Cyber Friday to discuss all things around the future of pentesting
Watch Play icon