Announcing Gato Version 1.5!
On January 21, 2023 at ShmooCon 2023, Praetorian open-sourced Gato (Github Attack Toolkit), a first of its kind tool that focuses on abusing offensive TTPs targeting self-hosted GitHub Actions Runners. Since then, ...
fwd:cloudsec 2023: Top Four Themes in Cloud Security for 2023
At Praetorian, we pride ourselves on our extensive expertise in cloud security and our commitment to staying at the forefront of the ever-evolving landscape. We consequently were excited to attend the highly ...
Improving Performance and Scalability: Updates and Lessons from Inspector, Our End-to-End Testing Solution
Overview In a previous article titled Inspector or: How I Learned to Stop Worrying and Love Testing in Prod, we discussed our end-to-end testing solution, Inspector, which we leverage to perform continuous ...
MOVEit! An Overview of CVE-2023-34362
On May 31st, 2023, Progress disclosed a serious vulnerability in its MOVEit Transfer software. The vulnerability is remotely exploitable, does not require authentication, and impacts versions of the software that are 2023.0.1 ...
Content Discovery: Understanding Your Web Attack Surface
Attack Surface Management (ASM) tools find quite a lot of vulnerabilities on the Web. This really isn’t surprising, given that HTTP/S is by far the most common and broadest of all the ...
In Brief: Chariot Alignment with FDA Section 524B.1
Chariot is more than a product; it’s a partnership that combines automated monitoring and human analysis to identify externally-accessible security risks. In light of the FDA’s latest requirements for in-market device security ...
Measuring People, Process, and Technology Effectiveness with NIST CSF 2.0
The National Institute of Standards and Technology (NIST) recently released the latest draft of the Cybersecurity Framework (CSF) 2.0, incorporating numerous updates and improvements over its predecessor. Among these changes, the addition ...
Cyber Cartography: Mapping a Target
As Phil Venables has said, “at some level, cyber defense is a battle over whether the attacker or defender has better visibility of the target. Action is key, yes, but without good ...
Screenshotting: Can You See What I See?
At Praetorian, we firmly believe that the most effective way to secure your systems is to look at them through an offensive lens. After all, when you view yourself the same way ...
Dynamic Linking Injection and LOLBAS Fun
Dynamic-Linking Injection and LOLBAS Fun Introduction LoadLibrary and LoadLibraryEx are how Windows applications load shared libraries at runtime. Praetorian recently tested a .NET web application that unsafely passed user input into LoadLibrary ...
