On December 7, 2022, Praetorian Labs released a regular expression-based (RegEx) version of our Nosey Parker secrets scanning tool (see press release). This version improves on two primary pain points the community has historically encountered with other secrets scanning tools. First, Nosey Parker RegEx offers the fastest secrets scanning capability ... Read More

On December 7, 2022, Praetorian Labs released a regular expression-based (RegEx) version of our Nosey Parker secrets scanning tool (see press release). This version improves on two primary pain points the community has historically encountered with other secrets scanning tools. First, Nosey Parker RegEx offers the fastest secrets scanning capability ... Read More

Finding vulnerabilities, hacks, exploits, and full root access are goals for security engineers when they begin to assess a device, right? But when working with hardware, you cannot simply dive into the hacking on day one. Your exploits will only be as successful as the setup work you’ve done! This ... Read More

Recently, I have been working on adding support for automated enumeration and discovery of NTLM authentication endpoints to Chariot, our external attack surface and continuous automated red teaming product scanning pipeline. Our red team requested this feature as a way to identify NTLM authentication endpoints exposed over HTTP that they ... Read More

Early this Summer, we shared our thoughts on the industry-wide shortage of cybersecurity talent to meet an ever-growing demand. One aspect of this phenomenon that we did not touch on in that post was the gender gap within the cybersecurity community, about which the World Bank hosted a Spring conference ... Read More

Overview Recently, I’ve shifted from primarily performing red team engagements to assisting in the development of Chariot, Praetorian’s attack surface management (ASM) and continuous automated red teaming (CART) product offering. Our Praetorian Labs team has developed multiple tools to support Chariot and our Services organization. One of these, a subsystem ... Read More

 In Part 1 of this series , we discussed how organizations can go about selecting a framework for implementation. In order to effectively measure your organization against the selected framework, the organization must take five crucial steps before doing any assessment or analysis. Define the rating scale Define the rating ... Read More

Overview Continuous Integration and Continuous Delivery (CI/CD) systems are powerful and configurable tools within modern environments. At Praetorian, we are seeing organizations migrate to SaaS solutions like GitHub (GitHub.com) as their source code management and CI/CD solution, instead of on-premises tools like BitBucket, Bamboo, and Jenkins. On our Red Team ... Read More

At Praetorian, one of our top priorities is looking over each client’s Identity and Access Management (IAM) structure. Several of our large clients use Google Cloud Provider (GCP), which is one of the top three cloud providers with about eight percent of the cloud services market share. During our work ... Read More

Earlier this year we announced Nosey Parker, a new scanner that uses machine learning techniques to detect hardcoded secrets in source code with few false positives. Since then we’ve continued its development and expanded its use in security engagements at Praetorian. In a few cases Nosey Parker has contributed to ... Read More