corporate security
AI and Executive Protection: New Risks, New Defenses
Discover how AI is weaponizing executive data for hyper-personalized phishing and learn how security teams can use defensive AI to flip the script on attackers ...
Shadow Admins in Active Directory: Hidden Privilege Paths Attackers Exploit
What Are Shadow Admins in AD? A common problem we encounter within many customer AD environments are accounts that, at first glance, may appear innocuous, but that actually have hidden administrative privileges ...
The Operative’s Field Guide to Elicitation: Bypassing “The Filter”
In leadership, as in social engineering, the greatest obstacle to obtaining ground-truth intelligence is The Filter. This is the natural human tendency to sanitize information when speaking to authority. When ...
Long Live the Pwn Request: Hacking Microsoft GitHub Repositories and More
Software supply chain attacks have been increasing both in frequency and severity in recent months. In response to these attacks, the CISA has even released a cybersecurity information sheet (CSI) on how ...
Helpdesk Telephone Attack: How to Close Process and Technology Gaps
Introduction As we have witnessed in recent weeks with the MGM and Caesars Entertainment breaches, helpdesks are prime attack surfaces that are seeing a surge in exploitation. Although much of the press ...
Announcing Gato Version 1.5!
On January 21, 2023 at ShmooCon 2023, Praetorian open-sourced Gato (Github Attack Toolkit), a first of its kind tool that focuses on abusing offensive TTPs targeting self-hosted GitHub Actions Runners. Since then, ...
A Constant State of Crisis: How Corporate Security Teams Are Adapting to the New Normal
Corporate security teams face a new normal, and it’s called permacrisis – a state where instability and insecurity are constant. While many security teams already operate in this mindset, the difference is ...
Phantom of the Pipeline: Abusing Self-Hosted CI/CD Runners
Introduction Throughout numerous Red Teams in 2022, a common theme of Source Control Supply Chain attacks in GitHub repositories has emerged. After many hours manually hunting for and exploiting these attack paths, ...
Automating the Discovery of NTLM Authentication Endpoints
Recently, I have been working on adding support for automated enumeration and discovery of NTLM authentication endpoints to Chariot, our external attack surface and continuous automated red teaming product scanning pipeline. Our ...
From Self-Hosted GitHub Runner to Self-Hosted Backdoor
Overview Continuous Integration and Continuous Delivery (CI/CD) systems are powerful and configurable tools within modern environments. At Praetorian, we are seeing organizations migrate to SaaS solutions like GitHub (GitHub.com) as their source ...
