Labs
Nosey Parker RegEx: A Positive Community Response
On December 7, 2022, Praetorian Labs released a regular expression-based (RegEx) version of our Nosey Parker secrets scanning tool (see press release). This version improves on two primary pain points the community ...
Automating the Discovery of NTLM Authentication Endpoints
Recently, I have been working on adding support for automated enumeration and discovery of NTLM authentication endpoints to Chariot, our external attack surface and continuous automated red teaming product scanning pipeline. Our ...
Inspector, or: How I Learned to Stop Worrying and Love Testing in Prod
Overview Recently, I’ve shifted from primarily performing red team engagements to assisting in the development of Chariot, Praetorian’s attack surface management (ASM) and continuous automated red teaming (CART) product offering. Our Praetorian ...
Six Months of Finding Secrets with Nosey Parker
Earlier this year we announced Nosey Parker, a new scanner that uses machine learning techniques to detect hardcoded secrets in source code with few false positives. Since then we’ve continued its development ...
Fingerprintx Tool: An Internship Project for the Real World
Introduction Port fingerprinting can detect specific services running on a network, which makes it useful during penetration tests. It expands visibility into potential attack surfaces and vulnerabilities within the network environment. Over ...
Video: TryHackMe – Behind the Curtain
Watch Now for Your Very Own Backstage Pass! Video and Slide Deck from EH-Net Live! Aug 2020 With the growing need for security professionals, a huge number of people are flooding the ...
Webinar: TryHackMe – Behind the Curtain
Register Now for Your Very Own Backstage Pass! With the growing need for security professionals, a huge number of people are flooding the job market from a diverse range of experience and ...
The State of Vulnerabilities in 2019
As a web application firewall provider, part of our job at Imperva is to continually monitor for new security vulnerabilities. To do this, we use internal software that collects information from various ...
Imperva Mitigates Exploits of Citrix Vulnerability – Right Out of the Box
On December 17, Citrix issued a Security Bulletin on an unauthenticated remote code execution vulnerability (CVE-2019-19781) affecting its Citrix Application Delivery Controller (ADC) – formerly known as NetScaler ADC – and its ...
Adding Some Salt to Our Network – Part 2
How our configuration management actually works Following a previous post which explained why we needed a configuration management system, this post explores how we built and implemented our configuration management using SaltStack ...