Konstellation: A Tool for RBACpacking in Kubernetes

Konstellation: A Tool for RBACpacking in Kubernetes

The author presented this paper and corresponding tool at Black Hat: Arsenal 2023 on August 10, 2023. For a more general overview of Konstellation and its capabilities vis a vis Kubernetes RBAC, ...

Introducing Konstellation, for Kubernetes RBAC Analysis

Praetorian is excited to announce the upcoming release of Konstellation, a new open-source tool that simplifies Kubernetes role-based access control (RBAC) data collection and security analysis. Join us at Black Hat Arsenal ...
Announcing Gato Version 1.5!

Announcing Gato Version 1.5!

On January 21, 2023 at ShmooCon 2023, Praetorian open-sourced Gato (Github Attack Toolkit), a first of its kind tool that focuses on abusing offensive TTPs targeting self-hosted GitHub Actions Runners. Since then, ...
Improving Performance and Scalability: Updates and Lessons from Inspector, Our End-to-End Testing Solution

Improving Performance and Scalability: Updates and Lessons from Inspector, Our End-to-End Testing Solution

Overview In a previous article titled Inspector or: How I Learned to Stop Worrying and Love Testing in Prod, we discussed our end-to-end testing solution, Inspector, which we leverage to perform continuous ...

MOVEit! An Overview of CVE-2023-34362

On May 31st, 2023, Progress disclosed a serious vulnerability in its MOVEit Transfer software. The vulnerability is remotely exploitable, does not require authentication, and impacts versions of the software that are 2023.0.1 ...

Content Discovery: Understanding Your Web Attack Surface

Attack Surface Management (ASM) tools find quite a lot of vulnerabilities on the Web. This really isn’t surprising, given that HTTP/S is by far the most common and broadest of all the ...

Find More Secrets with Nosey Parker v.0.12.0

On March 2, 2023, we issued some updates to our secrets sniffing tool, Nosey Parker, which has been available as an Apache 2-licensed open-source project since December 2022. We originally developed the ...
Bypassing Akamai’s Web Application Firewall Using an Injected Content-Encoding Header

Bypassing Akamai’s Web Application Firewall Using an Injected Content-Encoding Header

During a recent Chariot customer pilot we identified an interesting method to bypass the cross-site scripting (XSS) filtering functionality within the Akamai Web Application Firewall (WAF) solution. Chariot had identified a Carriage ...

Open Source Tools: From Our Lab to Your Fingertips

One of the core decisions we’ve made at Praetorian is to maximize efficiency and effectiveness. In pursuit of this, we carefully select and implement automation and technical solutions for tasks that don’t ...
Nosey Parker RegEx: A Positive Community Response

Nosey Parker RegEx: A Positive Community Response

On December 7, 2022, Praetorian Labs released a regular expression-based (RegEx) version of our Nosey Parker secrets scanning tool (see press release). This version improves on two primary pain points the community ...