Tools & Techniques

39C3 - Escaping Containment: A Security Analysis of FreeBSD Jails

FreeBSoD: Leveraging Language Models to Find and Exploit Kernel Bugs (Part 1 of 2)

| | AI Security, Claude Code, CodeQL, CVE-2026-3038, Exploit Development, FreeBSD, KASAN, Kernel Security, Offensive Security, Tools & Techniques, Vulnerability Research, zero-day
Overview Earlier this year, a team at Praetorian was building Constantine, our automated 0-day discovery engine. I wanted to find techniques worth folding into it, so on the side I started poking ...
Offensive Security Blog: Latest Trends in Hacking | Praetorian
Centurion: Bring Your Own Execution Environment

Centurion: Bring Your Own Execution Environment

| | Centurion, LLM Development, Offensive Security, Red Team, security insights, Tools & Techniques, Virtualized Loader, Vulnerability Research, WasmForge
Writing my own virtualized loader is something I’ve been wanting to do since I first read Microsoft’s deep dive on FinFisher’s multi-layered VM obfuscation back in 2018. FinFisher didn’t just use one layer of ...
Offensive Security Blog: Latest Trends in Hacking | Praetorian
Enter the WasmForge: Compiling Sliver into WebAssembly

Enter the WasmForge: Compiling Sliver into WebAssembly

| | AI Offensive Security, C2 development, Claude Code, EDR, EDR evasion, Labs, malware automation, Offensive Security, open source, red-team-tools, Tools & Techniques, Vulnerability Research
In our last post we used a Claude skill to systematically beat down VirusTotal detection rates on offensive security tools, with a brief mention of a new loader we’d been using to ...
Offensive Security Blog: Latest Trends in Hacking | Praetorian
Adversarial Oracles: LLM-Guided EDR Signature Reduction

Adversarial Oracles: LLM-Guided EDR Signature Reduction

| | adversarial, AI Security, Offensive Security, open source, Red Team, Static Analysis, Tools & Techniques
In previous blog posts we’ve talked about getting nerd sniped. Today we’re going to talk about a kind of nerd sniping that any offensive security tool creator is familiar with; when your ...
Offensive Security Blog: Latest Trends in Hacking | Praetorian
Your Login Page Is Lying: What AI Agents Find When They Read Your Frontend

Your Login Page Is Lying: What AI Agents Find When They Read Your Frontend

| | AI Security, Application Security, Attack Surface Management, Offensive Security, Red Team, security insights, Tools & Techniques, Vulnerability Research
TL;DR: Single-page applications ship their entire frontend codebase to every visitor, including unauthenticated ones. Even a login page with no visible functionality delivers JavaScript bundles containing route definitions, API endpoint URLs, authentication ...
Offensive Security Blog: Latest Trends in Hacking | Praetorian
Meet Vespasian. It Sees What Static Analysis Can’t.

Meet Vespasian. It Sees What Static Analysis Can’t.

| | API security, Application Security, Burp Suite, graphql, Offensive Security, Open Source Tools, openapi, Penetration Testing, Praetorian Guard Platform, Tools & Techniques, Vespasian
Praetorian is excited to announce the release of Vespasian, a probabilistic API endpoint discovery, enumeration, and analysis tool. Vespasian watches real HTTP traffic from a headless browser or your existing proxy captures ...
Offensive Security Blog: Latest Trends in Hacking | Praetorian
Flowchart showing attack steps from anonymous attacker discovering target via Shodan to creating developer account and exfiltrating data

Azure APIM Signup Bypass: 97.9% of Developer Portals Still Exploitable Anonymously and from the Internet

| | API Management Security, API security, authentication bypass, Azure APIM, Azure security, Cloud Security, Cross-Tenant Attack, Developer Portal, Internet-Facing Vulnerability, Microsoft Azure, MSRC Response, Offensive Security, open source, Tools & Techniques, Vulnerability Research
The Azure APIM signup bypass is a critical vulnerability affecting 97.9% of internet-facing Developer Portals. Azure API Management (APIM) exposes APIs to external consumers through a Developer Portal, the interface where developers ...
Offensive Security Blog: Latest Trends in Hacking | Praetorian
Dialog box showing localhost URL file-processing.local:8080 with file-processing.local text and cyan OK button

When HttpOnly Isn’t Enough: Chaining XSS and GhostScript for Full RCE Compromise

| | Application Security, CVE, Offensive Security, Tools & Techniques, Vulnerability Research
What started as a standard cross-site scripting vulnerability in a document processing platform turned into a full administrative takeover of the application and, ultimately, remote code execution on the underlying server. The ...
Offensive Security Blog: Latest Trends in Hacking | Praetorian
Terminal window showing Augustus Hydra scan results with attacker-target conversation about lock picking, displaying scores and SUCCESS/FAIL status

Augustus v0.0.9: Multi-Turn Attacks for LLMs That Fight Back

| | AI Security, Augustus, GPT-4o, jailbreak, Labs, LLM Red Teaming, Multi-Turn Attacks, Offensive Security, open source, Open Source Tools, security insights, Tools & Techniques
Single-turn jailbreaks are getting caught. Guardrails have matured. The easy wins — “ignore previous instructions,” base64-encoded payloads, DAN prompts — trigger refusals on most production models within milliseconds. But real attackers don’t ...
Offensive Security Blog: Latest Trends in Hacking | Praetorian
DEF CON 24 - Linuz, Medic - Sticky Keys To The Kingdom: Pre auth RCE

Et Tu, RDP? Detecting Sticky Keys Backdoors with Brutus and WebAssembly

| | Offensive Security, open source, Open Source Tools, Tools & Techniques, Vulnerability Research
Everyone knows that one person on the team who’s inexplicably lucky, the one who stumbles upon a random vulnerability seemingly by chance. A few days ago, my coworker Michael Weber was telling ...
Offensive Security Blog: Latest Trends in Hacking | Praetorian
Load more