• What is the Difference Between a Penetration Test and a Red Team Assessment?


    Posted by Praetorian Staff

    When looking for external security services there is often a lot of confusion across the board concerning what exactly a penetration test is vs a “Red Team” operation, as a main component of the latter is essentially penetration testing. This blog acts as a resource to identify the differences between a normal penetration test and a full red team assessment.


    read more »



  • An Alternative and More Effective Approach to Commoditized Penetration Testing


    Posted by Praetorian Staff

    Penetration testing is a well known and understood exercise to keep your security team and procedures ahead of the curb, but due to the commoditization of testing itself, it is often not used in the most optimal way to secure your corporate assets, and more often is not conducted with the best methods.


    read more »



  • Josh Abraham

    Signed Binaries Proxy Execution - T1218


    Posted by Josh Abraham

    The MITRE ATTACK April release included is a new TTP known as 'Signed Binaries Proxy Execution' which is T1218. This TTP is based on an attacker using signed binaries to perform malicious activities.


    read more »



  • Josh Abraham

    Signed Scripts Proxy Execution - T1216


    Posted by Josh Abraham

    Many organizations trust all signed code from Microsoft. Unfortunately, there are many ways in which attackers can use this trust against them. Previously, we covered using signed binaries to perform malicious activities. In this post, we will be covering how to use signed scripts.


    read more »



  • Josh Abraham

    How to use Kerberoasting - T1208 for Privilege Escalation


    Posted by Josh Abraham

    In our experience, Kerberoasting is an attack that is similar to others in that defenders need to fully under it to be able to properly migrate the risks. It’s our goal that through pushing this content into the MITRE ATT&CK framework we have increased the awareness of this TTP so that organizations can be better protected in the future.


    read more »



  • Josh Abraham

    Summary of April MITRE ATT&CK RELEASE


    Posted by Josh Abraham

    MITRE’s Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) is a curated knowledge base and model for cyber adversary behavior, reflecting the various phases of an adversary’s lifecycle and the platforms they are known to target. ATT&CK is useful for understanding security risk against known adversary behavior, for planning security improvements, and verifying defenses work as expected.


    read more »



  • Kesten Broughton

    Privilege Escalation in AWS with PassRole Attacks


    Posted by Kesten Broughton

    All instances launched by AWS by default have instance credentials supplied by the AWS metadata service. AWS operators can attach PassRole policies given to an instance at launch time.


    read more »



  • Anna Pobletts

    Path.Combine Security Issues in ASP.NET Applications


    Posted by Anna Pobletts

    Path traversal vulnerabilities are a common class of web application vulnerability, where an attacker aims to access files outside of the intended directory by using “../” patterns to traverse directories or by using absolute paths. These vulnerabilities are commonly found in file upload or download functionality of an application.


    read more »



  • Blake Luther

    KRACK (Key Installation Attack) Against Wi-Fi Networks


    Posted by Blake Luther

    A flaw in the implementation of WPA2-based encryption allows for an attacker within physical range of the wireless network to decrypt traffic from a vulnerable client, allowing for viewing, intercepting, and modifying data in transit. This vulnerability has been assigned CVE numbers CVE-2017-13077 through CVE-2017-13088. There does not yet exist a working public exploit for this attack. However, the research group who discovered it have published their efforts, and working exploit code is likely a matter of days away.


    read more »



  • Josh Abraham

    Shadow Brokers After Action Report


    Posted by Josh Abraham

    Microsoft released security updates in March that address many of the issues already. Therefore, there are no 0day vulnerabilities included in the toolset that can be used against fully patched versions of Windows. The toolset was built in 2013 which means it doesn’t include Windows 10 and 2016. Legacy versions of Windows are still vulnerable since Microsoft won’t release security updates for them.


    read more »




Your World, Secured.


Tech Puzzles

Try our Puzzles

Test your problem solving skills. Do you have what it takes?

Try puzzles »