🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

🚨 We have released an improved Nuclei template that more accurately detects the unauthenticated RCE vulnerability in Ingress NGINX Controller for Kubernetes. See why this is important and access the template via our latest blog: praetorian.com/blog/an-improv…

In just 1.022 seconds, a token exposure created a seam that could have lead to a large-scale supply chain attack - a la tj-actions. Join us on 4/10 as we walk through CodeQLEAKED, how it was uncovered, and how you can find similar vulns in the future 🐴 praetorian.com/resources/unpa…

Stoked for next week's "Securing GenAI Applications" session at hashtag#VulnCon! We'll get our hands dirty breaking into a vulnerable GenAI app with an emphasis on the OWASP Top 10 for LLM Apps! Reg here: first.org/conference/vul… #vulncon FIRST.org

⭐️ Strong showing at FIRST.org's #VulnCon for Praetorian's Director of OffSec L&D session - Breaking the Bot: GenAI Web App Attack Surface & Exploitation. Don't fret, you can catch Ken IRL at plenty of events in the not-so-distant future. Check it : praetorian.com/speaking-and-e…

Skills can be taught. Tools change. Principles? That's what holds Praetorian together. Our culture is built on this foundation. Learn how being guardians of talent guides everything we do: rb.gy/0q5l0s #PraetorianLife

That DICOM vulnerability allowing code in medical images? It's not just Windows. Our ELFDICOM PoC extends the threat to Linux systems in healthcare via polyglot (ELF+DICOM) malware. Novel attack path analysis: praetorian.com/blog/elfdicom-…

Praetorian research found RCE & code smuggling vulns in Node.js CI/CD (GitHub/Jenkins). If it happened there, are your pipelines secure? Kudos Node.js for the swift fix! Full details: praetorian.com/blog/agent-of-… #AppSec #RSAC #RSAC2025

Our HackSpaceCon takeover was a success 🚀🚀🚀🚀🚀🚀 Big thanks to all of our workshop participants and presentation attendees! Be sure to follow our in-person events calendar to find opportunities to connect with us in the future: praetorian.com/speaking-and-e…

.THOTCON! , we're comin' for ya!!! Attendees will get the chance to catch a (final) encore of our training, "Breaking the Bot: GenAI Web App Attack Surface & Exploitation." We'll also be debuting a never-before-seen lateral movement technique for domain-joined Linux machines.

had a wonderful time at HackSpaceCon a few weeks ago :)

You wouldn't download a vape.... but if you're a Prae engineer in front of a HackSpaceCon then you might reverse engineer one in a bar 🤔 Our latest blog breaks down the entire journey - from initial teardown to discovering the surprising architecture inside consumer vaping

Last week's THOTCON! crowds were all smiles. Thanks to everyone who came out for any or all of our three sessions. See you next year 😄

Security teams don’t need more tools...They need clarity. Chariot proves what’s real and exploitable 🐴

Penetration testing is a lot like brushing your teeth. Annually is ...not enough. This is why we developed Chariot.

🚨 New attack disclosed: GitHub Device Code Phishing John, Matt, and Mason reveal how they've been using this technique to compromise F500 orgs with high success rates. 📖 Blog covers methodology, red team case studies & detection strategies praetorian.com/blog/introduci…

The Lockstep team are bringing back their annual #BlackHat party in Vegas on Weds, Aug 6th! Food, drinks, DJ, and good people - including our CEO, Nathan Sportsman! Space is limited - register now to 🔒 in your spot: lu.ma/zi3psuxr #BlackHat2025 #BHUSA

One of the fun things we did for the Nemesis 2.0 release was heavily optimizing our usage of Praetorian' Nosey Parker. Specifically, instead of calling the binary to scan + recalling to retrieve structured data all wrapped in a Python API as before, we now 1/3

🚨 GitPhish is now open source Our GitHub Device Code Phishing automation tool is live: 🕒 Dynamic device code generation 🚀 Auto GitHub Pages deployment 💻 CLI + web dashboard 🎯 Multi-target capability Learn more via our latest blog: praetorian.com/blog/gitphish-…

We've spent years researching and building tools for CICD security. Now, we're ready to knowledge dump at a 2-day hands-on training at Black Hat (Aug 2-3, 4-5): Learn more: praetorian.com/blog/ci-cd-tra…

When we got access to Git[Hub,Lab] on Red Teams - it was almost always $$$. So it's pretty awesome to see a couple folk and friends over on my old RT running a training giving away the secret sauce we used to pwn these orgs! Mason Davis wrote up a post on more details on the