There’s Always Something: Secrets Detection at Engagement Scale with Titus
TL;DR: Titus is an open source secret scanner from Praetorian that detects and validates leaked credentials across source code, binary files, and HTTP traffic. It ships with 450+ detection rules and runs as a CLI, Go library, Burp Suite extension, or Chrome browser extension — putting secrets detection everywhere you already work during engagements. Say you find […]
Julius Update: From 17 to 33 Probes (and Now Detecting OpenClaw)
TL;DR: Julius v1.2.0 nearly doubles probe coverage from 17 to 33, adding detection for self-hosted inference servers, AI gateways, and RAG/orchestration platforms like Dify, Flowise, and KoboldCpp. The headline addition is OpenClaw, a fast-growing AI agent gateway where exposed instances leak API keys, grant filesystem access, and allow full user impersonation. Update Julius and run […]
As Strong As Your Weakest Parameter: An AI Authorization Bypass
In this AI gold rush, LLMs are becoming increasingly popular with many companies rolling out AI-assisted applications. When evaluating the security posture of these applications, it’s essential to pause and ask ourselves: what are we securing? Automated security tools that test models in isolation play an important role in identifying known vulnerabilities and establishing security […]
Azure RBAC Privilege Escalations: Azure VM
Microsoft Azure provides administrators with controls to limit the actions a principal can take within the cloud environment. These actions can broadly be split into two categories: those that impact the Entra ID tenant and those that affect the Azure cloud subscription, the latter of which we will call “RBAC actions.” Prior research into Entra […]
Leveraging Microsoft Text Services Framework (TSF) for Red Team Operations
The Praetorian Labs team was tasked with identifying novel and previously undocumented persistence mechanisms for use in red team engagements. Our primary focus was on persistence techniques achievable through modifications in HKCU, allowing for stealthy, user-level persistence without requiring administrative privileges. Unfortunately, while we identified an interesting persistence technique, the method we discuss in this […]
Introducing Nosey Parker Explorer
Introducing Nosey Parker Explorer: an interactive review tool for findings from Nosey Parker – the machine learning powered, multi-phase solution for locating secret exposure.
ETW Threat Intelligence and Hardware Breakpoints
Learn to bypass EDR detection using NtContinue for hardware breakpoints without triggering ETW Threat Intelligence. This technical blog explores kernel debugging, debug registers, and EDR evasion with code examples.
Tarbomb Denial of Service via Path Traversal
Praetorian recently uncovered a denial-of-service vulnerability by chaining together path traversal and legacy file upload features in a CI/CD web application; highlighting the risks of undocumented features and the importance of input validation in web security.
Why Azure B2C ROPC Custom Flows Are Inherently Insecure
Microsoft’s Azure Active Directory B2C service allows cloud administrators to define custom policies, which orchestrates trust between principals using standard authentication protocols. One such custom policy that B2C defines by default is the Resource Owner Password Credentials (ROPC) flow, which implements the OAuth standard authentication flow of the same name and allows users to simply […]
Helpdesk Telephone Attack: How to Close Process and Technology Gaps
Introduction As we have witnessed in recent weeks with the MGM and Caesars Entertainment breaches, helpdesks are prime attack surfaces that are seeing a surge in exploitation. Although much of the press surrounding these most recent events alludes to helpdesk operators’ roles in the exploits, this type of vulnerability actually is a technology and process […]