Download our Latest Industry Report – Continuous Offensive Security Outlook 2026

Download Report

Category: Offensive Security

Reunifying the Cloud: Introducing Aurelian for Multi-Cloud Security Testing

Illustrated portrait of Roman Emperor Aurelian, the namesake of Praetorian's open-source cloud security tool

You are one week into a cloud penetration test. The client handed you an AWS access key, pointed you at three Azure subscriptions, and mentioned a GCP project that “someone on the platform team set up last year.” Your objective: find everything that is exposed, misconfigured, or one IAM policy away from a full compromise. […]

When HttpOnly Isn’t Enough: Chaining XSS and GhostScript for Full RCE Compromise

HttpOnly cookie bypass attack chain diagram showing XSS to GhostScript RCE

What started as a standard cross-site scripting vulnerability in a document processing platform turned into a full administrative takeover of the application and, ultimately, remote code execution on the underlying server. The HttpOnly flag protected the session cookie from Javascript, but did the application keep it safe? During a recent assessment of a document processing […]

Augustus v0.0.9: Multi-Turn Attacks for LLMs That Fight Back

Augustus v0.0.9 multi-turn LLM attacks

Single-turn jailbreaks are getting caught. Guardrails have matured. The easy wins — “ignore previous instructions,” base64-encoded payloads, DAN prompts — trigger refusals on most production models within milliseconds. But real attackers don’t give up after one message. They have conversations. Augustus v0.0.9 now ships with a unified engine for LLM multi-turn attacks, with four distinct […]

Et Tu, RDP? Detecting Sticky Keys Backdoors with Brutus and WebAssembly

Brutus open-source tool detecting RDP sticky keys backdoors using WebAssembly

Everyone knows that one person on the team who’s inexplicably lucky, the one who stumbles upon a random vulnerability seemingly by chance. A few days ago, my coworker Michael Weber was telling me about a friend like this who, on a recent penetration test, pressed the shift key five times at an RDP login screen […]

Mapping the Unknown: Introducing Pius for Organizational Asset Discovery

Pius open-source asset discovery tool terminal output showing CIDR ranges and domains discovered across multiple registries

Asset discovery is an essential part of Praetorian’s service delivery process. When we are engaged to carry out continuous external penetration testing, one key action is to build and maintain a thorough target asset inventory that goes beyond any lists or databases provided by the system owner. Pius is our open-source attack surface mapping tool […]

When Proxies Become the Attack Vectors in Web Architectures

Diagram illustrating how reverse proxies become attack vectors in web architectures via HTTP header inconsistencies

Many Reverse proxy attack vectors expose a flawed assumption in modern web architectures that backends can blindly trust security-critical headers from upstream reverse proxies. This assumption breaks down because HTTP RFC flexibility allows different servers to interpret the same headers in fundamentally different ways, creating exploitable gaps that attackers are increasingly targeting. I want to […]

Your Vulnerability Scanner Might Be Your Weakest Link

Overview Vulnerability scanners are a cornerstone of modern security programs, helping teams identify weaknesses before attackers do. But when these tools are configured with privileged credentials, they can themselves become high-value targets. In one case, while running continuous testing through our Chariot platform for a Fortune 500 financial services company, we compromised a server and […]

The Security Time Capsule: Evolving Beyond Legacy Pen Testing

Legacy point-in-time penetration testing started in the 1960s, back when networks were static, attackers behaved like hobbyists, and change moved slowly. We live in a very different world now. The practice of annual testing was shaped for a world that no longer exists, one without dynamic cloud infrastructure, identity sprawl, or AI-accelerated threats. Yet many […]

Hunting for Secrets in Plain Sight: Leveraging Internal Logging and Monitoring Services

In penetration testing and red teaming, success often lies in uncovering hidden paths of least resistance. While sophisticated exploits and zero-days frequently capture headlines, highly effective attack opportunities often hide in plain sight – like within internal logging and monitoring platforms. At Praetorian, we’ve observed first-hand the value of targeting internal logging and monitoring platforms […]

Leveraging Microsoft Text Services Framework (TSF) for Red Team Operations

The Praetorian Labs team was tasked with identifying novel and previously undocumented persistence mechanisms for use in red team engagements. Our primary focus was on persistence techniques achievable through modifications in HKCU, allowing for stealthy, user-level persistence without requiring administrative privileges. Unfortunately, while we identified an interesting persistence technique, the method we discuss in this […]