Labs We build innovative, sustainable solutions that solve real-world problems for our customers and ourselves.
What is Labs? Labs is a small team at Praetorian doing big things. Our mission is to reliably build innovative and sustainable solutions that meaningfully solve real-world problems for ourselves and our customers. We're a small team making major impacts on the company and the industry. Our projects vary greatly, from developing new product and service capabilities to meet emerging customer needs to providing subject matter expertise and advise and assist operations to our product, engineering, and services teams.
Recent Projects From product support to building out radical new technologies, we approach projects that align with our company strategy, with the speed and ambition of a startup.
What’s New at Praetorian Labs What catches our attention? Game changing ideas and advancements with the potential for a 10X impact on the world’s most challenging problems. What We’re Reading January 1, 2021 Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection: Obfuscation, Watermarking, and Tamperproofing for Software Protection Not for the faint at heart, but this book offers thorough, scholarly coverage of an area that is growing in importance in cybersecurity Christian Collberg's take on Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection: Obfuscation, Watermarking, and Tamperproofing for Software Protection New campaign targeting security researchers Google Top 10 web hacking techniques of 2020 - nominations open PortSwigger Our Writings Long Live the Pwn Request: Hacking Microsoft GitHub Repositories and More Software supply chain attacks have been increasing both in frequency and severity in recent months. In response to these attacks, the CISA has even released a cybersecurity information sheet (CSI) on how organizations can secure their CI/CD pipelines. The introduction to the CSI states: “(The) CSI explains how to integrate security best practices into typical […] Read more DoubleQlik: Bypassing the Fix for CVE-2023-41265 to Achieve Unauthenticated Remote Code Execution Overview On August 29th, 2023, Qlik issued a patch for two vulnerabilities we identified in Qlik Sense Enterprise, CVE-2023-41265 and CVE-2023-41266. These vulnerabilities allowed for unauthenticated remote code execution via path traversal and HTTP request tunneling. As part of our standard operating procedure, we performed a diff of the issued patch to identify potential bypasses […] Read more Helpdesk Telephone Attack: How to Close Process and Technology Gaps Introduction As we have witnessed in recent weeks with the MGM and Caesars Entertainment breaches, helpdesks are prime attack surfaces that are seeing a surge in exploitation. Although much of the press surrounding these most recent events alludes to helpdesk operators’ roles in the exploits, this type of vulnerability actually is a technology and process […] Read more View More
Long Live the Pwn Request: Hacking Microsoft GitHub Repositories and More Software supply chain attacks have been increasing both in frequency and severity in recent months. In response to these attacks, the CISA has even released a cybersecurity information sheet (CSI) on how organizations can secure their CI/CD pipelines. The introduction to the CSI states: “(The) CSI explains how to integrate security best practices into typical […] Read more
DoubleQlik: Bypassing the Fix for CVE-2023-41265 to Achieve Unauthenticated Remote Code Execution Overview On August 29th, 2023, Qlik issued a patch for two vulnerabilities we identified in Qlik Sense Enterprise, CVE-2023-41265 and CVE-2023-41266. These vulnerabilities allowed for unauthenticated remote code execution via path traversal and HTTP request tunneling. As part of our standard operating procedure, we performed a diff of the issued patch to identify potential bypasses […] Read more
Helpdesk Telephone Attack: How to Close Process and Technology Gaps Introduction As we have witnessed in recent weeks with the MGM and Caesars Entertainment breaches, helpdesks are prime attack surfaces that are seeing a surge in exploitation. Although much of the press surrounding these most recent events alludes to helpdesk operators’ roles in the exploits, this type of vulnerability actually is a technology and process […] Read more