Labs
We build innovative, sustainable solutions that solve real-world problems for our customers and ourselves.
What is Labs?
Labs is a small team at Praetorian doing big things. Our mission is to reliably build innovative and sustainable solutions that meaningfully solve real-world problems for ourselves and our customers. We're a small team making major impacts on the company and the industry. Our projects vary greatly, from developing new product and service capabilities to meet emerging customer needs to providing subject matter expertise and advise and assist operations to our product, engineering, and services teams.
Nathan Sportsman CEO, Praetorian
Labs is at the core of Praetorian's next wave of innovation, and our relentless pursuit to solve the cybersecurity problem.
Recent Projects
From product support to building out radical new technologies, we approach projects that align with our company strategy, with the speed and ambition of a startup.
Do you have a challenging problem you think might be right for Praetorian Labs? Contact Us
-
GoKart
An open source, next generation SAST tool for GoLang
View on Github -
Chariot by Praetorian
Currently in alpha: Chariot by Praetorian is a truly next generation application security orchestration and automation platform.
Learn more about Chariot -
pentestly
Python and Powershell internal penetration testing framework
View on Github -
trudy
A transparent proxy that can modify and drop traffic for arbitrary TCP connections
View on Github -
pyshell
PyShell makes interacting with web-based command injection less painful, emulating the feel of an interactive shell as much as possible
View on Github -
trident
An automated password spraying tool
View on Github
What’s New at Praetorian Labs
What catches our attention? Game changing ideas and advancements with the potential for a 10X impact on the world’s most challenging problems.
What We’re Reading
January 1, 2021Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection: Obfuscation, Watermarking, and Tamperproofing for Software Protection
Not for the faint at heart, but this book offers thorough, scholarly coverage of an area that is growing in importance in cybersecurityChristian Collberg's take on Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection: Obfuscation, Watermarking, and Tamperproofing for Software Protection
-
New campaign targeting security researchers
Google -
Top 10 web hacking techniques of 2020 - nominations open
PortSwigger
Our Writings
-
Signing and Encrypting with JSON Web Tokens
Cryptographic weaknesses often arise in applications when the core security concepts are misunderstood or misused by developers. For this reason, a thorough review of all cryptographic implementations can be a juicy target when designing an application or starting a security assessment. Often, cryptography is used in the context of communication (e.g. a key exchange or […]
Read more -
Computer Account Relaying Vulnerabilities Part 2
Overview Recently I’ve been working on writing a custom SMB client that implements the initial handshake and NTLM authentication functionality to perform port fingerprinting within Chariot Identify, our attack surface management product. While reading through the SMB specification, I got to thinking about Computer AdminTo Computer vulnerabilities we have exploited over the last few years […]
Read more -
Guest who? Insecure Azure Defaults!
Introduction Azure has an insecure default guest user setting, and your organization is probably using it. The default settings Azure provides would allow any user within the organization (including guest users) to invite guest users from any domain, bypassing any central identity management solutions (e.g. Okta, Auth0) and onboarding processes. Additionally, an attacker may use […]
Read more