Labs
We build innovative, sustainable solutions that solve real-world problems for our customers and ourselves.
What is Labs?
Labs is a small team at Praetorian doing big things. Our mission is to reliably build innovative and sustainable solutions that meaningfully solve real-world problems for ourselves and our customers. We're a small team making major impacts on the company and the industry. Our projects vary greatly, from developing new product and service capabilities to meet emerging customer needs to providing subject matter expertise and advise and assist operations to our product, engineering, and services teams.
Nathan Sportsman
CEO, Praetorian
Labs is at the core of Praetorian's next wave of innovation, and our relentless pursuit to solve the cybersecurity problem.
Recent Projects
From product support to building out radical new technologies, we approach projects that align with our company strategy, with the speed and ambition of a startup.
Trident
An automated password spraying toolPassword spraying is not a particularly new or complicated method, but it continues to be used widely by adversaries. As such red team cybersecurity professionals need to test, analyze, and report on this attack vector. Trident was published in late 2020 to give security professionals an easy-to-use, feature-rich tool. Trident functions on multiple cloud platforms, and has extensible code interfaces to adapt the platform to specific use-cases in the future.
View on GithubDo you have a challenging problem you think might be right for Praetorian Labs? Contact Us
-
Chariot by Praetorian
Currently in alpha: Chariot by Praetorian is a truly next generation application security orchestration and automation platform.
Learn more about Chariot -
pentestly
Python and Powershell internal penetration testing framework
View on Github -
trudy
A transparent proxy that can modify and drop traffic for arbitrary TCP connections
View on Github -
pyshell
PyShell makes interacting with web-based command injection less painful, emulating the feel of an interactive shell as much as possible
View on Github
What’s New at Praetorian Labs
What catches our attention? Game changing ideas and advancements with the potential for a 10X impact on the world’s most challenging problems.
What We’re Reading
January 1, 2021Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection: Obfuscation, Watermarking, and Tamperproofing for Software Protection
Not for the faint at heart, but this book offers thorough, scholarly coverage of an area that is growing in importance in cybersecurityChristian Collberg's take on Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection: Obfuscation, Watermarking, and Tamperproofing for Software Protection
-
New campaign targeting security researchers
Google -
Top 10 web hacking techniques of 2020 - nominations open
PortSwigger
Our Writings
-
The Elephant in the Room: Why Security Programs Fail
As a Principal with Praetorian, I’ve had the privilege of working with hundreds of clients, from fast growth startups to Fortune 500 giants. As we’ve performed red team exercises simulating an advanced persistent threat against our clients, I’ve seen that (much) more often than not we are able to compromise their “crown jewels.” In several […]
Read more -
Red Team Local Privilege Escalation – Writable SYSTEM Path Privilege Escalation – Part 1
Overview In this two-part series we discuss two Windows local privilege escalation vulnerabilities that we commonly identify during red team operations. These issues are of particular interest due to their prevalence within organizations with mature security programs. Furthermore, exploitation of the issue is unlikely to trigger a detection within commonly used endpoint and network monitoring […]
Read more -
A simple and effective way to detect Broadcast Name Resolution Poisoning (BNRP)
A natural question that arises after an organization experiences a BNRP attack is “How can this be prevented?” The answer is simple on paper. To completely mitigate the risk, legacy Broadcast Name Resolution protocols should be disabled by policy. This is easier said than done, especially on large networks where the necessary data flows of […]
Read more