Labs
We build innovative, sustainable solutions that solve real-world problems for our customers and ourselves.
What is Labs?
Labs is a small team at Praetorian doing big things. Our mission is to reliably build innovative and sustainable solutions that meaningfully solve real-world problems for ourselves and our customers. We're a small team making major impacts on the company and the industry. Our projects vary greatly, from developing new product and service capabilities to meet emerging customer needs to providing subject matter expertise and advise and assist operations to our product, engineering, and services teams.
Nathan Sportsman
CEO, Praetorian
Labs is at the core of Praetorian's next wave of innovation, and our relentless pursuit to solve the cybersecurity problem.
Recent Projects
From product support to building out radical new technologies, we approach projects that align with our company strategy, with the speed and ambition of a startup.
Trident
An automated password spraying toolPassword spraying is not a particularly new or complicated method, but it continues to be used widely by adversaries. As such red team cybersecurity professionals need to test, analyze, and report on this attack vector. Trident was published in late 2020 to give security professionals an easy-to-use, feature-rich tool. Trident functions on multiple cloud platforms, and has extensible code interfaces to adapt the platform to specific use-cases in the future.
View on GithubDo you have a challenging problem you think might be right for Praetorian Labs? Contact Us
-
Chariot by Praetorian
Currently in alpha: Chariot by Praetorian is a truly next generation application security orchestration and automation platform.
Learn more about Chariot -
pentestly
Python and Powershell internal penetration testing framework
View on Github -
trudy
A transparent proxy that can modify and drop traffic for arbitrary TCP connections
View on Github -
pyshell
PyShell makes interacting with web-based command injection less painful, emulating the feel of an interactive shell as much as possible
View on Github
What’s New at Praetorian Labs
What catches our attention? Game changing ideas and advancements with the potential for a 10X impact on the world’s most challenging problems.
What We’re Reading
January 1, 2021Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection: Obfuscation, Watermarking, and Tamperproofing for Software Protection
Not for the faint at heart, but this book offers thorough, scholarly coverage of an area that is growing in importance in cybersecurityChristian Collberg's take on Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection: Obfuscation, Watermarking, and Tamperproofing for Software Protection
-
New campaign targeting security researchers
Google -
Top 10 web hacking techniques of 2020 - nominations open
PortSwigger
Our Writings
-
Google Cloud IAM: Designs for Self-Service Privilege Escalation
In a perfect world, all organizations would incorporate security into their cloud environments from the start. Unfortunately, common development practices tend to postpone the implementation of security controls in the product environment in favor of shipping product features. The reasons for this are manifold: an early-stage product may ignore robust security processes in favor of […]
Read more -
Red Team Tooling: Writing Custom Shellcode
Overview This article discusses our recently open-sourced tool Matryoshka [1], which operators can leverage to bypass size limitations and address performance issues often associated with Visual Basic for Applications (VBA) macro payloads. Because Microsoft Office restricts the size of VBA macros, operators can run into size limitations that restrict their ability to include larger payloads […]
Read more -
Attacking and Defending OAuth 2.0 (Part 2 of 2: Attacking OAuth 2.0 Authorization Servers)
Introduction The OAuth 2.0 authorization framework is designed to improve security by delegating limited access to third-parties without sharing credentials. In our previous blog post on OAuth 2.0 we discussed how OAuth 2.0 implementations should be secured. Unfortunately, it is common for vulnerabilities to be introduced with OAuth 2.0 implementations, particularly on the side of […]
Read more