Having the right GPS watch on your wrist whether you’re going for your first ever run or your umpteenth run can make all the difference. The best GPS running watches not only keep track of how far you’ve run, but they track pace and other real-time metrics, advanced training features to help you hit your goals and, of course, precise distance measurements. Some models even provide offline maps for navigation, sleep tracking, recovery insights, and smart features that “regular” smartwatches do.

For those who need extra durability and lasting battery life, higher-end sport watches — like some of the best Garmin watches — are built to handle intense workouts, harsh weather and long runs. If you're training for a marathon, triathlon or just want a multisport option that can keep up with your lifestyle, these watches have the tech to support you.

With so many options available, from entry-level models to the best running watches packed with advanced running metrics, it can be tricky to find the right fit. That’s why we’ve rounded up our top picks to help you choose the perfect GPS watch for your training needs.

Best GPS running watches for 2026

Other GPS running watches we tested

Polar Pacer Pro

The Polar Pacer Pro looked and felt quite similar to our top pick, and it mapped my outdoor runs accurately. However, Polar’s companion app is leagues behind Garmin’s with a confusing interface and a design that feels very much stuck in the past. It’s also $100 more expensive than our top pick.

Amazfit Cheetah Pro

The Amazfit Cheetah Pro tracked my outdoor runs accurately and Zepp’s companion app has a coaching feature much like Garmin’s adaptive training plans that can outline a routine for you to complete in preparation for a race or to achieve a specific goal. My biggest issue with it was that its touchscreen wasn’t very responsive — it took multiple hard taps on the display to wake it, and often the raise-to-wake feature didn’t work, leaving me staring at a dark screen.

What to consider before buying a GPS running watch

GPS speed and accuracy

The most important thing for a GPS running watch to have is fast, accurate GPS tracking. That might seem obvious, but it’s quite easy to get distracted by all of the other smart features most of these devices have. Since most of them can be worn all day long as standard sport watches, there’s a lot of (possibly unnecessary) fluff that looks good on paper but won’t mean much if the core purpose if the device is left unfulfilled. To that end, I paid particular attention to how long it took each device’s built-in GPS tracking to grab my location before a run, if it ever lost my spot and the accuracy of the generated maps. Also, the device should be smart enough to let you start tracking a run while the GPS looks for your location.

Workout profiles and trackable metrics

You may not be able to suss out GPS accuracy just by looking at a spec sheet (that’s where this guide can help), but you can check for features like supported workout profiles. That’s something you’ll want to look into, even if your one and only activity is running. Check to make sure the best running watches you’re considering support all the kinds of running activities you like to do (outdoor runs, treadmill runs, etc) and any other workouts you may want to track with it.

Most fitness wearables today aren’t one-trick ponies; you’ll find a healthy number of trackable exercise modes on any sport watch worth its salt. That said, the number of workout profiles can be directly proportional to a device’s price: the higher-end the product, chances are the more specific, precise workouts it can monitor.

In a similar vein, you’ll want to check the trackable metrics of any watch you’re considering before you buy. Since we’re talking about the best GPS running watches, most will be able to track the basics like distance, heart rate and pace, and those are bare minimums. Some watches can monitor additional stats like speed, cadence, stride length, advanced running dynamics, aerobic and anaerobic training effect, intensity minutes and more. If you’re already a serious runner who trains for multiple races each year, or if you're a trail runner who needs elevation and navigation features, you’ll want to dig into the spec sheet of the watch you’re considering to make sure it can track all of your most necessary metrics.

Size and weight

It’s worth checking out a watch’s case size and weight before going all-in on one. GPS running watches, and standard smartwatches as well, can have a few different sizes to choose from so you’ll want to make sure you’re getting the best fit for your wrist. I have a smaller wrist, so I tend to avoid extra-large cases (anything over 42mm or so), especially if I intend on wearing the device all day long as my main timepiece. Weight, on the other hand, is a little less controllable, but typically smaller case sizes will save you a few grams in overall weight.

For those who need durability, particularly trail runners or those tackling extreme conditions, devices like Garmin watches offer rugged builds that can handle rough terrain, impact, and extreme weather.

Battery life

Unlike regular smartwatches, GPS running watches have two types of battery life you’ll need to consider: with GPS turned on and in “smartwatch” mode. The former is more important than the latter because most GPS running watches have stellar battery life when used just as a smart timepiece. You can expect to get multiple days on a single charge, with some surviving more than two weeks (with all day and night wear) before they need a recharge.

Battery life with GPS turned on will be much shorter by comparison, but any GPS running watch worth its salt should give you at least 10-15 hours of life with the GPS being used continuously. The more you’re willing to spend, the higher that number typically gets, with some GPS running watches lasting for 40 hours while tracking your location.

Software Download Websites – Anybody who owns a computer will definitely need some software to suit up their systems for basic routines or any specific demands. This software is developed by programmers around the world and identifying the best of this software would require some reading and evaluation. But this can be an easy task […]

The post Top 8 Best Free PC Software Download Websites 2026 appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Introduction to EscapeTwo

This write-up will explore the “EscapeTwo” machine from Hack The Box, categorised as an easy difficulty challenge. This walkthrough will cover the reconnaissance, exploitation, and privilege escalation steps required to capture the flag.

Objective:

The goal of this walkthrough is to complete the “EscapeTwo” machine from Hack The Box by achieving the following objectives:

User Flag:

The attacker explored the target machine’s network services and exploited weak access controls. Initial scans identified open ports, including SMB, enabling access to shared folders. By reviewing these files, the attacker discovered a password and identified a user account (Ryan) with elevated permissions. Using these permissions, the attacker connected remotely to the system and retrieved the user flag with a simple command.

Root Flag:

First, the attacker escalated privileges by exploiting an Active Directory misconfiguration. Next, using the Ryan account, they employed tools to identify and modify permissions, thereby gaining control over a privileged account. With this control in hand, the attacker then acquired a special certificate, subsequently authenticated as an administrator, and finally retrieved the root flag with a command.

Enumerating the EscapeTWO Machine

Reconnaissance:

Nmap Scan:

Begin with a network scan to identify open ports and running services on the target machine.

nmap -sC -sV -oN nmap_initial.txt 10.10.11.51

Nmap Output:

┌─[dark@parrot]─[~/Documents/htb/escapetwo]
└──╼ $nmap -sC -sV -oA initial -Pn 10.10.11.51
Nmap scan report for 10.10.11.51
PORT     STATE SERVICE       VERSION
53/tcp   open  domain        Simple DNS Plus
88/tcp   open  kerberos-sec  Microsoft Windows Kerberos (server time: 2025-05-16 14:15:14Z)
135/tcp  open  msrpc         Microsoft Windows RPC
139/tcp  open  netbios-ssn   Microsoft Windows netbios-ssn
389/tcp  open  ldap          Microsoft Windows Active Directory LDAP (Domain: sequel.htb0., Site: Default-First-Site-Name)
|_ssl-date: 2025-05-16T14:16:37+00:00; 0s from scanner time.
| ssl-cert: Subject: commonName=DC01.sequel.htb
| Subject Alternative Name: othername: 1.3.6.1.4.1.311.25.1::<unsupported>, DNS:DC01.sequel.htb
| Not valid before: 2025-05-16T11:51:14
|_Not valid after:  2026-05-16T11:51:14
445/tcp  open  microsoft-ds?
464/tcp  open  kpasswd5?
593/tcp  open  ncacn_http    Microsoft Windows RPC over HTTP 1.0
636/tcp  open  ssl/ldap      Microsoft Windows Active Directory LDAP (Domain: sequel.htb0., Site: Default-First-Site-Name)
| ssl-cert: Subject: commonName=DC01.sequel.htb
| Subject Alternative Name: othername: 1.3.6.1.4.1.311.25.1::<unsupported>, DNS:DC01.sequel.htb
| Not valid before: 2025-05-16T11:51:14
|_Not valid after:  2026-05-16T11:51:14
|_ssl-date: 2025-05-16T14:16:37+00:00; 0s from scanner time.

1433/tcp open  ms-sql-s      Microsoft SQL Server 2019 15.00.2000.00; RTM
| ms-sql-info: 
|   10.10.11.51:1433: 
|     Version: 
|       name: Microsoft SQL Server 2019 RTM
|       number: 15.00.2000.00
|       Product: Microsoft SQL Server 2019
|       Service pack level: RTM
|       Post-SP patches applied: false
|_    TCP port: 1433
| ssl-cert: Subject: commonName=SSL_Self_Signed_Fallback
| Not valid before: 2025-05-16T04:02:09
|_Not valid after:  2055-05-16T04:02:09
|_ssl-date: 2025-05-16T14:16:37+00:00; 0s from scanner time.
| ms-sql-ntlm-info: 
|   10.10.11.51:1433: 
|     Target_Name: SEQUEL
|     NetBIOS_Domain_Name: SEQUEL
|     NetBIOS_Computer_Name: DC01
|     DNS_Domain_Name: sequel.htb
|     DNS_Computer_Name: DC01.sequel.htb
|     DNS_Tree_Name: sequel.htb
|_    Product_Version: 10.0.17763
3268/tcp open  ldap          Microsoft Windows Active Directory LDAP (Domain: sequel.htb0., Site: Default-First-Site-Name)
|_ssl-date: 2025-05-16T14:16:37+00:00; 0s from scanner time.
| ssl-cert: Subject: commonName=DC01.sequel.htb
| Subject Alternative Name: othername: 1.3.6.1.4.1.311.25.1::<unsupported>, DNS:DC01.sequel.htb
| Not valid before: 2025-05-16T11:51:14
|_Not valid after:  2026-05-16T11:51:14
3269/tcp open  ssl/ldap      Microsoft Windows Active Directory LDAP (Domain: sequel.htb0., Site: Default-First-Site-Name)
| ssl-cert: Subject: commonName=DC01.sequel.htb
| Subject Alternative Name: othername: 1.3.6.1.4.1.311.25.1::<unsupported>, DNS:DC01.sequel.htb
| Not valid before: 2025-05-16T11:51:14
|_Not valid after:  2026-05-16T11:51:14
|_ssl-date: 2025-05-16T14:16:37+00:00; 0s from scanner time.

Analysis:

• 53/tcp (domain): Simple DNS Plus server running, likely handling DNS requests.
• 88/tcp (kerberos-sec): Kerberos authentication service active, indicates Active Directory environment.
• 135/tcp (msrpc): Microsoft RPC service, used for remote procedure calls on Windows.
• 139/tcp (netbios-ssn): NetBIOS session service, Windows file and printer sharing over SMBv1.
• 389/tcp (ldap): LDAP service for Active Directory directory services (non-SSL).
• 445/tcp (microsoft-ds): SMB service used for Windows file sharing and Active Directory.
• 464/tcp (kpasswd5): Kerberos password change service.
• 593/tcp (ncacn_http): Microsoft RPC over HTTP, potentially used for remote management.
• 636/tcp (ssl/ldap): Secure LDAP (LDAPS) for encrypted directory access.
• 1433/tcp (ms-sql-s): Microsoft SQL Server 2019 instance accessible, possibly exploitable.
• 3268/tcp (ldap): Global Catalog LDAP for Active Directory, supports forest-wide queries.
• 3269/tcp (ssl/ldap): Secure Global Catalog LDAP over SSL.
  

Exploitation

Samba Exploration:

If successful, it then attempts to find other user accounts by brute-forcing their ID numbers, thereby helping to identify valid users for further testing.

The output is then filtered using grep SidTypeUser Only the entries that correspond to actual user accounts will be displayed, excluding groups or system accounts. This helps the tester quickly identify valid user accounts on the target machine for further analysis or access attempts.v

It connects to the target machine at the IP address 10.10.11.51 with the smbclient tool, a command-line utility similar to an FTP client but designed for accessing SMB shares.

This list shows shared folders on a computer that others on the network can access, like shared drawers in an office.

• Accounting Department: Likely holds financial or work files for the accounting team.
• ADMIN$ and C$: Hidden folders for IT admins to manage the system remotely.
• IPC$: A system tool for communication between devices, not a regular folder.
• NETLOGON and SYSVOL: Support user login and access control in the network.
• Users: Contains personal folders for different computer users.

The folder contains two Excel files: accounting_2024.xlsx and accounts.xlsx.

Transferring both files to our computer

We discovered a password stored within an XML file.

It looks much cleaner when using the Python command.

SQL enumeration on EscapeTwo machine

Since the Nmap results indicated that the MSSQL service is open, and the default MSSQL user (sa) Typically has the highest level of administrative privileges, so it’s worth attempting to use it. In this case, we try to enable and use the xp_cmdshell feature for further exploitation.

Let’s proceed with executing MSSQL commands.

Let’s initiate our listener.

The operation was successful, so we proceeded to enable xp_cmdshell and execute the shell command through it to confirm execution.

We established a reverse shell connection.

The SQL Server 2019 installation was found.

Begin by enumerating the local files, where you will find a configuration file located at C:\SQL2019\ExpressAdv_ENU.

Another password was found in the configuration file named sql-Configuration.INI.

Discovered several potential usernames.

SMB access was obtained as the user Ryan, which can be used for enumeration with BloodHound.

Bloodhound enumeration on escapetwo machine

We will gather additional information using BloodHound.

Once the collection was complete, I imported them into BloodHound. That’s when I found the ryan with CA_SVC account — one I could change the owner of.

Let’s examine Oscar’s connection.

We can see that Ryan has the WriteOwner permission on the CA_SVC account.

Using NXC, we were able to discover credentials that work with WinRM

We can read the user flag by typing “type user.txt’ command

Escalate to Root Privileges Access

Privilege Escalation:

We attempted to use the owneredit.py Script to change the object ownership, but the operation failed due to an unspecified issue.

The script executed successfully after setting PYTHONPATH=… For instance, assigning ownership of an administrator account to a user like Ryan would mean he could modify settings or permissions that are normally reserved for administrators. Moreover, this change could increase Ryan’s control over the system. Therefore, it is important to carefully manage account ownership to prevent unauthorized access.

This command is used in dacledit.py to grant the user Ryan full control (FullControl) permissions over the ca_svc account. It authenticates to the domain sequel.htb using Ryan’s credentials. The -action 'write' flag specifies that a permission change is being made.

This command allows the user Ryan to quietly gain access as another account, ca_svc, by taking advantage of a weakness in how the network handles certificates.

It uses a special code (hash) instead of a password to access the account and looks for any vulnerable settings, then shows the results on the screen.

This command uses Certipy to request a special security certificate from the network’s main server (dc01.sequel.htb) using a template named DunderMifflinAuthentication.

This command requests a certificate from the sequel-DC01-CA on the domain controller DC01.sequel.htb. It uses the ca_svc account’s NT hash for authentication and asks for a certificate based on the DunderMifflinAuthentication template.

This command uses Certipy to authenticate to the domain controller at IP 10.10.11.51 using the certificate file administrator.pfx.

We read the root flag by typing the “type root.txt” command

The post Hack The Box: EscapeTwo Machine Walkthrough – Easy Difficulty appeared first on Threatninja.net.

Orange Business Services Security Operations Center solution is designed to protect a company's business from the risk that information, applications, databases, servers and workstations, data and systems are modified, copied or destroyed. The service is responsible for identifying, investigating, prioritizing, escalating and resolving issues, which most of the time, are generated intentionally or accidentally by the human resource.

The post SOC-as-a-Service from Orange Business Services appeared first on DefCamp 2022.

Flexible Engine, the Orange Business Services public cloud platform, enables you to create pay-as-you-go virtual machines, including storage and computing resources, host your databases and critical applications and innovate directly in the cloud using containers, Big Data, Machine Learning and Artificial Intelligence.

The post Flexible Engine from Orange Business Services appeared first on DefCamp 2022.

CrowdStrike Introduces Sandbox Scryer: A Free Threat-Hunting Tool for Generating MITRE ATT&CK and Navigator Data.

The post Sandbox Scryer from CrowdStrike appeared first on DefCamp 2022.

Business Internet Security from Orange protects the information delivered over the internet and the companies’ data against cyber-attacks. The data traffic is scanned for viruses, malware, spam, intrusion attempts and it is cleaned in the cloud, before is reaches the companies’ servers. With a simple management interface, permanent updates and upgrades, embedded professional services and security consultancy and seamless scalability and upgradability, Business Internet Security eliminates the need for expensive, on-premise equipment.

The post Business Internet Security Threat Map from Orange Romania appeared first on DefCamp 2022.

Cloud-based Taegis™ XDR: prevent, detect and respond to advanced threats with automation, machine learning-driven analytics and comprehensive threat intelligence while Taegis VDR automates vulnerability management by intelligently prioritizing remediation efforts based on actionable recommendations that reflect the context of your environment.

The post Taegis™ XDR & VDR from Secureworks appeared first on DefCamp 2022.

ExpressVPN introduces Aircove, the industry’s first Wi-Fi router with built-in VPN.

The post Aircove from ExpressVPN appeared first on DefCamp 2022.

Improve security effectiveness and resiliency and elevate SecOps efficiency!

The post BloxOne Threat Defense from Infoblox appeared first on DefCamp 2022.

Introducing: CVE Monitor, a free early warning service that informs organisations worldwide of upcoming threats and trends in cyber security.

The post CVE Monitor from Bit Sentinel appeared first on DefCamp 2022.

Introducing: Sniper Automatic Exploiter, helping security teams confirm the real impact of a CVE with remote code execution or arbitrary file read risks and quickly identify which of their systems are truly vulnerable, so they can effectively prioritize remediation.

The post Sniper – Automatic Exploiter from Pentest-Tools.com (“Best Emerging Technology” finalist at SC Europe Awards 2022) appeared first on DefCamp 2022.

The post Detectify year in review 2019 appeared first on Detectify Blog.