Explore the Minds of The NetSPI Agents

Advance your proactive security knowledge by learning from some of the brightest people in cybersecurity. Our executive blog gives perspective on industry trends, while Hack Responsibly dives deep into the latest CVEs and tactical approaches our team takes. Take your pick!

Mainframe Penetration Testing

Mainframe State of the Platform: 2025 Security Assessment

Learn key insights into mainframe security in 2025, including trends, gaps, and strategies to enhance protection for critical enterprise systems.

Learn More
Penetration Testing as a Service (PTaaS)

The Penetration Testing Life Cycle Explained

Learn about the 5 phases of penetration testing and how this structured process uncovers vulnerabilities and strengthens your cybersecurity defenses.

Learn More
AI/ML Pentesting

Understanding Indirect Prompt Injection Attacks in LLM-Integrated Workflows

Learn how indirect prompt injection attacks exploit AI workflows, their security risks, and strategies for protecting your systems from these hidden threats.

Learn More
Network Pentesting

CVE-2025-26685 – Spoofing to Elevate Privileges with Microsoft Defender for Identity 

Discover how NetSPI uncovered and reported a vulnerability in Microsoft Defender for Identity that allowed unauthenticated attackers to perform spoofing and elevate privileges.

Learn More
Hardware and Embedded Systems Penetration Testing

How RayV Lite is Democratizing Laser Fault Injection

Discover how the RayV Lite by NetSPI makes advanced laser fault injection accessible, reshaping hardware security with its open-source, low-cost innovation.

Learn More
Hardware and Embedded Systems Penetration Testing

Pew Pew, Precisely: The Physics and Practices Behind RayV Lite

We began with a simple question: could laser fault injection be democratized? Our answer is a resounding yes. With back-of-the-envelope physics, modest optics, and basic spare parts, we created a replicable, low-cost method for laser-based hardware attacks.

Learn More
Red Teaming

CVE-2025-23009 & CVE-2025-23010: Elevating Privileges with SonicWall NetExtender

NetSPI discovered multiple arbitrary SYSTEM file delete vulnerabilities in SonicWall NetExtender for Windows. Learn how NetSPI discovered and leveraged these for local privilege escalation.

Learn More
Penetration Testing as a Service (PTaaS)

Should I Stay or Should I Go: Why Partnering with a Trusted PTaaS Vendor YoY Brings Success

Discover why long-term partnerships with penetration testing vendors offer greater efficiency, deeper risk insights, and better security outcomes than frequent switching. 

Learn More
Penetration Testing as a Service (PTaaS)

Shift Left Security: Integrating Pentesting Early in Development

Discover how to integrate penetration testing into a shift left security strategy, enhancing application security early in the development lifecycle.

Learn More
BAS as a Service

Validating Azure Cloud Security with Breach and Attack Simulation as a Service

NetSPI’s Breach and Attack Simulation as a Service offers focused simulation tests for Azure users to validate your cloud security capabilities.

Learn More
Web Application Pentesting

Getting Shells at Terminal Velocity with Wopper

This article introduces Wopper – a new NetSPI tool that creates self-deleting PHP files and automates code execution on WordPress using administrator credentials.

Learn More
Adversary Simulation

CVE-2025-21299 and CVE-2025-29809: Unguarding Microsoft Credential Guard

Learn more about the January 2025 Patch Tuesday that addresses a critical vulnerability where Kerberos canonicalization flaws allow attackers to bypass Virtualization Based Security and extract protected TGTs from Windows systems.

Learn More