Explore the minds of The NetSPI Agents
Advance your proactive security knowledge by learning from some of the brightest people in cybersecurity. Our executive blog gives perspective on industry trends, while Hack Responsibly dives deep into the latest CVEs and tactical approaches our team takes. Take your pick!
Our favorite picks
CVE-2024-21378 — Remote Code Execution in Microsoft Outlook
Learn how NetSPI discovered that Microsoft Outlook was vulnerable to authenticated remote code execution (RCE) via synced form objects.
15 Ways to Bypass the PowerShell Execution Policy
By default, PowerShell is configured to prevent the execution of PowerShell scripts on Windows systems. In this blog I’ll cover 15 ways to bypass the PowerShell execution policy without having local administrator rights on the system.
How to Use Attack Surface Management for Continuous Pentesting
Uncover attack surfaces and exposures with NetSPI’s offensive security including Attack Surface Management (ASM) to enable continuous pentesting.
Ask These 10 Questions to Enhance Your Social Engineering Testing
Be proactive with social engineering testing to enhance defenses against attacks. Use targeted questions to help maximize testing results.
Part 1: Ready for Red Teaming? Intelligence-Driven Planning for Effective Scenarios
Take time for dedicated planning and evaluation ahead of red team testing to prepare your organisation for effective red team exercises.
The Strategic Value of Platformization for Proactive Security
Read about NetSPI’s latest Platform milestone, enabling continuous threat exposure management (CTEM) with consolidated proactive security solutions.
Backdooring Azure Automation Account Packages and Runtime Environments
Azure Automation Accounts can allow an attacker to persist in the associated packages that support runbooks. Learn how attackers can maintain access to an Automation Account.
The Rapid Evolution of AI Voice Cloning and its Implications for Cybersecurity
Learn about the rise of AI voice cloning, its cybersecurity challenges, and necessary measures for IT and InfoSec leaders to stay protected.
Mapping Mainframe Memory Made Easy
Explore how NetSPI’s own LPAR enhances pentesting efficiency through rapid tool prototyping and deployment.
5 Essential Cybersecurity Leadership Tips for Technologists
Learn about Sam Horvath’s journey from pentester to Managing Director at NetSPI, with cybersecurity leadership tips for aspiring technologists.
Hijacking SQL Server Credentials using Agent Jobs for Domain Privilege Escalation
Learn how threat actors can exploit SQL Server credential objects to escalate domain privileges and how you can detect it.
The Balancing Act of In-House vs Third-Party Penetration Testing
Discover how combining in-house and third-party penetration testing brings a hybrid approach to enhance your cybersecurity strategy.
CVE-2024-37888 – CKEditor 4 Open Link plugin XSS
NetSPI discovered CVE-2024-37888, a cross-site scripting (XSS) vulnerability in the CKEditor 4 Open Link plugin. Read about the nature of the vulnerability and its implications.
An Introduction to GCPwn – Parts 2 and 3
Example exploit path using GCPwn covering enumeration, brute forcing secrets manager versions, and downloading data from cloud storage both through default enum_buckets and with HMAC keys.
4 Key Themes from Black Hat USA 2024
See NetSPI’s key takeaways from Black Hat USA 2024, including AI hype, pentesting automation, and the importance of third-party risk management.