Explore the Minds of The NetSPI Agents
Advance your proactive security knowledge by learning from some of the brightest people in cybersecurity. Our executive blog gives perspective on industry trends, while Hack Responsibly dives deep into the latest CVEs and tactical approaches our team takes. Take your pick!
Our Favorite Picks
CVE-2024-21378 — Remote Code Execution in Microsoft Outlook
Learn how NetSPI discovered that Microsoft Outlook was vulnerable to authenticated remote code execution (RCE) via synced form objects.
15 Ways to Bypass the PowerShell Execution Policy
NetSPI security expert Scott Sutherland covers 15 ways to bypass the PowerShell execution policy without having local administrator rights on the system.
How to Use Attack Surface Management for Continuous Pentesting
Uncover attack surfaces and exposures with NetSPI’s offensive security including Attack Surface Management (ASM) to enable continuous pentesting.
Redefining Breach and Attack Simulation (BAS) with BAS as a Service
Validate the effectiveness of security controls with NetSPI’s Breach and Attack Simulation as a Service. Simulate real-world attacks, benchmark detection coverage, and improve defenses.
The Things We Think and Do Not Say: The Future of Our Beacon Object Files (BOFs)
Learn about a reference design for a new Beacon Object Files portable executable concept and helpful features.
NetSPI Wins First Place at SHARE Mainframe Capture the Flag Event
Learn how NetSPI’s Mainframe Pentesting team claimed first place at SHARE’s inaugural Capture the Flag event, showcasing elite z/OS security expertise.
Key Strategies for Tackling External Attack Surface Visibility
Hear from NetSPI Partners on how they tackle external attack surface visibility. These expert insights will help secure assets and boost cyber defense.
CVE-2024-28989: Weak Encryption Key Management in Solar Winds Web Help Desk
Learn how an attacker with access to a backup file could potentially recover certain encrypted passwords.
Penetration Testing vs. Vulnerability Scanning: What’s the Difference?
Learn the differences between penetration testing and vulnerability scanning to choose the right cybersecurity approach for your organization.
Harnessing Exposure Management with Continuous Attack Surface Testing
Continuous attack surface testing helps organizations prioritize remediation steps and focus cybersecurity resources on the most valuable efforts.
Practical Methods for Decapping Chips
Discover the intricate process of chip decapping, exposing secrets stored within snuggly layers of industrial epoxy, sleeping in beds of silicon.
Hijacking Azure Machine Learning Notebooks (via Storage Accounts)
Abusing Storage Account Permissions to attack Azure Machine Learning notebooks
Celebrating NetSPI’s Partners of the Year 2024
Congratulations to NetSPI’s 2024 Partner of the Year Recipients Defy Security, VLCM, Softcat, Enduir, Evotek, and AWS
Exploiting Second Order SQL Injection with Stored Procedures
Learn how to detect and exploit second-order SQL injection vulnerabilities using Out-of-Band (OOB) techniques, including leveraging DNS requests for data extraction.
CTEM Defined: The Fundamentals of Continuous Threat Exposure Management
Learn how continuous threat exposure management (CTEM) boosts cybersecurity with proactive strategies to assess, manage, and reduce risks.