Horizon3.ai
Horizon3.ai

Research Blog

Welcome to our cybersecurity research blog where we uncover how malicious actors exploit weaknesses in systems, while going beyond the technical aspects and examining real-world perspectives across various industries.

Here you’ll find extensive research and insight from the well-known Horizon3.ai attack team, intuitive perspectives on everything security, and real-world attack path short stories that come directly from discoveries made by NodeZero.

Filters

Categories
Tags

Showing 79–84 of 161 results

Put Your Company’s Cybersecurity to the Test

"Trust but verify" is a well-known proverb, but in today's cybersecurity world, we recommend just verifying. That concept is the underlying theme for our latest episode featuring . Alex is the Customer Success Lead at . He has extensive experience in intelligence roles with the US Military and Government. Horizon3.ai's mission is to help you find and fix your attack...
Read More

From CVE-2022-33679 to Unauthenticated Kerberoasting

On September 13, 2022, a new Kerberos vulnerability was published on the Microsoft Security Response Center’s security site.  It’s labeled as a Windows Kerberos Elevation of Privilege vulnerability and given the CVE ID CVE-2022-33679.  The MSRC page acknowledges James Forshaw of Google Project Zero for the disclosure and James published a detailed technical write-up of the vulnerability on Project Zero’s...
Read More

Fortinet FortiNAC CVE-2022-39952 Deep-Dive and IOCs

Introduction On Thursday, 16 February 2023, Fortinet released a PSIRT that details CVE-2022-39952, a critical vulnerability affecting its FortiNAC product. This vulnerability, discovered by Gwendal Guégniaud of Fortinet, allows an unauthenticated attacker to write arbitrary files on the system and as a result obtain remote code execution in the context of the root user. Extracting the System Extracting the filesystems...
Read More

Journey to Secure

A series following Horizon3.ai teammate Brian Marr's “journey to secure” - detailing the logic and items that he uses to understand the business, current security state, and leadership visions for building an internal security program.
Read More