Research Blog
Welcome to our cybersecurity research blog where we uncover how malicious actors exploit weaknesses in systems, while going beyond the technical aspects and examining real-world perspectives across various industries.
Here you’ll find extensive research and insight from the well-known Horizon3.ai attack team, intuitive perspectives on everything security, and real-world attack path short stories that come directly from discoveries made by NodeZero.
Filters
Showing 109–114 of 161 results
One Weak Password Leads to Compromise
NodeZero, discovered a customer’s host that had not appeared in previous pentests due to a small change in their configuration.
Read More The Long Tail of Log4Shell Exploitation
It's been more than six months since the Log4Shell vulnerability (CVE-2021-44228) was disclosed, and a number of post-mortems have come out talking about lessons learned and ways to prevent the next Log4Shell-type event from happening.
Read More CVE-2022-28219: Unauthenticated XXE to RCE and Domain Compromise in ManageEngine ADAudit Plus
CVE-2022-28219 is an unauthenticated remote code execution vulnerability affecting Zoho ManageEngine ADAudit Plus, a compliance tool used by enterprises to monitor changes to Active Directory. The vulnerability comprises several issues: untrusted Java deserialization, path traversal, and a blind XML External Entities (XXE) injection. This is a vulnerability that NodeZero, our autonomous pentesting product, has exploited to not only execute code...
Read More Tech Talk: The Attackers Journey Pt. 5
In this session, Noah and his mentors will not only explore why the Kerberoasting attack technique is so pervasive and how you can configure Kerberos better to avoid these attacks, but also alternative setups that allow you to avoid Kerberoasting altogether.
Read More Webinar: External Autonomous Pentesting
With the announcement of the addition of external penetration testing capabilities to NodeZero, Horizon3.ai is hosting a webinar to introduce this enhancement to our autonomous penetration testing platform. This extension of NodeZero’s capabilities makes Horizon3.ai the first cybersecurity company to offer both internal and external penetration testing in one self-service platform. Join Naveen Sunkavally, Horizon3.ai’s Chief Architect, and Monti Knode,...
Read More What Upcoming State Data Privacy Laws Mean for Businesses
A new privacy study has found that 60% of states are moving toward new privacy laws. Implementation at the state level is slow.
Read More