How NodeZero Enhances Cybersecurity

As the industry accelerates toward a threat landscape of attack and defense by algorithm and machine, humans must run at machine speed to manage the stakes of tool misconfiguration, mishandling of logs, and missed patching opportunities. The NodeZero app for Splunk is a force multiplier—combining attacker insights into your unique environment with your existing Splunk data and workflows to enable cybersecurity teams to proactively find and fix internal and external attack vectors before they are exploited.

NodeZero is the world’s leading autonomous pentesting solution—a true continuous pentesting SaaS offering that is safe to run in production and requires no persistent or credentialed agents.

NodeZero, discovered a customer’s host that had not appeared in previous pentests due to a small change in their configuration.

In this session, Noah and his mentors will not only explore why the Kerberoasting attack technique is so pervasive and how you can configure Kerberos better to avoid these attacks, but also alternative setups that allow you to avoid Kerberoasting altogether.

On May 31, 2023, Progress released a security advisory for their MOVEit Transfer application which detailed a SQL injection leading to remote code execution and urged customers to update to the latest version. The vulnerability, CVE-2023-34362, at the time of release...

Apache Superset is an open source data visualization and exploration tool. It has over 50K stars on GitHub, and there are more than 3000 instances of it exposed to the Internet. In our research, we found that a substantial portion of these servers - at least 2000...

OrangeHRM is software for Human Resource Management (HRM). In a routine audit of the open source version of OrangeHRM, we discovered a SQL injection vulnerability in the “Buzz” module, an integrated social media tool within the software.

Authenticated low privilege users can use this vulnerability to disclose the full contents of the OrangeHRM database, including sensitive user personal information and password hashes. It’s also possible to execute a denial of service attack to bring down the application.

NodeZero is the world’s leading autonomous pentesting solution—a true continuous pentesting SaaS offering that is safe to run in production and requires no persistent or credentialed agents.

NodeZero, discovered a customer’s host that had not appeared in previous pentests due to a small change in their configuration.

NodeZero is the first autonomous penetration testing platform to offer both internal and external pentesting in one self-service platform.

The Horizon3.ai Attack Team released their VMware Authentication Vulnerability (CVE-2022-22972) Technical Deep Dive.

VMware recently patched a critical authentication bypass vulnerability in their VMware Workspace ONE Access, Identity Manager and vRealize Automation products (CVE-2022-22972). This vulnerability allows an attacker to login as any known local user.

Podcast Channel of AST Cybersecurity: 05/25/22. Horizon3.ai CEO and co-founder Snehal Antani joins Ravi Das to discuss the cybersecurity challenges of the healthcare industry.

XorDdos Is continuing to hunt servers with weak passwords. According to a recent post from Microsoft, there’s been a 254% increase in activity from XorDdos – an eight-year-old network of infected Linux machines used for DDoS attacks.

Horizon3.ai news, including an award nomination, plus cybersecurity updates for education and M&A.

Security Strategies

Industry Insights

Attack Research

No Results Found

Attack Content

No Results Found

No Results Found

Security Strategies

Industry Insights

Attack Research

No Results Found

Attack Content

No Results Found

No Results Found

Research Blog

Filters