How NodeZero Enhances Cybersecurity

The first NodeZero demo was game-changing according to Airiam. “It looked amazing…it blew everything out of the water in comparison to other products.”…

How an MSSP Turned NodeZero into a High-Demand Service Offering

Master cloud security with NodeZero™ Cloud Pentesting. Easily uncover vulnerabilities across AWS and Azure, prioritize identity risks, and secure your environment in just minutes. Stay ahead of threats.

In the evolving landscape of cloud and hybrid environments, robust security measures are more critical than ever. In this webinar Brad Hong, CISSP, explores autonomous pentesting methodologies and strategies that can help your organization take a more efficient and comprehensive approach to securing your entire digital infrastructure that embraces multiple cloud vendors.

Komori America’s Director of IT, Andy Katz, joins Horizon3.ai’s Principal Security SME, Stephen Gates, to discuss how Andy’s adaptation of IT technology has dramatically changed over time, the greatest cyber threats to Komori and his firsthand experiences, and why Komori selected #NodeZero to help secure their environments, including some of Andy’s initial observations.

Since introducing NTLM coercion techniques such as PetitPotam into the NodeZero platform, we frequently have security practitioners request help understanding these techniques and what impact they have to their enterprise. There is a lack of concise resources to...

This post walks through the vulnerabilities we disclosed affecting Gradio, and our work with Hugging Face to harden the Spaces platform after a recently reported potential breach.

Business Wire 07/30/2024 Horizon3.ai, a leading provider of autonomous security solutions, today announced the launch of NodeZero™ Cloud Pentesting. This innovative solution helps organizations identify and resolve complex exploitable vulnerabilities and hidden attack...

Business Wire 07/09/2024 Horizon3.ai, a leading provider of autonomous security solutions, marked the close of the first six months of 2024 with a celebration of the Company’s growth across all dimensions. Expansion of NodeZero™ Platform, Strategic Executive...

Business Wire 06/12/2024 Horizon3.ai, a leading provider of autonomous security solutions, today announced the appointment of Jill Passalacqua as Chief Legal Officer (CLO), effective immediately. As Chief Legal Officer, Jill leads Horizon3.ai's legal department,...

The first NodeZero demo was game-changing according to Airiam. “It looked amazing…it blew everything out of the water in comparison to other products.”…

How an MSSP Turned NodeZero into a High-Demand Service Offering

This post walks through the vulnerabilities we disclosed affecting Gradio, and our work with Hugging Face to harden the Spaces platform after a recently reported potential breach.

How Horizon3.ai’s Rapid Response Identified and Mitigated a Critical Mirth Connect Vulnerability A key consideration in cybersecurity is determining whether a known software vulnerability is actually exploitable. This often depends on how and where the at-risk software is deployed in your environment. To address the need to find what’s exploitable, Horizon3.ai developed and recently unveiled its Rapid Response service. This...

Traditional vulnerability scanning tools are enhanced with NodeZero's autonomous penetration testing, revolutionizing Vulnerability Management by providing comprehensive risk assessment, exploitability analysis, and cross-host vulnerability chaining, empowering organizations to prioritize and mitigate security weaknesses strategically.

This post walks through the vulnerabilities we disclosed affecting Gradio, and our work with Hugging Face to harden the Spaces platform after a recently reported potential breach.

Introduction Ivanti Endpoint Manager (EPM) is an enterprise endpoint management solution that allows for centralized management of devices within an organization. On May 24, 2024, ZDI and Ivanti released an advisory describing a SQL injection resulting in remote code execution with a CVSS score of 9.8. In this post we will detail the internal workings of this vulnerability. Our POC...

Introduction Our last blog post on the FortiClient EMS SQL injection vulnerability, CVE-2023-48788, as it turns out only worked on 7.0.x versions. This article will discuss the differences in exploitation between FortiClient EMS’s two mainline versions: 7.0.x and 7.2.x. When writing exploits for different versions of vulnerable software, the differences in the exploit are usually small, such as different offsets,...

In November of 2023, preparing for a call for papers, I attempted to investigate the FortiSIEM patch for CVE-2023-34992. I kindly inquired with the PSIRT if I could have access to the most recent versions to some of their appliances to validate the patches, to which they declined. Acquiring access a different way, I eventually was able to analyze the...

Security Strategies

Industry Insights

Attack Research

Attack Content

Security Strategies

Industry Insights

Attack Research

Attack Content

Research Blog

Filters