Misreporting Tools Leave Servers Vulnerable for 18 Months Apr 6, 2022Teaching hospital insisted on false positive when NodeZero exploited a critical but year-old vulnerability in under one day, but…
My Endpoint Detection and Response (EDR) Should Have Caught That! Apr 6, 2022It isn’t enough to have to have the security solution. A medical clinic with over 120 providers used best-in-class endpoint detection and response (EDR) software. Nevertheless, NodeZero quickly identified a device’s Local Security Authority Subsystem Service Process (LSASS), dump and cracked user credentials, moved laterally, and gained Windows Domain Administrator privileges. The result: full domain rights.
The Art Of Attack—Enhancing Defense Strategies: Unleashing The Power Of Autonomous Pen Testing | A Brand Story Conversation From Black Hat USA 2023 | An Horizon3.Ai Story With Snehal Antani
Tech Talk: Journey to OSCP Sep 7, 2023Horizon3.ai Senior Engineer Noah King discusses the journey of obtaining an Offensive Security Certified Professional (OSCP) certification. Whether you’re a cybersecurity enthusiast or a beginner looking to explore the field, you’ll learn tips and tricks to help you navigate the certification process, including: – How to get started in Offensive Security with little or no prior experience. – An understanding of what it takes to obtain your OSCP. – Tips and tricks on what helped Noah pass OSCP.
Go Hack Yourself: War Stories from ~20k Pentests with NodeZero │ Security Weekly Aug 15, 2023Horizon3.ai CEO Snehal Antani discuss several real-world examples of what autonomous pentesting discovered in networks just like yours. You’ll hear more about how fast and easy it was to safely compromise some of the biggest (and smallest) networks in the world – with full domain takeover in a little more than a few hours. Learn how you can safely do the same in your own network today!
Rust Won’t Save Us: An Analysis of 2023’s Known Exploited Vulnerabilities Feb 6, 2024Introduction Memory safety issues have plagued the software industry for decades. The Cybersecurity & Infrastructure Security Agency (CISA) has been leading a charge for secure-by-design and encouraging developers and vendors to utilize memory safe languages like...
CVE-2024-23897: Assessing the Impact of the Jenkins Arbitrary File Leak Vulnerability Jan 29, 2024CVE-2024-23897: Assessing the Impact of the Jenkins Arbitrary File Leak Vulnerability.
Writeup for CVE-2023-43208: NextGen Mirth Connect Pre-Auth RCE Mirth Connect, by NextGen HealthCare, is an open source data integration platform widely used by healthcare companies. Versions prior to 4.4.1 are vulnerable to an unauthenticated remote code execution vulnerability, CVE-2023-43208. If you’re a user of Mirth Connect, you’ll want to upgrade to the latest patch release, 4.4.1, as of this writing.
Horizon3.ai Participates in AWS Marketplace Vendor Insights Dec 1, 2022Businesswire: 12/01/2022 Horizon3.ai, a leading cybersecurity firm focused on autonomous penetration testing, announced its vendor profile is now available to Amazon Web Services (AWS) customers to automate and simplify the software risk assessment process. Read the...
Horizon3.ai’s NodeZero Takes Top Honors in the TMC 2022 Cloud Security Excellence Awards Oct 20, 2022Businesswire: 10/20/22 NodeZero was named a winner for its ability to continuously assess an enterprise's internal and external attack surface, and how it reveals the many ways in which an attacker could leverage harvested credentials, misconfigurations, dangerous...
Horizon3.ai Named Finalist for Cloud Security Innovation of the Year in 2022 SDC Awards Oct 13, 2022Businesswire: 10/13/22 The SDC Awards recognize and reward products and services that are the foundation for digital transformation. NodeZero has been named a ‘Cloud Security Innovation of the Year’ finalist. NodeZero was selected for its impact on the market and...
21 November Information Security ForumInformation Security Forum7:30 amOmni Boston Hotel at the Seaport
12 December Uncover Kubernetes Security Weaknesses with NodeZero™Uncover Kubernetes Security Weaknesses with NodeZero™1:00 pmZoom Webinar
Misreporting Tools Leave Servers Vulnerable for 18 Months Apr 6, 2022Teaching hospital insisted on false positive when NodeZero exploited a critical but year-old vulnerability in under one day, but…
My Endpoint Detection and Response (EDR) Should Have Caught That! Apr 6, 2022It isn’t enough to have to have the security solution. A medical clinic with over 120 providers used best-in-class endpoint detection and response (EDR) software. Nevertheless, NodeZero quickly identified a device’s Local Security Authority Subsystem Service Process (LSASS), dump and cracked user credentials, moved laterally, and gained Windows Domain Administrator privileges. The result: full domain rights.
The Art Of Attack—Enhancing Defense Strategies: Unleashing The Power Of Autonomous Pen Testing | A Brand Story Conversation From Black Hat USA 2023 | An Horizon3.Ai Story With Snehal Antani
Tech Talk: Journey to OSCP Sep 7, 2023Horizon3.ai Senior Engineer Noah King discusses the journey of obtaining an Offensive Security Certified Professional (OSCP) certification. Whether you’re a cybersecurity enthusiast or a beginner looking to explore the field, you’ll learn tips and tricks to help you navigate the certification process, including: – How to get started in Offensive Security with little or no prior experience. – An understanding of what it takes to obtain your OSCP. – Tips and tricks on what helped Noah pass OSCP.
Go Hack Yourself: War Stories from ~20k Pentests with NodeZero │ Security Weekly Aug 15, 2023Horizon3.ai CEO Snehal Antani discuss several real-world examples of what autonomous pentesting discovered in networks just like yours. You’ll hear more about how fast and easy it was to safely compromise some of the biggest (and smallest) networks in the world – with full domain takeover in a little more than a few hours. Learn how you can safely do the same in your own network today!
Rust Won’t Save Us: An Analysis of 2023’s Known Exploited Vulnerabilities Feb 6, 2024Introduction Memory safety issues have plagued the software industry for decades. The Cybersecurity & Infrastructure Security Agency (CISA) has been leading a charge for secure-by-design and encouraging developers and vendors to utilize memory safe languages like...
CVE-2024-23897: Assessing the Impact of the Jenkins Arbitrary File Leak Vulnerability Jan 29, 2024CVE-2024-23897: Assessing the Impact of the Jenkins Arbitrary File Leak Vulnerability.
Writeup for CVE-2023-43208: NextGen Mirth Connect Pre-Auth RCE Mirth Connect, by NextGen HealthCare, is an open source data integration platform widely used by healthcare companies. Versions prior to 4.4.1 are vulnerable to an unauthenticated remote code execution vulnerability, CVE-2023-43208. If you’re a user of Mirth Connect, you’ll want to upgrade to the latest patch release, 4.4.1, as of this writing.
Horizon3.ai Participates in AWS Marketplace Vendor Insights Dec 1, 2022Businesswire: 12/01/2022 Horizon3.ai, a leading cybersecurity firm focused on autonomous penetration testing, announced its vendor profile is now available to Amazon Web Services (AWS) customers to automate and simplify the software risk assessment process. Read the...
Horizon3.ai’s NodeZero Takes Top Honors in the TMC 2022 Cloud Security Excellence Awards Oct 20, 2022Businesswire: 10/20/22 NodeZero was named a winner for its ability to continuously assess an enterprise's internal and external attack surface, and how it reveals the many ways in which an attacker could leverage harvested credentials, misconfigurations, dangerous...
Horizon3.ai Named Finalist for Cloud Security Innovation of the Year in 2022 SDC Awards Oct 13, 2022Businesswire: 10/13/22 The SDC Awards recognize and reward products and services that are the foundation for digital transformation. NodeZero has been named a ‘Cloud Security Innovation of the Year’ finalist. NodeZero was selected for its impact on the market and...
21 November Information Security ForumInformation Security Forum7:30 amOmni Boston Hotel at the Seaport
12 December Uncover Kubernetes Security Weaknesses with NodeZero™Uncover Kubernetes Security Weaknesses with NodeZero™1:00 pmZoom Webinar
