Resource Center

Welcome to our cybersecurity resource center where we uncover how malicious actors exploit weaknesses in systems, while going beyond the technical aspects and examining real-world perspectives across various industries.

LATEST VULNERABILITIES

WEBINAR REPLAY

SEARCH

CATEGORIES

TAGS

    Blogs

    Holiday Season Threat Awareness

    November 23, 2022
    As we approach the holiday season, it is important that our customers remain stay and continue a regular cadence of autonomous pentests. Although it’s the time of year for holiday cheer, we’ve seen cyber threat actors (CTAs) take advantage of lackadaisical company manning and low staff.
    Read More →
    Customer Stories

    Higher Education Organization Improves Cybersecurity Posture with NodeZero

    November 16, 2022
    When the director of technology for a higher education organization went looking for a better way to identify and prioritize security weaknesses on the school’s servers and networks, his first interaction with Horizon3.ai and NodeZero started off with an impressive bang. “I wanted to see proof of concept, and Horizon3.ai solved one of our biggest…
    Read More →
    Blogs

    Verifying Credentialed Access to Your Hybrid Cloud Sprawl Matters More Than Ever

    November 1, 2022
    Verifying credentialed access to your hybrid cloud sprawl matters more than ever. See example attack paths to understand risks to AWS cloud.
    Read More →
    Attack Blogs

    OpenSSL Critical Vulnerability: Should You Be Spooked?

    October 26, 2022
    On Tuesday, October 25 a new OpenSSL hot-fix release was announced which will patch a critical vulnerability that exists within the v3.0.X branch. OpenSSL 3.0.7 will be released on Tuesday, November 1 and in tandem the details of the vulnerability and its associated CVE will be made public. OpenSSL is an open source project that…
    Read More →
    Blogs

    The Undeniable Effectiveness of Password Spray

    October 20, 2022
    One of the most effective techniques NodeZero employs for initial access is password spray. It's a primitive technique, basically guessing passwords, and when it works it feels like magic. Yet we see it work time and time again in various pentests conducted by NodeZero. In this post we'll talk about what password spray is and…
    Read More →
    Password Spray
    Video

    Horizon3.ai Breaks Down Fortinet Vulnerability

    Horizon3.ai Breaks Down Fortinet Vulnerability Zach Hanley, Horizon3.ai Chief Attack Engineer, and James Horseman, Exploit Developer, join John Furrier of theCUBE to discuss Fortinet CVE 2022 40864.
    Watch Now →
    Blogs

    Secure Your Fortinet Appliances Across On-Prem, Cloud, and Hybrid Networks at Scale

    October 18, 2022
    Learn how to use NodeZero from Horizon3.ai to secure your Fortinet appliances across on-prem, cloud, and hybrid networks at scale.
    Read More →
    Server
    Attack Blogs

    FortiOS, FortiProxy, and FortiSwitchManager Authentication Bypass Technical Deep Dive (CVE-2022-40684)

    October 13, 2022
    Fortinet recently patched a critical authentication bypass vulnerability in their FortiOS, FortiProxy, and FortiProxySwitchManager projects (CVE-2022-40684). This vulnerability gives an attacker the ability to login as an administrator on the effected system. To demonstrate the vulnerability in this writeup, we will be using FortiOS version 7.2.1
    Read More →
    FortiOS, FortiProxy, and FortiProxySwitchManager Authentication Bypass, CVE-2022-40684
    Video

    Putting Your Security to the Test with NodeZero

    Putting Your Security to the Test with NodeZero with Anthony Pillitiere and Clayton Dillard / CEO Legion Cyberworks.
    Watch Now →
    Blogs

    What is Zero Trust – and How NodeZero Can Help

    October 13, 2022
    Zero Trust. Everyone’s talking about it, but what does it truly mean, and how can you prove that your organization is using a Zero Trust model effectively?  
    Read More →
    Representation of ZTNA in a stylized graphic form.