Resource Center
Welcome to our cybersecurity resource center where we uncover how malicious actors exploit weaknesses in systems, while going beyond the technical aspects and examining real-world perspectives across various industries.
LATEST VULNERABILITIES
WEBINAR REPLAY
SEARCH
CATEGORIES
TAGS
Log4Shell RCE Vulnerability in Apache Log4j: The Gift No One Wished For
May 16, 2022
The Log4Shell RCE vulnerability in Apache Log4j, CVE-2021-44228, dates to 2013 when Log4j 2.0-beta9 was released. An analysis of our pentesting data using NodeZero identified and provided proof of exploit for over 105 unique instances of the CVE within our customers’ environments.
Tech Talk: The Attackers Journey Pt. 3
Noah King, Brad Hong, and Jake Murphy were back at it again with this third installment of 'The Attackers Journey'. This series has focused on Noah King on his journey to become an ethical hacker. Pt. 3 was no different, with a focus on Server-Side Request Forgery!
Horizon3.ai Researchers Able to Create Exploit for Critical F5 BIG-IP Flaw
May 10, 2022
It took just two days for a pair of researchers from Horizon3.ai to discover exploits for the new F5 BIG-IP vulnerability, and have called for devices to be immediately updated to protect against bad actors.
F5 iControl REST Endpoint Authentication Bypass Technical Deep Dive
May 9, 2022
F5 recently patched a critical vulnerability in their BIG-IP iControl REST endpoint CVE-2022-1388. This vulnerability particularly worrisome for users because it is simple to exploit and provides an attacker with a method to execute arbitrary system commands.
World Password Day: Credentialed attacks by the numbers
May 5, 2022
It’s World Password Day, but it’s never a bad time to think about credential security and usage. Credentialed attacks are the most popular means of entry into any digital infrastructure, and remain the easiest method of reconnaissance and privilege escalation for bad actors. With some of the most sophisticated open-source attack tools to date, it’s…
“And Then, My EDR Just Watched It Happen”
April 18, 2022
Learn how NodeZero empowers customers to run continuous penetration tests to find vulnerabilities from an attacker’s perspective, to verify fixes after remediation, and hold the EDR and the rest of the security stack accountable for delivering on their capabilities as designed.
2022 SANS Analyst Report
April 17, 2022
SANS First Look: New technologies are emerging to help provide more consistent, repeatable pen tests that mimic real-world attack techniques.
Misreporting Tools Leave Servers Vulnerable for 18 Months
April 6, 2022
Teaching hospital insisted on false positive when NodeZero exploited a critical but year-old vulnerability in under one day, but...
My Endpoint Detection and Response (EDR) Should Have Caught That!
April 6, 2022
It isn’t enough to have to have the security solution. A medical clinic with over 120 providers used best-in-class endpoint detection and response (EDR) software. Nevertheless, NodeZero quickly identified a device’s Local Security Authority Subsystem Service Process (LSASS), dump and cracked user credentials, moved laterally, and gained Windows Domain Administrator privileges. The result: full domain…
Tech Talk: The Attackers Journey Pt. 2
This series centers around how to be an ethical hacker and the steps/processes to get there. In part 2, topics like understanding SQL injection; what SQL injection leads to; why defenders, IT Operators, etc. should care; and so much more were discussed.