Resource Center

Welcome to our cybersecurity resource center where we uncover how malicious actors exploit weaknesses in systems, while going beyond the technical aspects and examining real-world perspectives across various industries.

LATEST VULNERABILITIES

WEBINAR REPLAY

SEARCH

CATEGORIES

TAGS

    Video

    NYIS Meetup Panel, “How do you know it’s fixed?”

    David Raviv, host of NYIS Meetup, Snehal Antani, CEO and Co-founder of Horizon3, Steve Ramey of Arete Advisors LLC, and Mark Rasch, computer security and privacy expert, lawyer, author, and commentator, met for a panel discussion over 'How do you know it's fixed?' Learn about: - Employing a defense strategy w/ multiple layers - Identifying…
    Watch Now →
    Video

    Tech Talk: The Attackers Journey Pt.1

    Join us in side-saddling on an attacker’s journey with Noah King to become an ethical hacker!
    Watch Now →
    Tech Talk: The Attackers Journey Part 1
    Whitepapers

    Defense in Depth

    February 19, 2022
    Defense in depth is a proven strategy for protecting systems and software from insider and external attacks.
    Read More →
    Defense in Depth Whitepaper
    Blogs

    The Industry Standard Model is the Vulnerability

    February 11, 2022
    Which is more valuable to you; the ability to identify a problem, or the ability to solve the problem? There is a plethora of vulnerability scanning tools that do a decent job identifying vulnerabilities. Unfortunately, those tools rarely discern the possible from the exploitable.
    Read More →
    Proven successful security model vs old industry standard
    Video

    NYIS Fireside Chat with David Raviv

    On January 28, 2022, CEO and Co-founder Snehal Antani sat down with host David Raviv of NY Information Security Meetup for an insightful fireside chat. They discussed Snehal's career as former CTO of Splunk and JSOC, his inspiration for starting Horizon3, and his outlook on the future of cyber warfare. Learn about: - Employing a…
    Watch Now →
    Attack Blogs

    Using NodeZero to Find and Fix Log4Shell

    January 6, 2022
    Log4Shell is a "once-in-a-decade" type of vulnerability that will linger in environments for years to come. For a vulnerability with such a broad, lasting impact, it's important to establish a principled and disciplined approach for discovering and remediating it. NodeZero both detects and exploits Log4Shell, surfacing a wealth of information that can be used to…
    Read More →
    Attack Blogs

    Understanding Log4Shell: the Apache log4j2 Remote Code Execution Vulnerability (CVE-2021-44228, CVE-2021-45046)

    December 10, 2021
    Understanding Log4Shell: the Apache log4j2 Remote Code Execution Vulnerability (CVE-2021-44228)
    Read More →
    Attack Paths

    Hack The Box – Mirai

    December 6, 2021
    NodeZero compromised HTB’s Mirai machine by using default SSH creds for user pi, then escalated to root via unrestricted sudo access—gaining full control.
    Read More →
    NodeZero vs Mirai
    Whitepapers

    The Purple Pivot

    November 18, 2021
    This Red vs. Blue approach to cybersecurity is unsustainable, and often does more harm than good. The goal should be Red AND Blue, working together.
    Read More →
    Disclosures

    Multiple Vulnerabilities in ResourceSpace

    November 9, 2021
    During our assessment of the ResourceSpace code base, we found three new vulnerabilities that could be exploited by an unauthenticated attacker. The most critical is CVE-2021-41765, a pre-auth SQL injection that an attacker can abuse to gain remote code execution (RCE) privileges on the ResourceSpace server.
    Read More →