Pentesters

Verifying credentialed access to your hybrid cloud sprawl matters more than ever. See example attack paths to understand risks to AWS cloud.

One of the most effective techniques NodeZero employs for initial access is password spray. It's a primitive technique, basically guessing passwords, and when it works it feels like magic. Yet we see it work time and time again in various pentests conducted by NodeZero. In this post we'll talk about what password spray is and…

Which is more valuable to you; the ability to identify a problem, or the ability to solve the problem? There is a plethora of vulnerability scanning tools that do a decent job identifying vulnerabilities. Unfortunately, those tools rarely discern the possible from the exploitable.

NodeZero compromised HTB’s Mirai machine by using default SSH creds for user pi, then escalated to root via unrestricted sudo access—gaining full control.

The Jerry machine from the Hack The Box platform nicely illustrates the danger of weak and default credentials.

NodeZero compromises the "Active" machine on Hack The Box by chaining classic Active Directory vulnerabilities: GPP password exposure, Kerberoasting, and CVE-2020-1472 (ZeroLogon). This advanced walkthrough builds on earlier feedback and demonstrates multiple escalation paths to Domain Admin.

The engineering team has been working tirelessly to improve the "what to wow" user experience, add more attack content, add indicators of best practices and improve analytical insights. Improving our "what to wow" user experience – In security, there are two types of findings: critical problems that require you skip lunch, or cancel plans with…

NodeZero exploited EternalBlue on HTB’s Blue machine to gain system access and dump credentials, showing the risk of unpatched SMB vulnerabilities.