Security Practitioner

It's been more than six months since the Log4Shell vulnerability (CVE-2021-44228) was disclosed, and a number of post-mortems have come out talking about lessons learned and ways to prevent the next Log4Shell-type event from happening.

CVE-2022-28219 is an unauthenticated remote code execution vulnerability affecting Zoho ManageEngine ADAudit Plus, a compliance tool used by enterprises to monitor changes to Active Directory. The vulnerability comprises several issues: untrusted Java deserialization, path traversal, and a blind XML External Entities (XXE) injection. This is a vulnerability that NodeZero, our autonomous pentesting product, has exploited…

In this session, Noah and his mentors will not only explore why the Kerberoasting attack technique is so pervasive and how you can configure Kerberos better to avoid these attacks, but also alternative setups that allow you to avoid Kerberoasting altogether.

With the announcement of the addition of external penetration testing capabilities to NodeZero, Horizon3.ai is hosting a webinar to introduce this enhancement to our autonomous penetration testing platform. This extension of NodeZero’s capabilities makes Horizon3.ai the first cybersecurity company to offer both internal and external penetration testing in one self-service platform. Join Naveen Sunkavally, Horizon3.ai’s…

Horizon3.ai adds NodeZero app to Splunkbase to improve the effectiveness of your Splunk deployments and ensure you’re logging the right data.

This journey's 4th installment is now up! As usual, this series stars up-in-coming ethical hacker Noah King. He's joined this time by Horizon3.ai Director of Customer Success, Monti Knode, and Senior Offensive Security Consultant from our alliance partner Echelon Risk + Cyber, James Stahl. During this Tech Talk you'll learn all about NTLM Relay.

Snehal Antani, CEO and Co-founder of Horizon3.ai, presented The Wartime Security Mindset: the evolution of attack at a briefing at the SOFIC Conference in conjunction with our alliance partner Carahsoft.

NodeZero is the first autonomous penetration testing platform to offer both internal and external pentesting in one self-service platform.

VMware recently patched a critical authentication bypass vulnerability in their VMware Workspace ONE Access, Identity Manager and vRealize Automation products (CVE-2022-22972). This vulnerability allows an attacker to login as any known local user.

The Log4Shell RCE vulnerability in Apache Log4j, CVE-2021-44228, dates to 2013 when Log4j 2.0-beta9 was released. An analysis of our pentesting data using NodeZero identified and provided proof of exploit for over 105 unique instances of the CVE within our customers’ environments.