Security Practitioner

SEARCH

CATEGORIES

TAGS

    Blogs

    Horizon3.ai Expands NodeZero to Include External Autonomous Pentesting

    June 1, 2022
    NodeZero is the first autonomous penetration testing platform to offer both internal and external pentesting in one self-service platform.
    Read More →
    External Penetration Testing with NodeZero
    Attack Blogs

    VMware Authentication Bypass Vulnerability (CVE-2022-22972) Technical Deep Dive

    May 26, 2022
    VMware recently patched a critical authentication bypass vulnerability in their VMware Workspace ONE Access, Identity Manager and vRealize Automation products (CVE-2022-22972). This vulnerability allows an attacker to login as any known local user.
    Read More →
    VMware Logo, CVE-2022-22972
    Blogs

    Log4Shell RCE Vulnerability in Apache Log4j: The Gift No One Wished For

    May 16, 2022
    The Log4Shell RCE vulnerability in Apache Log4j, CVE-2021-44228, dates to 2013 when Log4j 2.0-beta9 was released. An analysis of our pentesting data using NodeZero identified and provided proof of exploit for over 105 unique instances of the CVE within our customers’ environments.
    Read More →
    Woman unhappy with Log4shell Vulnerability
    Video

    Tech Talk: The Attackers Journey Pt. 3

    Noah King, Brad Hong, and Jake Murphy were back at it again with this third installment of 'The Attackers Journey'. This series has focused on Noah King on his journey to become an ethical hacker. Pt. 3 was no different, with a focus on Server-Side Request Forgery!
    Watch Now →
    Tech Talk: The Attackers Journey Part 3
    Blogs

    Horizon3.ai Researchers Able to Create Exploit for Critical F5 BIG-IP Flaw

    May 10, 2022
    It took just two days for a pair of researchers from Horizon3.ai to discover exploits for the new F5 BIG-IP vulnerability, and have called for devices to be immediately updated to protect against bad actors.
    Read More →
    F5 Big-IP Vulnerability - F5 Logo inside of a electric orb
    Attack Blogs

    F5 iControl REST Endpoint Authentication Bypass Technical Deep Dive

    May 9, 2022
    F5 recently patched a critical vulnerability in their BIG-IP iControl REST endpoint CVE-2022-1388. This vulnerability particularly worrisome for users because it is simple to exploit and provides an attacker with a method to execute arbitrary system commands.
    Read More →
    F5 CVE-2022-1388
    Whitepapers

    2022 SANS Analyst Report

    April 17, 2022
    SANS First Look: New technologies are emerging to help provide more consistent, repeatable pen tests that mimic real-world attack techniques.
    Read More →
    Video

    Tech Talk: The Attackers Journey Pt. 2

    This series centers around how to be an ethical hacker and the steps/processes to get there. In part 2, topics like understanding SQL injection; what SQL injection leads to; why defenders, IT Operators, etc. should care; and so much more were discussed.
    Watch Now →
    Tech Talk: The Attackers Journey Part 2
    Video

    Tech Talk: The Attackers Journey Pt.1

    Join us in side-saddling on an attacker’s journey with Noah King to become an ethical hacker!
    Watch Now →
    Tech Talk: The Attackers Journey Part 1
    Attack Blogs

    Using NodeZero to Find and Fix Log4Shell

    January 6, 2022
    Log4Shell is a "once-in-a-decade" type of vulnerability that will linger in environments for years to come. For a vulnerability with such a broad, lasting impact, it's important to establish a principled and disciplined approach for discovering and remediating it. NodeZero both detects and exploits Log4Shell, surfacing a wealth of information that can be used to…
    Read More →