NetSPI was named a top penetration testing provider in GRC Outlook’s Top 10 Penetration Testing Providers 2022. Read the preview below or view it online.
+++
Ever since cybersecurity has been expanding its reach with innovations, there has also been an increasing number of cyber-attacks. This means, that as technology is expanding, cybercriminals are also increasing their potential and power. The recent global shutdown and remote work culture have greatly affected the increase in cybersecurity threats too. A lot of businesses rely on penetration testing tools to enhance their security as well as to find possible penetrations in their security architecture.
Today, penetration testing practices and solutions have evolved from being a completely manual and tedious process to a more automated and highly propagated process. With the advent of artificial intelligence and machine learning, penetration testing solutions are also improving dramatically. AI and ML not only gather all the information automatically but also analyze it and determine different courses of action, thus significantly improving the penetration testing results. AI and ML could help the pen tester understand the results of the scans by analyzing them and removing noise, taking into consideration information gathered from the previous phase combined with threat intelligence.
However, as numerous solutions and providers are existing in the industry, businesses are finding it a tough time to choose the right solutions provider that exactly fits their unique requirements of businesses. That’s why we’ve developed this special edition on Penetration Testing Solution Providers 2022. This special edition features some of the most innovative solution providers selected by our panel of researchers, editors, CTOs and cybersecurity professionals.
On July 20, NetSPI was listed as a top vendor in eSecurity Planet’s Top 20 Breach and Attack Simulation (BAS) Vendors for 2022. Read the preview below or view it online.
+++
Breach and attack simulation (BAS) remains a newer IT security technology, but its capabilities are increasingly essential to vigilance in a world of zero-day threats.
BAS can automatically spot vulnerabilities in an organization’s cyber defenses, akin to continuous, automated penetration testing. More than just pen testing and red team insights, BAS solutions often recommend and prioritize remediation to maximize security resources and minimize cyber exposure.
A few years into BAS’s entry into the cybersecurity marketplace, vendors range from startups to fast-growing mid-sized companies and vulnerability-focused enterprise companies. Some consolidation has already taken place, but more will come and the race to obtain a sustainable market share is far from over.
As the market develops, several vendors refer to advanced BAS solutions as security validation. Artificial intelligence and machine learning are an increasingly important part of this market, as automated cybersecurity tools need to be able to adjust as new threats emerge.
Top Breach & Attack Simulation Solutions
This roundup dives into the best in the BAS market, from the top-tier solutions to companies on the rise and honorable mentions.
With another year at Black Hat USA and DEF CON behind us, it’s time to reflect on some of the top takeaways, trending themes, and noteworthy best practices overheard across Vegas. In case you missed it, here’s what we were up to and what caught our attention at this year’s conferences:
NetSPI’s Nick Landers Briefs Black Hat Attendees on the Latest Kerberos Research
NetSPI’s Head of Adversarial R&D Nick Landers presented his latest research on Kerberos alongside James Forshaw, security researcher at Google Project Zero.
Nick and James’ research revealed that while Kerberos should be the recommended long-term solution for network authentication in Windows networks, it shouldn’t be considered more secure than its predecessors. What they uncovered is that Kerberos is a complicated protocol, and there has been little deconstruction on how a local machine handles it. This allowed them to expose several bugs within it.
A key takeaway Nick shared is that security teams must look to develop a fundamental understanding of each protocol and how they come into play. Teams shouldn’t just look for vulnerabilities; looking for a deeper understanding of how a protocol works will allow teams to better understand its risk locations.
Big picture, Nick hopes to bring further awareness to Kerberos security challenges and “hopes the talk will spur security and network administrators to brush on their Kerberos knowledge to better harden their systems.” The session slides are now available, or read more in Dark Reading here: “Abusing Kerberos for Local Privilege Escalation.”
The Launch of New, Open-Source Tools & Greater Industry Collaboration
On the first day of Black Hat, we announced the release of two new open-source penetration testing tools developed by NetSPI Senior Director Scott Sutherland. The tools, PowerHuntShares and PowerHunt, help defense, identity and access management (IAM), and security operations center (SOC) teams discover vulnerable network shares and improve detections.
PowerHuntShares is focused on identifying shares configured with excessive permissions and providing data insight to understand how they related to each other, when they were introduced into the environment, who owns them, and how exploitable they are.
PowerHunt is a threat hunting framework that can be used to quickly collect artifacts commonly associated with malicious behavior. While it calls out suspicious artifacts and statistical anomalies, its greatest value is simply producing data that can be used by other tools during threat hunting exercises.
These new tools emphasize the importance of more open-source collaboration in the information security community. Working together to solve some of the industry’s most pressing problems was a powerful theme at this year’s Black Hat, not only with the release of Scott’s tools, but also with the announcement of The Open Cybersecurity Schema Framework, an open project to develop a single, open standard for sharing data. We applaud and support the Open Cybersecurity Schema Framework as a step in the right direction to advance community collaboration.
Penetration Testing Services Continue to Be a Top Priority
As cybersecurity budgets are scrutinized, penetration testing continues to be top of mind for Black Hat attendees. In fact, from our conversations at the NetSPI booth and throughout the show floor, many security teams are looking to complete penetration testing exercises before the end of the year and recognize it as a top priority in their security strategy.
From a managed security service provider (MSSP) perspective, they are handling an increasing amount of requests from their customers asking for penetration testing, as they realize the value such exercises can bring to an organization when strengthening its security posture.
While discussing penetration testing services, many attendees on the show floor agreed that there’s an increased focus on continuous testing, and the one unique differentiator in any security service, including pentesting, is the human element – talented people on the front lines working to ensure organizations are properly protected and filling the gaps that tools leave behind. We discuss this topic in one of our recent blog posts: Technology Cannot Solve Our Greatest Cybersecurity Challenges, People Can.
Cloud Security Takes Center Stage as Threats Skyrocket
At DEF CON’s Cloud Village, NetSPI Senior Director Karl Fosaaen provided a comprehensive review of the security pitfalls within Azure Automation accounts from his perspective as a cloud pentester. In this presentation, Karl also shared an overview of Azure’s permissions model, including security principles and roles, to help people unfamiliar with the topic gain a better foundational knowledge of it.
Overall, the presentation dissected how Automation Accounts may be targeted by attackers and pentesters alike, highlighting a range of vulnerabilities and attacks. Karl left the audience with a plethora of potential Automation Account vulnerabilities to find and secure in their own environments as cloud security threats continue to expand. The session slides are now available here.
In addition to Karl’s talk at DEF CON 30, Thomas Elling, Senior Director of the cloud pentesting practice at NetSPI, joined industry experts from Immuta, OneSpan, Code42, Netskope, and Obsidian in a virtual media panel hosted by Inkhouse in the week prior to Black Hat USA. During the talk, the group outlined the top cloud security threats affecting organizations worldwide, as well as what’s in store for cloud security in the years to come. You can read up on the panel’s main takeaways in this SDxCentral piece: Decentralization Haunts Security, Cloud Transitions.
More Diversity and Inclusion Necessary in the Cybersecurity Industry
At DEF CON’s Girls Hack Village, NetSPI Managing Security Consultant Melissa Miller explored a prevalent topic for women across many industries – imposter syndrome.
During the presentation, Melissa spoke about her personal experiences as a woman navigating a career in cybersecurity and discussed the characteristics of a healthy work environment. She also shared tips on how to spot imposter syndrome, along with immunization strategies and key techniques to identify your strengths and weaknesses and use that information to pursue and achieve your career goals.
Melissa also participated in a panel around diversity in the cybersecurity industry. In this talk, Melissa highlighted that there needs to be more openness around the concept of variety, understanding of people’s differences, and an earnestness to gain different perspectives to lead to more creative problem solving.
Melissa also stressed that diversifying the cybersecurity industry would reduce the ‘boys club’ stigma that many people associate with it, helping to encourage diverse people to pursue cybersecurity-related degrees, creating better growth and diversity in the cybersecurity workforce as a result.
Both of these presentations echoed a major sentiment at Black Hat USA and DEF CON 30 this year around creating more diversity and inclusivity in the cybersecurity industry, especially as recruiting talent remains a key challenge for the cybersecurity industry.
Live Social Engineering at DEF CON 30
NetSPI consultants enjoyed the social engineering village at DEF CON 30 and where NetSPI’s on-site social engineering lead Dalin McClellan volunteered. At the village, they cold-called businesses in-real time to see if they could get them to share sensitive information. In one instance, the employee disclosed information around building security, where the cameras were, how badging worked, where employees kept their belongings on shift, and more.
In addition to the news announced and rumblings overheard at Black Hat, our team also noticed that Black Hat and DEF CON were back in full swing, with a crowded show floor, bustling briefing halls, and the industry buzzing in Las Vegas once again.
Amid the crowds, vendors tried to stand out on the show floor with some attention-grabbing activities, like a boxing ring. Several booths had the words “attack surface” front-and-center, proving that Attack Surface Management has become an increased priority for security teams.
With these major security events now behind us, it’s important for the security industry to continue raising awareness and spreading education about some of the important topics discussed on the show floor. As cybercriminals become more sophisticated and well-funded and organizations prioritize cybersecurity, we’ll need continuous collaboration in the industry to better bolster security measures, as well as increase diversity to help amplify and expand defense teams.
What major topics caught your attention at Black Hat or DEF CON? Share them with us on Twitteror LinkedIn.
On August 19, NetSPI was featured in Channel Futures’ article NetSPI Unleashes New Partner Program. Read the preview below or view it online.
+++
NetSPI, a provider of enterprise penetration testing and attack surface management, this week launched its NetSPI Partner Program.
The global program equips channel and technology partners with pentesting tools, services and talent, bolstering security worldwide. Partners can offer end users NetSPI’s vulnerability management technologies and human-delivered offensive security services. That allows both the partner and NetSPI to expand product and service offerings, further develop customer relationships and enter new markets.
Additionally, last month NetSPI joined the AWS Marketplace. That simplifies the procurement process for enterprise organizations with existing AWS relationships by allowing them to purchase NetSPI’s offerings directly via the marketplace.
Lauren Gimmillaro is NetSPI’s vice president of business development and strategic alliances.
“As today’s global attack surface evolves and cybercriminals become more sophisticated in nature, it’s critical to provide end users with the tools, services and skill sets they need to take an offensive approach to security,” she said. “Centered around our customer-first approach, the NetSPI Partner Program will allow our team to extend our world-class pentesting capabilities to a variety of diverse and trusted partners, strengthening organizations’ cyber security efforts across the globe.”
The program includes two partner types:
Channel partners: NetSPI provides its full suite of security services and products through a global channel network of referral and reseller partners. To meet partners’ requirements, the programs include a tier-based model consisting of referral fees, preferred client pricing and reseller discounts.
Technology partners: Security and third-party software companies help build integrations with NetSPI to improve overall customer experiences.
For both, NetSPI offers technical and sales support to help partners achieve their business and GTM goals.
NetSPI Partner Program equips channel and technology partners with pentesting tools, services, and talent, bolstering security worldwide.
Minneapolis, MN – NetSPI, the leader in enterprise penetration testing and attack surface management, today announced the launch of the NetSPI Partner Program which empowers its global channel and technology partners to deliver offensive security services during a time when it’s needed most.
Partners within the program can offer end users NetSPI’s proven vulnerability management technologies and human-delivered offensive security services, allowing both the partner and NetSPI to expand product and service offerings, further develop customer relationships, and enter new markets. Additionally, last month NetSPI joined the AWS Marketplace, simplifying the procurement process for enterprise organizations with existing AWS relationships by allowing them to purchase NetSPI’s offerings directly via the marketplace.
The program is led by NetSPI’s Vice President of Business Development and Strategic Alliances, Lauren Gimmillaro. Gimmillaro has a track record of launching four successful partner programs, consisting of working with channel, referral, reseller, and technology partners.
“As today’s global attack surface evolves and cybercriminals become more sophisticated in nature, it’s critical to provide end users with the tools, services, and skill sets they need to take an offensive approach to security,” said Gimmillaro. “Centered around our customer-first approach, the NetSPI Partner Program will allow our team to extend our world-class pentesting capabilities to a variety of diverse and trusted partners, strengthening organizations’ cyber security efforts across the globe.”
The NetSPI Partner Program encompasses the following partnership types:
Channel Partners: NetSPI provides its full suite of security services and products through a global channel network of referral and reseller partners. To meet partners’ requirements, the programs include a tier-based model consisting of referral fees, preferred client pricing, and reseller discounts.
Technology Partners: Security and third-party software companies help build meaningful integrations with NetSPI to improve overall customer experiences.
For both, NetSPI offers technical and sales support to help partners achieve their business and go-to-market goals.
“Through the NetSPI Partner Program, SecureLink has been able to provide enterprises in the Middle East and Africa region access to NetSPI’s continuous and scalable suite of offensive security solutions,” said Manish Pardeshi, director of cybersecurity practices at SecureLink. “With NetSPI, we are proud to offer unmatched sophistication, methodology, and value to our global customer base.”
“Apiiro is proud to be part of the NetSPI Partner Program. The partnership has provided our customers with next-gen, context aware pentesting capabilities and NetSPI customers with our ability to detect and fix critical risks in cloud-native applications,” said John Leon, vice president of business development at Apiiro. “Being a member of the NetSPI Partner Program allows us to achieve our sales goals while providing mutual customers with industry leading services and expertise.”
NetSPI is the leader in enterprise security testing and attack surface management, partnering with nine of the top 10 U.S. banks, three of the world’s five largest healthcare companies, the largest global cloud providers, and many of the Fortune® 500. NetSPI offers Penetration Testing as a Service (PTaaS) through its Resolve™ penetration testing and vulnerability management platform. Its experts perform deep dive manual penetration testing of application, network, and cloud attack surfaces, historically testing over 1 million assets to find 4 million unique vulnerabilities. NetSPI is headquartered in Minneapolis, MN and is a portfolio company of private equity firms Sunstone Partners, KKR, and Ten Eleven Ventures. Follow us on Facebook, Twitter, and LinkedIn.
On August 12, NetSPI Chief Technology Officer Travis Hoyt was featured in the Blockworks article called Netherlands Arrests Suspected Tornado Cash Dev Days After US Sanctions. Read the preview below or view it online.
+++
Dutch financial crimes agency FIOD arrested a 29-year-old developer in Amsterdam on Wednesday over suspected involvement in laundering money through crypto mixer Tornado Cash.
FIOD said a team began probing Tornado Cash in June. The investigation is led by the Public Prosecutor’s office.
“Multiple arrests are not ruled out,” the Fiscal Information and Investigation Service said in a statement, adding that the male suspect had been brought before a judge.
Earlier this week, the US Treasury sanctioned Tornado Cash addresses over allegations it laundered $7 billion worth of digital assets since it launched in 2019. That figure matches the total value of funds sent through Tornado Cash since its launch in February last year, per a Dune Analytics dashboard.
The platform’s web interface quickly went dark after major Ethereum node provider Infura pulled the plug, with its website is now offline. Code repository GitHub also shut down Tornado Cash’s account. Tornado Cash’s native token, TORN, has collapsed 40% since the sanctions were revealed, per CoinGecko.
“The online service [Tornado Cash] makes it possible to conceal the origin or destination of cryptocurrencies,” FIOD said. “The (criminal) origin of the cryptocurrencies is often not or hardly checked by such mixing services. Users of a mixing service mostly do this to increase their anonymity.”
Circle enforces Tornado Cash sanctions, leaving DeFi exposed
Tornado Cash’s protocol and its user interface are open source, meaning that anyone can contribute to its code. The Ethereum-powered project pitches itself as privacy-preserving, allowing users to commingle cryptocurrency inside smart contracts.
Once digital assets are withdrawn from Tornado Cash — depending on how long they spent in the mixing pool — their financial provenance should be too murky for onlookers to track, the idea goes.
Benign use cases for Tornado Cash exist. Following the US sanctions, Ethereum co-founder Vitalik Buterin, who was born in Russia, tweeted he’d used the to donate privately to pro-Ukraine outfits.
US authorities, alongside blockchain analytics units such as Chainalysis, believe the protocol a favorite among North Korean hacker unit Lazarus Group, which has allegedly used it to wash troves of crypto stolen in various hacking incidents, such as the Axie Infinite and Harmony attacks.
But enforcing the US’ Tornado Cash sanctions may prove challenging. In an apparent act of defiance, one anonymous user recently sent small amounts of ether via the protocol to celebrities with known blockchain addresses, including Shaquille O’Neal and Jimmy Fallon.
Banning the wallets and open source repositories might send a signal, but doesn’t eliminate the capability, according to Travis Hoyt, NetSPI’s chief technology officer. He believes more bullet-proof solutions could emerge.
“The sanctions also highlight that the extent to which this can be enforced is limited by the reach of US law, and with the global and decentralized nature of the cryptocurrency space, there may still be plenty of additional avenues for criminals to pursue their goals that are out of reach,” Hoyt said.
On August 17, NetSPI was featured in Channel Marketer Report’s With Experienced Channel Leader On Board, NetSPI Launches First Formal Partner Program. Read the preview below or view it online.
+++
NetSPI, an enterprise penetration testing and attack surface management solution provider, has launched its first formalized program to support its global channel and technology partners.
Partners within the program can offer end users NetSPI’s vulnerability management technologies and human-delivered offensive security services, allowing both the partner and NetSPI to expand product and service offerings, further develop customer relationships, and enter new markets.
The program is led by Lauren Gimmillaro, NetSPI’s Vice President of Business Development and Strategic Alliances. Gimmillaro has a track record of launching four successful partner programs, consisting of working with channel, referral, reseller, and technology partners.
The NetSPI Partner Program provides its referral and reseller partners with the company’s full suite of security services and products. To meet partners’ requirements, the programs include a tier-based model consisting of referral fees, preferred client pricing, and reseller discounts, the company said in a press release.
“NetSPI offers free unlimited technical and business training to ensure our partners feel comfortable speaking to NetSPI’s products and services,” Gimmillaro told CMR. “Additionally, we will support our partners with a variety of go-to-market initiatives, which include featuring partners on our blog, LinkedIn announcements, joint one-pagers, co-hosted events and webinars, and more.”
On August 10, NetSPI Senior Director Scott Sutherland was featured in the Dark Reading article called New Open Source Tools Launched for Adversary Simulation. Read the preview below or view it online.
+++
Network shares in Active Directory environments configured with excessive permissions pose serious risks to the enterprise in the form of data exposure, privilege escalation, and ransomware attacks. Two new open source adversary simulation tools PowerHuntShares and PowerHunt help enterprise defenders discover vulnerable network shares and manage the attack surface.
The tools will help defense, identity and access management (IAM), and security operations center (SOC) teams streamline share hunting and remediation of excessive SMB share permissions in Active Directory environments, NetSPI’s senior director Scott Sutherland wrote on the company blog. Sutherland developed these tools.
PowerHuntShares inventories, analyzes, and reports excessive privilege assigned to SMB shares on Active Directory domain joined computers. The PowerHuntShares tool addresses the risks of excessive share permissions in Active Directory environments that can lead to data exposure, privilege escalation, and ransomware attacks within enterprise environments.
“PowerHuntShares will inventory SMB share ACLs configured with ‘excessive privileges’ and highlight ‘high risk’ ACLs [access control lists],” Sutherland wrote.
PowerHunt, a modular threat hunting framework, identifies signs of compromise based on artifacts from common MITRE ATT&CK techniques and detects anomalies and outliers specific to the target environment. The tool automates the collection of artifacts at scale using PowerShell remoting and perform initial analysis.
On August 10, NetSPI Senior Director Scott Sutherland was featured in the Open Source For You article called New Open Source Tools From NetSPI Address Information Security Issues. Read the preview below or view it online.
+++
Two new open source solutions for identity and access management (IAM) and security operations centre (SOC) groups have been made available by NetSPI, a business that specialises in enterprise penetration testing and attack surface management. Information security teams will benefit from these tools, PowerHuntShares and PowerHunt, which will help them find weak network shares and enhance detections in general.
PowerHuntShares intends to lessen the problems created by excessive powers in corporate systems, such as data disclosure, privilege escalation, and ransomware assaults. On Active Directory domain-joined PCs, the programme detects, examines, and reports excessive share permissions linked to their respective SMB shares.
A modular threat hunting platform called PowerHunt finds dangers in a variety of target contexts as well as targets-specific oddities and outliers. This detection is based on artefacts from popular MITRE ATT&CK techniques. The collecting of these artefacts is automated using PowerShell remoting, and initial analysis is then performed. Along with other tools and procedures, PowerHunt also creates simple-to-use.csv files for improved triage and analysis.
“I’m proud to work for an organization that understands the importance of open-source tool development and encourages innovation through collaboration,” said Scott Sutherland, senior director at NetSPI. “I urge the security community to check out and contribute to these tools so we can better understand our SMB share attack surfaces and improve strategies for remediation, together.”
On August 10, NetSPI Senior Director Scott Sutherland was featured in the Help Net Security article called NetSPI unveils two open-source tools to assist defence teams in uncovering vulnerable network shares. Read the preview below or view it online.
+++
At Black Hat USA 2022, NetSPI has unveiled two new open-source tools for the information security community: PowerHuntShares and PowerHunt.
These new adversary simulation tools were developed by NetSPI’s Senior Director, Scott Sutherland, to help defense, identity and access management (IAM), and security operations center (SOC) teams discover vulnerable network shares and improve detections.
PowerHuntShares inventories, analyzes, and reports excessive privilege assigned to SMB shares on Active Directory domain joined computers. This capability helps address the risks of excessive share permissions in Active Directory environments that can lead to data exposure, privilege escalation, and ransomware attacks within enterprise environments.
PowerHunt, a modular threat hunting framework, identifies signs of compromise based on artifacts from common MITRE ATT&CK techniques and detects anomalies and outliers specific to the target environment. PowerHunt automates the collection of artifacts at scale using PowerShell remoting and perform initial analysis. It can also output easy to consume .csv files so that additional triage and analysis can be done using other tools and processes.
“I’m proud to work for an organization that understands the importance of open-source tool development and encourages innovation through collaboration,” said Scott. “I urge the security community to check out and contribute to these tools so we can better understand our SMB share attack surfaces and improve strategies for remediation, together.”
Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
Name
Domain
Purpose
Expiry
Type
YSC
youtube.com
YouTube session cookie.
52 years
HTTP
Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.
Name
Domain
Purpose
Expiry
Type
VISITOR_INFO1_LIVE
youtube.com
YouTube cookie.
6 months
HTTP
Test
test.com
Testing
7 days
HTTP
Analytics cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.
We do not use cookies of this type.
Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.
We do not use cookies of this type.
Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.
We do not use cookies of this type.
Cookies are small text files that can be used by websites to make a user's experience more efficient. The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission. This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.
Cookie Settings
Discover how the NetSPI BAS solution helps organizations validate the efficacy of existing security controls and understand their Security Posture and Readiness.
Back
