Explore the Minds of The NetSPI Agents
Advance your proactive security knowledge by learning from some of the brightest people in cybersecurity. Our executive blog gives perspective on industry trends, while Hack Responsibly dives deep into the latest CVEs and tactical approaches our team takes. Take your pick!
Our Favorite Picks
CVE-2024-21378 — Remote Code Execution in Microsoft Outlook
Learn how NetSPI discovered that Microsoft Outlook was vulnerable to authenticated remote code execution (RCE) via synced form objects.
15 Ways to Bypass the PowerShell Execution Policy
NetSPI security expert Scott Sutherland covers 15 ways to bypass the PowerShell execution policy without having local administrator rights on the system.
How to Use Attack Surface Management for Continuous Pentesting
Uncover attack surfaces and exposures with NetSPI’s offensive security including Attack Surface Management (ASM) to enable continuous pentesting.
From Pentest Report to Boardroom Strategy in 5 Steps
Learn how to turn technical findings from penetration testing into executive action with a five-step approach for maximizing pentesting value.
DEF CON 33: NetSPI’s “Access Everywhere” Experience
NetSPI security experts share key insights from DEF CON 33’s “Access Everywhere” theme, from networking with hackers to expanding security expertise through sessions and workshops.
Assessing the True Business Impact of a Malicious Connected App
Discover the cascading risks of malicious Connected Apps in Salesforce. Learn how to assess business impact, secure your org, and protect critical infrastructure.
We Know What You Did (in Azure) Last Summer
At DEF CON 33, NetSPI presented a talk about how Azure resources supporting Entra ID authentication expose tenant IDs, enabling attackers to attribute cloud resources to specific organizations at scale.
Walking the Cybersecurity AI Tightrope
Explore the balance of AI and human expertise in cybersecurity, addressing both benefits and limitations for effective security strategies.
Unix Underworld: Tales from the Dark Side of z/OS
Discover how penetration testing ensures compliance with SOC 2, PCI DSS, and HIPAA, safeguarding data, mitigating risks, and building trust in a data-driven world.
Penetration Testing for Compliance: Achieving SOC 2, PCI DSS, and HIPAA
Discover how penetration testing ensures compliance with SOC 2, PCI DSS, and HIPAA, safeguarding data, mitigating risks, and building trust in a data-driven world.
Automating Azure App Services Token Decryption
Discover how to decrypt Azure App Services authentication tokens automatically using MicroBurst’s tooling to extract encrypted tokens for security testing.
3 Lessons Learned from Simulating Attacks in the Cloud
Learn key lessons from NetSPI’s work simulating attacks in the cloud. Learn how Breach and Attack Simulation improves cloud security, logging, and detection capabilities.
CVE-2025-4660: Forescout SecureConnector RCE
Learn about the high-risk RCE vulnerability in Forescout SecureConnector allows attackers to turn security agents into C2 channels.
Part 2: Ready for Red Teaming? Crafting Realistic Scenarios Reflecting Real-World Threats
Learn to craft realistic red team scenarios that reflect real-world threats. Gain actionable insights to strengthen detection and response capabilities.
Detecting Authorization Flaws in Java Spring via Source Code Review (SCR)
Discover how secure code review catches privilege escalation vulnerabilities in Java Spring apps that pentests miss – identify insecure patterns early.