Explore the Minds of The NetSPI Agents
Advance your proactive security knowledge by learning from some of the brightest people in cybersecurity. Our executive blog gives perspective on industry trends, while Hack Responsibly dives deep into the latest CVEs and tactical approaches our team takes. Take your pick!
Our Favorite Picks
CVE-2024-21378 — Remote Code Execution in Microsoft Outlook
Learn how NetSPI discovered that Microsoft Outlook was vulnerable to authenticated remote code execution (RCE) via synced form objects.
15 Ways to Bypass the PowerShell Execution Policy
NetSPI security expert Scott Sutherland covers 15 ways to bypass the PowerShell execution policy without having local administrator rights on the system.
How to Use Attack Surface Management for Continuous Pentesting
Uncover attack surfaces and exposures with NetSPI’s offensive security including Attack Surface Management (ASM) to enable continuous pentesting.
CVE-2025-4660: Forescout SecureConnector RCE
Learn about the high-risk RCE vulnerability in Forescout SecureConnector allows attackers to turn security agents into C2 channels.
Part 2: Ready for Red Teaming? Crafting Realistic Scenarios Reflecting Real-World Threats
Learn to craft realistic red team scenarios that reflect real-world threats. Gain actionable insights to strengthen detection and response capabilities.
Detecting Authorization Flaws in Java Spring via Source Code Review (SCR)
Discover how secure code review catches privilege escalation vulnerabilities in Java Spring apps that pentests miss – identify insecure patterns early.
Set Sail: Remote Code Execution in SailPoint IQService via Default Encryption Key
NetSPI discovered a remote code execution vulnerability in SailPoint IQService using default encryption keys. Exploit details, discovery methods, and remediation guidance included.
Dark Web Monitoring And Why Your EASM Strategy Depends On It
Organizations face threats beyond their perimeter. Explore how dark web monitoring, breach data tracking, and public exposure detection strengthen your EASM strategy.
Extracting Sensitive Information from Azure Load Testing
Learn how Azure Load Testing’s JMeter JMX and Locust support enables code execution, metadata queries, reverse shells, and Key Vault secret extraction vulnerabilities.
3 Key Takeaways from Continuous Threat Exposure Management (CTEM) For Dummies, NetSPI Special Edition
Discover continuous threat exposure management (CTEM) to learn how to bring a proactive approach to cybersecurity and prioritize the most important risks to your business.
How Often Should Organizations Conduct Penetration Tests?
Learn how often organizations should conduct penetration tests. Discover industry best practices, key factors influencing testing frequency, and why regular pentesting is essential for business security.
Mainframe State of the Platform: 2025 Security Assessment
Learn key insights into mainframe security in 2025, including trends, gaps, and strategies to enhance protection for critical enterprise systems.
The Penetration Testing Life Cycle Explained
Learn about the 5 phases of penetration testing and how this structured process uncovers vulnerabilities and strengthens your cybersecurity defenses.
Understanding Indirect Prompt Injection Attacks in LLM-Integrated Workflows
Learn how indirect prompt injection attacks exploit AI workflows, their security risks, and strategies for protecting your systems from these hidden threats.
CVE-2025-26685 – Spoofing to Elevate Privileges with Microsoft Defender for Identity
Discover how NetSPI uncovered and reported a vulnerability in Microsoft Defender for Identity that allowed unauthenticated attackers to perform spoofing and elevate privileges.