Explore the minds of The NetSPI Agents

Advance your proactive security knowledge by learning from some of the brightest people in cybersecurity. Our executive blog gives perspective on industry trends, while Hack Responsibly dives deep into the latest CVEs and tactical approaches our team takes. Take your pick!

Mainframe Penetration Testing

NetSPI Wins First Place at SHARE Mainframe Capture the Flag Event

Learn how NetSPI’s Mainframe Pentesting team claimed first place at SHARE’s inaugural Capture the Flag event, showcasing elite z/OS security expertise.

Learn More
External Attack Surface Visibility

Key Strategies for Tackling External Attack Surface Visibility

Hear from NetSPI Partners on how they tackle external attack surface visibility. These expert insights will help secure assets and boost cyber defense.

Learn More
Adversary Simulation

CVE-2024-28989: Weak Encryption Key Management in Solar Winds Web Help Desk

Learn how an attacker with access to a backup file could potentially recover certain encrypted passwords.

Learn More
Penetration Testing as a Service (PTaaS)

Penetration Testing vs. Vulnerability Scanning: What’s the Difference?

Learn the differences between penetration testing and vulnerability scanning to choose the right cybersecurity approach for your organization.

Learn More
Attack Surface Management (ASM)

Harnessing Exposure Management with Continuous Attack Surface Testing 

Continuous attack surface testing helps organizations prioritize remediation steps and focus cybersecurity resources on the most valuable efforts.

Learn More
Hardware and Embedded Systems Penetration Testing

Practical Methods for Decapping Chips

Discover the intricate process of chip decapping, exposing secrets stored within snuggly layers of industrial epoxy, sleeping in beds of silicon.

Learn More
Cloud Pentesting

Hijacking Azure Machine Learning Notebooks (via Storage Accounts)

Abusing Storage Account Permissions to attack Azure Machine Learning notebooks

Learn More
NetSPI Updates

Celebrating NetSPI’s Partners of the Year 2024

Congratulations to NetSPI’s 2024 Partner of the Year Recipients Defy Security, VLCM, Softcat, Enduir, Evotek, and AWS

Learn More
Web Application Pentesting

Exploiting Second Order SQL Injection with Stored Procedures

Learn how to detect and exploit second-order SQL injection vulnerabilities using Out-of-Band (OOB) techniques, including leveraging DNS requests for data extraction.

Learn More
Proactive Security

CTEM Defined: The Fundamentals of Continuous Threat Exposure Management

Learn how continuous threat exposure management (CTEM) boosts cybersecurity with proactive strategies to assess, manage, and reduce risks.

Learn More
AI/ML Pentesting

Balancing Security and Usability of Large Language Models: An LLM Benchmarking Framework

Explore the integration of Large Language Models (LLMs) in critical systems and the balance between security and usability with a new LLM benchmarking framework.

Learn More
Web Application Pentesting

From Informational to Critical: Chaining & Elevating Web Vulnerabilities

Learn about administrative access and Remote Code Execution (RCE) exploitation from a recent Web Application Pentest.

Learn More