Explore the Minds of The NetSPI Agents
Advance your proactive security knowledge by learning from some of the brightest people in cybersecurity. Our executive blog gives perspective on industry trends, while Hack Responsibly dives deep into the latest CVEs and tactical approaches our team takes. Take your pick!
Our Favorite Picks
CVE-2024-21378 — Remote Code Execution in Microsoft Outlook
Learn how NetSPI discovered that Microsoft Outlook was vulnerable to authenticated remote code execution (RCE) via synced form objects.
15 Ways to Bypass the PowerShell Execution Policy
NetSPI security expert Scott Sutherland covers 15 ways to bypass the PowerShell execution policy without having local administrator rights on the system.
How to Use Attack Surface Management for Continuous Pentesting
Uncover attack surfaces and exposures with NetSPI’s offensive security including Attack Surface Management (ASM) to enable continuous pentesting.
CVE-2025-21299 and CVE-2025-29809: Unguarding Microsoft Credential Guard
Learn more about the January 2025 Patch Tuesday that addresses a critical vulnerability where Kerberos canonicalization flaws allow attackers to bypass Virtualization Based Security and extract protected TGTs from Windows systems.
CVE-2025-27590 – Oxidized Web: Local File Overwrite to Remote Code Execution
Learn about a critical security vulnerability (CVE-2025-27590) in Oxidized Web v0.14 that allows attackers to overwrite local files and execute remote code execution.
Is It Worth It? Let Me Work It: Calculating the Cost Savings of Proactive Security
Discover the cost savings of proactive security solutions to support your shift from traditional vulnerability management to a risk-based approach to exposure management.
A Not So Comprehensive Guide to Securing Your Salesforce Organization
Explore key background knowledge on authorization issues and common bad practices developers may unintentionally introduce in Salesforce Orgs.
Let’s Talk Cybersecurity on the Agent of Influence Podcast
Ready to contribute to meaningful conversations in cybersecurity? Join Agent of Influence with Nabil Hannan, NetSPI Field CISO and podcast host.
NetSPI’s Take on Exposure Management: Our Highlights from Gartner® Hype Cycle™ for Security Operations, 2024
Learn NetSPI’s key takeaways from Gartner® Hype Cycle™ for Security Operations, 2024
Internal vs. External Penetration Testing: What You Need to Know
Internal and external penetration testing are critical components of a holistic security testing program. Learn the differences and use cases of each type.
Redefining Breach and Attack Simulation (BAS) with BAS as a Service
Validate the effectiveness of security controls with NetSPI’s Breach and Attack Simulation as a Service. Simulate real-world attacks, benchmark detection coverage, and improve defenses.
The Things We Think and Do Not Say: The Future of Our Beacon Object Files (BOFs)
Learn about a reference design for a new Beacon Object Files portable executable concept and helpful features.
NetSPI Wins First Place at SHARE Mainframe Capture the Flag Event
Learn how NetSPI’s Mainframe Pentesting team claimed first place at SHARE’s inaugural Capture the Flag event, showcasing elite z/OS security expertise.
Key Strategies for Tackling External Attack Surface Visibility
Hear from NetSPI Partners on how they tackle external attack surface visibility. These expert insights will help secure assets and boost cyber defense.
CVE-2024-28989: Weak Encryption Key Management in Solar Winds Web Help Desk
Learn how an attacker with access to a backup file could potentially recover certain encrypted passwords.