Explore the Minds of The NetSPI Agents
Advance your proactive security knowledge by learning from some of the brightest people in cybersecurity. Our executive blog gives perspective on industry trends, while Hack Responsibly dives deep into the latest CVEs and tactical approaches our team takes. Take your pick!
Our Favorite Picks
CVE-2024-21378 — Remote Code Execution in Microsoft Outlook
Learn how NetSPI discovered that Microsoft Outlook was vulnerable to authenticated remote code execution (RCE) via synced form objects.
15 Ways to Bypass the PowerShell Execution Policy
NetSPI security expert Scott Sutherland covers 15 ways to bypass the PowerShell execution policy without having local administrator rights on the system.
How to Use Attack Surface Management for Continuous Pentesting
Uncover attack surfaces and exposures with NetSPI’s offensive security including Attack Surface Management (ASM) to enable continuous pentesting.
Shift Left Security: Integrating Pentesting Early in Development
Discover how to integrate penetration testing into a shift left security strategy, enhancing application security early in the development lifecycle.
Validating Azure Cloud Security with Breach and Attack Simulation as a Service
NetSPI’s Breach and Attack Simulation as a Service offers focused simulation tests for Azure users to validate your cloud security capabilities.
Getting Shells at Terminal Velocity with Wopper
This article introduces Wopper – a new NetSPI tool that creates self-deleting PHP files and automates code execution on WordPress using administrator credentials.
CVE-2025-21299 and CVE-2025-29809: Unguarding Microsoft Credential Guard
Learn more about the January 2025 Patch Tuesday that addresses a critical vulnerability where Kerberos canonicalization flaws allow attackers to bypass Virtualization Based Security and extract protected TGTs from Windows systems.
CVE-2025-27590 – Oxidized Web: Local File Overwrite to Remote Code Execution
Learn about a critical security vulnerability (CVE-2025-27590) in Oxidized Web v0.14 that allows attackers to overwrite local files and execute remote code execution.
Is It Worth It? Let Me Work It: Calculating the Cost Savings of Proactive Security
Discover the cost savings of proactive security solutions to support your shift from traditional vulnerability management to a risk-based approach to exposure management.
A Not So Comprehensive Guide to Securing Your Salesforce Organization
Explore key background knowledge on authorization issues and common bad practices developers may unintentionally introduce in Salesforce Orgs.
Let’s Talk Cybersecurity on the Agent of Influence Podcast
Ready to contribute to meaningful conversations in cybersecurity? Join Agent of Influence with Nabil Hannan, NetSPI Field CISO and podcast host.
NetSPI’s Take on Exposure Management: Our Highlights from Gartner® Hype Cycle™ for Security Operations, 2024
Learn NetSPI’s key takeaways from Gartner® Hype Cycle™ for Security Operations, 2024
Internal vs. External Penetration Testing: What You Need to Know
Internal and external penetration testing are critical components of a holistic security testing program. Learn the differences and use cases of each type.
Redefining Breach and Attack Simulation (BAS) with BAS as a Service
Validate the effectiveness of security controls with NetSPI’s Breach and Attack Simulation as a Service. Simulate real-world attacks, benchmark detection coverage, and improve defenses.
The Things We Think and Do Not Say: The Future of Our Beacon Object Files (BOFs)
Learn about a reference design for a new Beacon Object Files portable executable concept and helpful features.