Explore the minds of The NetSPI Agents
Advance your proactive security knowledge by learning from some of the brightest people in cybersecurity. Our executive blog gives perspective on industry trends, while Hack Responsibly dives deep into the latest CVEs and tactical approaches our team takes. Take your pick!
Our favorite picks
CVE-2024-21378 — Remote Code Execution in Microsoft Outlook
Learn how NetSPI discovered that Microsoft Outlook was vulnerable to authenticated remote code execution (RCE) via synced form objects.
15 Ways to Bypass the PowerShell Execution Policy
By default, PowerShell is configured to prevent the execution of PowerShell scripts on Windows systems. In this blog I’ll cover 15 ways to bypass the PowerShell execution policy without having local administrator rights on the system.
How to Use Attack Surface Management for Continuous Pentesting
Uncover attack surfaces and exposures with NetSPI’s offensive security including Attack Surface Management (ASM) to enable continuous pentesting.
The Rapid Evolution of AI Voice Cloning and its Implications for Cybersecurity
Learn about the rise of AI voice cloning, its cybersecurity challenges, and necessary measures for IT and InfoSec leaders to stay protected.
Mapping Mainframe Memory Made Easy
Explore how NetSPI’s own LPAR enhances pentesting efficiency through rapid tool prototyping and deployment.
5 Essential Cybersecurity Leadership Tips for Technologists
Learn about Sam Horvath’s journey from pentester to Managing Director at NetSPI, with cybersecurity leadership tips for aspiring technologists.
Hijacking SQL Server Credentials using Agent Jobs for Domain Privilege Escalation
Learn how threat actors can exploit SQL Server credential objects to escalate domain privileges and how you can detect it.
The Balancing Act of In-House vs Third-Party Penetration Testing
Discover how combining in-house and third-party penetration testing brings a hybrid approach to enhance your cybersecurity strategy.
CVE-2024-37888 – CKEditor 4 Open Link plugin XSS
NetSPI discovered CVE-2024-37888, a cross-site scripting (XSS) vulnerability in the CKEditor 4 Open Link plugin. Read about the nature of the vulnerability and its implications.
An Introduction to GCPwn – Parts 2 and 3
Example exploit path using GCPwn covering enumeration, brute forcing secrets manager versions, and downloading data from cloud storage both through default enum_buckets and with HMAC keys.
4 Key Themes from Black Hat USA 2024
See NetSPI’s key takeaways from Black Hat USA 2024, including AI hype, pentesting automation, and the importance of third-party risk management.
DEF CON 32 Recap: Insights and Experiences from The NetSPI Agents
Explore the highlights of DEF CON 32 through the eyes of The NetSPI Agents. Discover key takeaways, expert insights, and firsthand experiences from this year’s premier hacker conference.
Improving Ransomware Detection with Breach and Attack Simulation (BAS)
Explore how breach and attack Simulation (BAS) can enhance your ability to identify and mitigate ransomware threats early in the cyber kill chain.
Extracting Managed Identity Certificates from the Azure Arc Service
The Azure Arc service is handy for bringing on-prem systems to the cloud, but it includes features that could lead to pivots from on-prem into your Azure environment.
How to Navigate the Stiff-Arm When Protecting Your Generative AI Initiatives
Learn to effectively protect generative AI initiatives by integrating proactive security measures and gaining business buy-in for safer deployment.