Explore the minds of The NetSPI Agents

Advance your proactive security knowledge by learning from some of the brightest people in cybersecurity. Our executive blog gives perspective on industry trends, while Hack Responsibly dives deep into the latest CVEs and tactical approaches our team takes. Take your pick!

Social Engineering

The Rapid Evolution of AI Voice Cloning and its Implications for Cybersecurity 

Learn about the rise of AI voice cloning, its cybersecurity challenges, and necessary measures for IT and InfoSec leaders to stay protected.

Learn More
Mainframe Penetration Testing

Mapping Mainframe Memory Made Easy

Explore how NetSPI’s own LPAR enhances pentesting efficiency through rapid tool prototyping and deployment.

Learn More
Personnel Development

5 Essential Cybersecurity Leadership Tips for Technologists 

Learn about Sam Horvath’s journey from pentester to Managing Director at NetSPI, with cybersecurity leadership tips for aspiring technologists.

Learn More
Network Pentesting

Hijacking SQL Server Credentials using Agent Jobs for Domain Privilege Escalation 

Learn how threat actors can exploit SQL Server credential objects to escalate domain privileges and how you can detect it.

Learn More
Penetration Testing as a Service (PTaaS)

The Balancing Act of In-House vs Third-Party Penetration Testing

Discover how combining in-house and third-party penetration testing brings a hybrid approach to enhance your cybersecurity strategy.

Learn More
Web Application Pentesting

CVE-2024-37888 – CKEditor 4 Open Link plugin XSS

NetSPI discovered CVE-2024-37888, a cross-site scripting (XSS) vulnerability in the CKEditor 4 Open Link plugin. Read about the nature of the vulnerability and its implications.

Learn More
Cloud Pentesting

An Introduction to GCPwn – Parts 2 and 3

Example exploit path using GCPwn covering enumeration, brute forcing secrets manager versions, and downloading data from cloud storage both through default enum_buckets and with HMAC keys.

Learn More
NetSPI Updates

4 Key Themes from Black Hat USA 2024

See NetSPI’s key takeaways from Black Hat USA 2024, including AI hype, pentesting automation, and the importance of third-party risk management.

Learn More
NetSPI Agent Updates

DEF CON 32 Recap: Insights and Experiences from The NetSPI Agents 

Explore the highlights of DEF CON 32 through the eyes of The NetSPI Agents. Discover key takeaways, expert insights, and firsthand experiences from this year’s premier hacker conference.

Learn More
Breach and Attack Simulation (BAS)

Improving Ransomware Detection with Breach and Attack Simulation (BAS)

Explore how breach and attack Simulation (BAS) can enhance your ability to identify and mitigate ransomware threats early in the cyber kill chain.

Learn More
Cloud Pentesting

Extracting Managed Identity Certificates from the Azure Arc Service 

The Azure Arc service is handy for bringing on-prem systems to the cloud, but it includes features that could lead to pivots from on-prem into your Azure environment.

Learn More
Adversarial Machine Learning

How to Navigate the Stiff-Arm When Protecting Your Generative AI Initiatives

Learn to effectively protect generative AI initiatives by integrating proactive security measures and gaining business buy-in for safer deployment.

Learn More