NetSPI [Un]Wrapped: Our Top Hits from 2023 

Buckle up, rewind, and get ready for NetSPI’s reveal! Before we dive into the new year, we’re taking a moment to reflect on 2023—a year that passed by in a blur of milestones and moments. 

It was a year that demanded resilience, adaptability, and maybe a few extra cups of coffee. But amidst the whirlwind, there were triumphs, breakthroughs, and moments of sheer celebration on our team that made this year one to remember. 

Grab a warm cup of cheer, pull up a comfy chair, and join us as we rewind the track on 2023 through our favorite team moments, the resources that helped us thrive, and a much-needed reminder that even the most fast-paced years are worth slowing down to celebrate.

Our Favorite #TeamNetSPI Moments 

Marking milestones and welcoming new furry faces was all part of an exciting 2023 for our team. 

1. Celebrating our new headquarters 

Skyline views are on the horizon as we officially plant our flag at our amazing new headquarters. 

2. Officially passing 500 team members

Our team raced past 500 people in January, and is quickly approaching the next milestone, proving that we accomplish more together than we ever could apart. 

3. Welcoming Jersey to the NetSPI team

As the only four-legged member of our team, Jersey supports children and families during their time at the Masonic Children’s Hospital’s Institute for the Developing Brain. 

Top Educational Resources 

Building a more secure world starts with education. Our top resources this year spanned from Blockchain to Attack Surface Management

1. Offensive Security Vision Report 2023 

Our top resource in 2023 was NetSPI’s Offensive Security Vision Report, a first-hand study that summarizes the top vulnerabilities by attack surface and much more.

Offensive Security Vision Report 2023

2. 5 Blockchain Security Fundamentals Every C-Suite Needs to Know 

Dive into blockchain security! This eBook shares how major companies are using distributed ledger technology (DLT) today and the importance of security planning for blockchain operations. 

5 Blockchain Security Fundamentals Every C-Suite Needs to Know

3. How to Use Attack Surface Management for Continuous Pentesting

Point in time testing is so 2023. In this article, we explain how the shift to proactive security is rooted in always-on monitoring of known and unknown internet-facing assets.  

How to Use Attack Surface Management for Continuous Pentesting

Technical Articles the Industry Loved 

Technical articles reign supreme. 👑 Here are the top three technical articles our audience loved in 2023. 

1. Abusing Entra ID Misconfigurations to Bypass MFA

Explore Entra ID with Kyle Rozendaal. While conducting an Entra Penetration Test, we discovered a simple misconfiguration in Entra ID that allowed us to bypass MFA. 

Abusing Entra ID Misconfigurations to Bypass MFA

2. Escalating Privileges with Azure Function Apps 

Dive into privilege escalation with Karl Fosaaen. See how undocumented APIs used by the Azure Function Apps Portal menu allowed for directory traversal on the Function App containers. 

NetSPI Finds Privilege Escalation Vulnerability in Azure Function Apps

3. Mistaken Identity: Extracting Managed Identity Credentials from Azure Function Apps by Karl Fosaaen

Repurposed from our DEF CON Cloud Village Talk (What the Function: A Deep Dive into Azure Function App Security), Thomas Elling and Karl Fosaaen stumbled onto an extension of the existing research in the above article, Escalating Privileges with Azure Function Apps. 

Mistaken Identity: Extracting Managed Identity Credentials from Azure Function Apps 

Most Listened to Podcast Episodes 

Our mics were on fire this year! Tune in as we revisit the top podcast episodes that sparked debates, hit on industry best practices, and left you wanting to hit “repeat” on cyber defense. 

1. Episode 055: Teaching Next Gen Cybersecurity Leaders with Neil Plotnick 

Gear up for the future of cyber with Agent of Influence! In this episode, NetSPI’s Field CISO and host of the podcast Nabil Hannan tackles a pivotal topic: cybersecurity education. He’s joined by Neil Plotnick, a high school educator on the front lines as they dissect modern curriculum, student attitudes towards online data, and the crucial question: how do we cultivate the next generation of cyber defenders? 

2. Hack Responsibly: Riding the Azure Service Bus (Relay) into Power Platform with Scott Sutherland and Karl Fosaaen

On the inaugural episode of Hack Responsibly, we crack open the vault on Azure security with special guest, security consultant Jake Scheetz. Join the crew as they dissect Nick’s noteworthy vulnerability disclosure: a cross-tenant Azure exploit in Power Platform Connectors. 

3. Leading with FUN Instead of FUD with Tim Derrickson

Hold onto your hats—fun times and security insights are ahead! Nabil hosted guest Tim Derrickson, Director of IT and Security Services at One Step Secure IT, for a discussion on dropping the tone of Fear, Uncertainty, and Doubt (FUD) and injecting some much-needed fun into the cybersecurity conversation. 

Webinars that Captured Attention 

These webinars rose above the noise, giving our viewers tangible insight into NetSPI’s proactive security solutions, including Breach and Attack Simulation (BAS) and Attack Surface Management (ASM). 

1. Product Pulse: Demo of Breach and Attack Simulation (BAS)  

Hear from Spencer McClain as he guides you through our BAS platform demo and shares some of our favorite customer success stories. 

Product Pulse: Live Demo of Breach and Attack Simulation (BAS)

2. ASM In Action: NetSPI’s Attack Surface Management Demo 

See NetSPI’s ASM platform in action as Scott Henderson walks you through its ability to improve visibility, inventory, and understanding of known and unknown assets and exposures. 

Product Pulse: Live Demo of Breach and Attack Simulation (BAS)

3. Keeping Up with Medical Device Cybersecurity: Q&A with Product Security Leaders at Medtronic, Abbott, and MITRE 

Hear from medical device security leaders as they share best practices on compliance, updatability, vulnerability management, and more in this panel discussion. 

Keeping Up with Medical Device Cybersecurity: Q&A with Product Security Leaders at Medtronic, Abbott, and MITRE

As we raise a toast to the year’s successes and lessons learned, we can’t help feeling excited about the year to come. 2024 promises to be an adventure, and NetSPI is ready to tackle the challenges in stride. 

Get our best resources hand-picked for you. Want access to proactive security insights, industry takes, and a front-row seat to our 2024 game plan? Sign up for our monthly newsletter!  

Discover how the NetSPI BAS solution helps organizations validate the efficacy of existing security controls and understand their Security Posture and Readiness.