Back
NetSPI [Un]Wrapped: Our Top Hits from 2023
Buckle up, rewind, and get ready for NetSPI’s reveal! Before we dive into the new year, we’re taking a moment to reflect on 2023—a year that passed by in a blur of milestones and moments.
It was a year that demanded resilience, adaptability, and maybe a few extra cups of coffee. But amidst the whirlwind, there were triumphs, breakthroughs, and moments of sheer celebration on our team that made this year one to remember.
Grab a warm cup of cheer, pull up a comfy chair, and join us as we rewind the track on 2023 through our favorite team moments, the resources that helped us thrive, and a much-needed reminder that even the most fast-paced years are worth slowing down to celebrate.
Our Favorite #TeamNetSPI Moments
Marking milestones and welcoming new furry faces was all part of an exciting 2023 for our team.
1. Celebrating our new headquarters
Skyline views are on the horizon as we officially plant our flag at our amazing new headquarters.
2. Officially passing 500 team members
Our team raced past 500 people in January, and is quickly approaching the next milestone, proving that we accomplish more together than we ever could apart.
3. Welcoming Jersey to the NetSPI team
As the only four-legged member of our team, Jersey supports children and families during their time at the Masonic Children’s Hospital’s Institute for the Developing Brain.
Top Educational Resources
Building a more secure world starts with education. Our top resources this year spanned from Blockchain to Attack Surface Management.
1. Offensive Security Vision Report 2023
Our top resource in 2023 was NetSPI’s Offensive Security Vision Report, a first-hand study that summarizes the top vulnerabilities by attack surface and much more.
2. 5 Blockchain Security Fundamentals Every C-Suite Needs to Know
Dive into blockchain security! This eBook shares how major companies are using distributed ledger technology (DLT) today and the importance of security planning for blockchain operations.
3. How to Use Attack Surface Management for Continuous Pentesting
Point in time testing is so 2023. In this article, we explain how the shift to proactive security is rooted in always-on monitoring of known and unknown internet-facing assets.
Technical Articles the Industry Loved
Technical articles reign supreme. 👑 Here are the top three technical articles our audience loved in 2023.
1. Abusing Entra ID Misconfigurations to Bypass MFA
Explore Entra ID with Kyle Rozendaal. While conducting an Entra Penetration Test, we discovered a simple misconfiguration in Entra ID that allowed us to bypass MFA.
2. Escalating Privileges with Azure Function Apps
Dive into privilege escalation with Karl Fosaaen. See how undocumented APIs used by the Azure Function Apps Portal menu allowed for directory traversal on the Function App containers.
3. Mistaken Identity: Extracting Managed Identity Credentials from Azure Function Apps by Karl Fosaaen
Repurposed from our DEF CON Cloud Village Talk (What the Function: A Deep Dive into Azure Function App Security), Thomas Elling and Karl Fosaaen stumbled onto an extension of the existing research in the above article, Escalating Privileges with Azure Function Apps.
Most Listened to Podcast Episodes
Our mics were on fire this year! Tune in as we revisit the top podcast episodes that sparked debates, hit on industry best practices, and left you wanting to hit “repeat” on cyber defense.
1. Episode 055: Teaching Next Gen Cybersecurity Leaders with Neil Plotnick
Gear up for the future of cyber with Agent of Influence! In this episode, NetSPI’s Field CISO and host of the podcast Nabil Hannan tackles a pivotal topic: cybersecurity education. He’s joined by Neil Plotnick, a high school educator on the front lines as they dissect modern curriculum, student attitudes towards online data, and the crucial question: how do we cultivate the next generation of cyber defenders?
2. Hack Responsibly: Riding the Azure Service Bus (Relay) into Power Platform with Scott Sutherland and Karl Fosaaen
On the inaugural episode of Hack Responsibly, we crack open the vault on Azure security with special guest, security consultant Jake Scheetz. Join the crew as they dissect Nick’s noteworthy vulnerability disclosure: a cross-tenant Azure exploit in Power Platform Connectors.
3. Leading with FUN Instead of FUD with Tim Derrickson
Hold onto your hats—fun times and security insights are ahead! Nabil hosted guest Tim Derrickson, Director of IT and Security Services at One Step Secure IT, for a discussion on dropping the tone of Fear, Uncertainty, and Doubt (FUD) and injecting some much-needed fun into the cybersecurity conversation.
Webinars that Captured Attention
These webinars rose above the noise, giving our viewers tangible insight into NetSPI’s proactive security solutions, including Breach and Attack Simulation (BAS) and Attack Surface Management (ASM).
1. Product Pulse: Demo of Breach and Attack Simulation (BAS)
Hear from Spencer McClain as he guides you through our BAS platform demo and shares some of our favorite customer success stories.
2. ASM In Action: NetSPI’s Attack Surface Management Demo
See NetSPI’s ASM platform in action as Scott Henderson walks you through its ability to improve visibility, inventory, and understanding of known and unknown assets and exposures.
3. Keeping Up with Medical Device Cybersecurity: Q&A with Product Security Leaders at Medtronic, Abbott, and MITRE
Hear from medical device security leaders as they share best practices on compliance, updatability, vulnerability management, and more in this panel discussion.
As we raise a toast to the year’s successes and lessons learned, we can’t help feeling excited about the year to come. 2024 promises to be an adventure, and NetSPI is ready to tackle the challenges in stride.
Get our best resources hand-picked for you. Want access to proactive security insights, industry takes, and a front-row seat to our 2024 game plan? Sign up for our monthly newsletter!
