Hack Responsibly

Browse Hack Responsibly, a technical blog by The NetSPI Agents. Dive deep into the latest CVEs and vulnerabilities our team uncovers, and how we help NetSPI customers protect against the most important threats today.

Hardware and Embedded Systems Penetration Testing

Practical Methods for Decapping Chips

Discover the intricate process of chip decapping, exposing secrets stored within snuggly layers of industrial epoxy, sleeping in beds of silicon.

Learn More
Cloud Pentesting

Hijacking Azure Machine Learning Notebooks (via Storage Accounts)

Abusing Storage Account Permissions to attack Azure Machine Learning notebooks

Learn More
Web Application Pentesting

Exploiting Second Order SQL Injection with Stored Procedures

Learn how to detect and exploit second-order SQL injection vulnerabilities using Out-of-Band (OOB) techniques, including leveraging DNS requests for data extraction.

Learn More
Web Application Pentesting

From Informational to Critical: Chaining & Elevating Web Vulnerabilities

Learn about administrative access and Remote Code Execution (RCE) exploitation from a recent Web Application Pentest.

Learn More
Network Pentesting

Hunting SMB Shares, Again! Charts, Graphs, Passwords & LLM Magic for PowerHuntShares 2.0

Learn how to identify, understand, attack, and remediate SMB shares configured with excessive privilege in active directory environments with the help of new charts, graphs, and LLM capabilities.

Learn More
Cloud Pentesting

Filling up the DagBag: Privilege Escalation in Google Cloud Composer

Learn how attackers can escalate privileges in Cloud Composer by exploiting the dedicated Cloud Storage Bucket and the risks of default configurations.

Learn More
Mainframe Penetration Testing

Hacking CICS: 7 Ways to Defeat Mainframe Applications

Explore how modern penetration testing tools uncover vulnerabilities in mainframe applications, highlighting the need for methodical techniques and regular testing to protect these critical systems from threats.

Learn More
Cloud Pentesting

Backdooring Azure Automation Account Packages and Runtime Environments 

Azure Automation Accounts can allow an attacker to persist in the associated packages that support runbooks. Learn how attackers can maintain access to an Automation Account.

Learn More
Mainframe Penetration Testing

Mapping Mainframe Memory Made Easy

Explore how NetSPI’s own LPAR enhances pentesting efficiency through rapid tool prototyping and deployment.

Learn More
Network Pentesting

Hijacking SQL Server Credentials using Agent Jobs for Domain Privilege Escalation 

Learn how threat actors can exploit SQL Server credential objects to escalate domain privileges and how you can detect it.

Learn More
Web Application Pentesting

CVE-2024-37888 – CKEditor 4 Open Link plugin XSS

NetSPI discovered CVE-2024-37888, a cross-site scripting (XSS) vulnerability in the CKEditor 4 Open Link plugin. Read about the nature of the vulnerability and its implications.

Learn More
Cloud Pentesting

An Introduction to GCPwn – Parts 2 and 3

Example exploit path using GCPwn covering enumeration, brute forcing secrets manager versions, and downloading data from cloud storage both through default enum_buckets and with HMAC keys.

Learn More