Explore the Minds of The NetSPI Agents

Advance your proactive security knowledge by learning from some of the brightest people in cybersecurity. Our executive blog gives perspective on industry trends, while Hack Responsibly dives deep into the latest CVEs and tactical approaches our team takes. Take your pick!

Network Pentesting

ADPathFinder: OpenGraph Attack Path Mapping in BloodHound CE

ADPathFinder unifies SharpHound data with OpenGraph collectors like MSSQLHound and ConfigManBearPig. Discover how this tool maps complex, cross-dataset privilege escalation paths across AD, ADCS, MSSQL, and SCCM, and brings vital graph context to your password audits.

Learn More
NetSPI Updates

Confidence Over Noise: Introducing Continuous AI Findings Validation

NetSPI’s Continuous AI Findings Validation service applies expert human judgment to AI-generated security findings, eliminating false positives and verifying severity so security teams can trust, prioritize, and act with confidence instead of chasing noise.

Learn More
Cloud Pentesting

Bypassing Microsoft Entra Conditional Access Policies via Nested App Authentication

Discover how attackers bypassed Microsoft Entra Conditional Access Policies using Nested App Authentication (NAA) flows in this technical vulnerability breakdown.

Learn More
Social Engineering

I’m Just Asking Questions: Social Engineering as a Reporter 

Dive into this real-world social engineering assessment where a fake anonymous tip and an adversary-in-the-middle framework tested the limits of an organization’s security policies.

Learn More
CISO Perspectives

Beyond the Hype: What Regulated Industries Need to Know Before Trusting AI Security Tooling

AI security tools can build an attack, but enterprise security teams in regulated industries need consistency, auditability, and predictable costs before they can trust one. Learn why the surrounding infrastructure is where most AI security vendors are still falling short.

Learn More
Critical Vulnerability

Splunk Enterprise Unauthenticated Arbitrary File Operations/RCE (CVE-2026-20253): Overview and Takeaways

Splunk disclosed CVE-2026-20253 on June 10, 2026, affecting Splunk Enterprise versions in the 10.0.x and 10.2.x branches. The flaw stems from a PostgreSQL sidecar service endpoint that completely lacks authentication controls (CWE-306), allowing any network-reachable attacker to invoke arbitrary file creation or truncation operations without credentials.

Learn More
Network Pentesting

Legacy Meets Modern: Breaking AD Through NIS & MFA Infrastructure

Walk through the path of an internal network test: from a constrained foothold to full domain compromise, and how an overlooked integration point became the weakest link.

Learn More
Social Engineering

Phishing with Misfortune Cookies 

Phishing is about creativity. The less likely your target is to think about a link being potentially malicious, the more likely you are to have success. Read how our creative Social Engineering experts ruined free cookies in the break room.

Learn More
Critical Vulnerability

CVE-2026-9082 Drupal Core PostgreSQL SQL Injection Overview and Takeaways

A critical vulnerability in Drupal Core, tracked as CVE-2026-9082, affects Drupal deployments using a PostgreSQL database. The issue allows unauthenticated attackers to perform arbitrary SQL queries via crafted JSON:API or search queries. Successful exploitation may result in full database compromise or remote code execution.

Learn More
Hardware Penetration Testing

Emulating & Exploiting UEFI: Unveiling Vulnerabilities in Firmware Security

Explore the intricacies of UEFI security with exploration into emulation, dynamic analysis, and the LogoFail vulnerability. Learn how subtle input manipulations can expose critical firmware weaknesses.

Learn More
Penetration Testing

Scaling Security with Modern PTaaS: Gartner Report Insights

Discover Gartner® 2025 insights on how PTaaS scales security with continuous validation, automation, and real-time remediation, and how NetSPI can help.

Learn More
NetSPI Updates

Why Continuous Testing is the New Standard for Modern Security

NetSPI’s continuous pentesting delivers regular, tailored assessments across critical assets, customized to your organization’s risk profile and operational cadence to ensure coverage where it matters most. These services are delivered through NetSPI’s leading PTaaS platform using existing workflows.

Learn More