Visit NetSPI at Black Hat USA 2025

Find Us at Black Hat USA 2025! 🔥

When:

August 6-7, 2025

Where:

Booth #5230
Mandalay Bay Convention Center
Las Vegas, Nevada

Ready to Spice Up Your Security Game?

Stop by our booth and discover why proactive beats reactive every time. We’re bringing the heat to Vegas with exclusive swag, live demos, and our secret weapon for staying ahead of threats.

Find Us on the Map

🎤 Hear from Our Security Experts

Hunt or Be Hunted: Moving from Reactive Defense to Proactive Threat & Exposure Management

When: Wednesday, August 6, 1:30-1:50 pm PT
Theatre: Business Hall Theatre D

Scott Sutherland
VP of Research

Jake Karnes
Senior Technical Architect

Today’s defenders are in a race where the attackers set the pace. While you’re managing alerts and patch cycles, adversaries are continuously looking for openings and leveraging automation and AI to move faster than ever. Threat actors and ransomware groups exploit known vulnerabilities within hours of them appearing on your attack surface. Without a proactive approach to attack surface and vulnerability management, organizations face growing risk.

More Information

Reactive models can’t keep up with an expanding digital footprint and increasingly sophisticated threats. It’s time for a proactive approach that provides continuous visibility into your networks, systems, applications, AI deployments, and supply chain providers so that you can address exposures as they occur.

This talk explores how to shift from passive defense to Continuous Threat & Exposure Management (CTEM), blending deep-dive pentesting with continuous coverage to uncover, assess, and prioritize remediation of exposures before attackers do.

Key takeaways:
• Why traditional security approaches are failing
• How threat actors exploit common vulnerabilities at scale
• Why we need deep testing and continuous attack surface coverage
• How to implement CTEM and stay ahead of the threat

Ready to stop playing their game and start playing yours?

Unix Underworld: Tales from the Dark Side of z/OS

When: Wednesday, August 6, 11:20 am-12:00 pm PT
Location: Jasmine A & E, Level 3
Tracks: Platform Security, Exploit Development & Vulnerability Discovery

Philip Young
Director Mainframe Penetration Testing, NetSPI

Chad Rikansrud
Software Security Researcher, Broadcom

You may have heard tales of mainframe pentesting and exploitation before – mostly from us! Those stories often focused on the MVS/ISPF side of the IBM z/OS. But did you know that all those same tricks (and more!) can be pulled off in z/OS Unix System Services (OMVS) as well? I bet you didn’t even know z/OS had a UNIX side!

More Information

Over the years, we’ve discovered multiple unique attack paths when it comes to Unix on the mainframe. In this talk, we’ll present live demos of real-world scenarios we’ve encountered during mainframe penetration tests. These examples will showcase what can happen with poor file hygiene leading to database compromises, inadequate file permissions enabling privilege escalation, a lack of ESM resource understanding allowing for privileged command execution, and how dataset protection won’t save you from these attacks. We’ll also be demonstrating what can happen when we overflow the buffer in an APF authorized dataset.

Attendees will learn how to test these controls themselves using freely available open-source tools and how to (partially) detect these attacks. While privesc in UNIX isn’t game over for your mainframe, it’s pretty close. By the end, it will be clear that simply granting superuser access to Unix can be just as dangerous, if not more so, than giving access to TSO on the mainframe.

🎯 See The NetSPI Platform in Action

Activate Proactive Security That Actually Works

Tired of playing cybersecurity whack-a-mole? The NetSPI Platform tackles your biggest headaches: knowing what you have, what’s broken, and what to fix first.

What you’ll see:

Dynamic asset inventory that actually stays current
Smart prioritization that cuts through the noise
Seamless integrations that work with your existing workflow
Real acceleration from discovery to remediation

🔥 Booth Exclusives – Get Yours!

NetSPI T-Shirts 👕

Classic swag for the cybersecurity professional who knows good gear.

Secret Sauce Hot Sauce 🌶️

Demo our platform and score our legendary NetSPI hot sauce! Because our advantage is our secret sauce:

300+ Global Security Experts
Intelligent Processes
Advanced Technology

CTEM for Dummies Book 📚

Your Guide to Proactive Threat Exposure Management

Stop by Booth #5230 to pick up your exclusive CTEM for Dummies Book. Struggling to keep up with cyber threats? This simplified guide breaks Continuous Threat Exposure Management into a tactical approach that actually makes sense.

“By 2026, organizations that prioritize their security investments based on a continuous exposure management program will be 3x less likely to suffer a breach.”

Get your copy and discover how to advance your team’s cybersecurity approach with confidence.

Check It Out Now

Ready to Level Up Your Security?

Find us at Booth #5230

Learn More

NetSPI Labs

Gut Check: Are You Getting the Most Value out of Your Penetration Testing Report?

Chubb partners with NetSPI to bring attack surface management to its policyholders

Partner with NetSPI

Black Hat USA

August 6, 2025 - August 7, 2025 | Las Vegas