Minneapolis, Minnesota – NetSPI LLC, the leader in orchestrated vulnerability management and security testing, announced today its participation at Black Hat USA 2019, Aug. 7-8 (booth #105) in Las Vegas, NV. NetSPI will present and exhibit at the conference to showcase vulnerability management and penetration testing solutions that improve an organization’s information security posture. NetSPI’s security experts will provide best practices and insights during their presentations and will also be available to meet 1:1. Schedule a session now.
Presentations at NetSPI Booth #105
Attacking Modern Environments through SQL Server with PowerUpSQL
When: Wednesday, August 7 at10:30 a.m., 1:00 p.m., and 4:30 p.m.; Thursday, August 8 at 11:00 a.m. Where: NetSPI Booth #105 Presenter: Scott Sutherland Session Summary: PowerUpSQL provides insight into the risks that misconfigured SQL Servers pose to enterprise environments. See how PowerUpSQL can be used to perform SQL Server discovery, weak configuration auditing, privilege escalation on scale, and post-exploitation actions such as Active Directory Recon and OS command execution. We’ll share an msbuild script that can be used to launch an offensive SQL Server shell with data exfiltration capabilities.
Get PowerUpSQL at https://github.com/NetSPI/PowerUpSQL/wiki
Attacking Azure Environments with MicroBurst
When: Wednesday, August 7 at 11:00 a.m., 1:30 p.m., and 5:00 p.m.; Thursday, August 8 at 10:30 a.m. Where: NetSPI Booth #105 Presenter: Karl Fosaaen Session Summary: Azure tenant misconfigurations are extremely common. See how MicroBurst can be used to perform service discovery, weak configuration auditing, privilege escalation, and other post exploitation actions such as password recovery and OS command execution. Get a preview of an update to MicroBurst.
Get MicroBurst at https://github.com/NetSPI/MicroBurst
Inveigh New Release Review
When: Wednesday, August 7 at 11:30 a.m., 2:00 p.m., and 5:30 p.m.; Thursday, August 8 at 11:30 a.m. Where: NetSPI Booth #105 Presenter: Kevin Robertson Session Summary: Learn about the new 1.5 release of Inveigh, a Windows PowerShell ADIDNS/LLMNR/mDNS/NBNS spoofer, and man-in-the-middle tool. Plus, we’ll delve into the first non-development release of InveighZero, the C# version of Inveigh. See new features, differences, and Windows post-exploitation use cases for both tools.
Get Inveigh at https://github.com/Kevin-Robertson/Inveigh
Learn more at NetSPI Booth #105
In addition to the presentations, attendees will have the opportunity to learn more about the following:
See how NetSPI’s security testing services are designed to address bandwidth, expertise gaps, and compliance needs. NetSPI provides:
Application Penetration Testing Services
Network Penetration Testing Services
Cloud Infrastructure Penetration Testing Services
NetSPI Resolve™ Threat and Vulnerability Management Software
Security Program Transformation Services
NetSPI’s penetration testing services cover everything from mobile and web apps to cloud, network, mainframe, IoT, and more. Additional strategic services include threat and vulnerability management assessments, and attack simulation services that encompasses red team, social engineering, detective controls testing, and more.
Many companies run multiple vulnerability scanners, but making sense of the data, plus manual penetration testing reports and remediation status from across a global enterprise, is a massive manual effort. Resolve™ correlates all vulnerability data across your organization into a single view, so you can find, prioritize, and fix vulnerabilities faster. With data integration, Resolve™ can also show the remediation status of identified vulnerabilities. This results in vulnerability management processes that scale for global organizations. Learn how NetSPI Resolve™ removes the risk of managing vulnerabilities in spreadsheets, and the arduous administrative tasks that cause inefficiencies. NetSPI Resolve™ reduces your risk while increasing your security testing coverage by more than fifty percent without adding additional staff.
Schedule a Security Advisory Sessions with NetSPI
Sign up for a one-on-one security advisory session or a software demo at Black Hat USA 2019.
NetSPI LLC is the leading provider of application and network security testing solutions that supports organizations in scaling and operationalizing their threat and vulnerability management programs. The solution portfolio includes penetration testing services, vulnerability management software platform, and advisory services. Trusted by seven of the top 10 United States banks, the largest global cloud providers, and many of the Fortune® 500, NetSPI has deep expertise in financial institutions, healthcare providers, retailers, and technology companies. To learn why the world’s top brands trust NetSPI, visit netspi.com or follow us on Facebook, Twitter, and LinkedIn.
PTaaS is NetSPI’s delivery model for penetration testing. It enables customers to simplify the scoping of new engagements, view their testing results in real time, orchestrate faster remediation, perform always-on continuous testing, and more - all through the Resolve™ vulnerability management and orchestration platform.
We help organizations defend against adversaries by being the best at simulating real-world, sophisticated adversaries with the products, services, and training we provide. We know how attackers think and operate, allowing us to help our customers better defend against the threats they face daily.
At NetSPI, we believe that there is simply no replacement for human-led manual deep dive testing. Our Resolve platform delivers automation to ensure our people spend time looking for the critical vulnerabilities that tools miss. We provide automated and manual testing of all aspects of an organization’s entire attack surface, including external and internal network, application, cloud, and physical security.
Our proven methodology ensures that the client experience and our findings aren’t only as good as the latest tester assigned to your project. That consistency gives our customers assurance that if vulnerabilities exist, we will find them.
Is your organization prepared for a ransomware attack? Explore our Ransomware Attack Simulation service.