NetSPI Releases Two Open-Source Tools for the Information Security Community
The tools help defense teams discover vulnerable network shares and identify adversary behaviors.
Minneapolis, MN – NetSPI, the leader in enterprise penetration testing and attack surface management, today unveiled two new open-source tools for the information security community: PowerHuntShares and PowerHunt.
These new adversary simulation tools were developed by NetSPI’s Senior Director, Scott Sutherland, to help defense, identity and access management (IAM), and security operations center (SOC) teams discover vulnerable network shares and improve detections.
- PowerHuntShares inventories, analyzes, and reports excessive privilege assigned to SMB shares on Active Directory domain joined computers. This capability helps address the risks of excessive share permissions in Active Directory environments that can lead to data exposure, privilege escalation, and ransomware attacks within enterprise environments.
- PowerHunt, a modular threat hunting framework, identifies signs of compromise based on artifacts from common MITRE ATT&CK techniques and detects anomalies and outliers specific to the target environment. PowerHunt automates the collection of artifacts at scale using PowerShell remoting and perform initial analysis. It can also output easy to consume .csv files so that additional triage and analysis can be done using other tools and processes.
“I’m proud to work for an organization that understands the importance of open-source tool development and encourages innovation through collaboration,” said Scott. “I urge the security community to check out and contribute to these tools so we can better understand our SMB share attack surfaces and improve strategies for remediation, together.”
To see PowerHuntShares in action and explore the risks of excessive share permissions, read Scott’s blog, or register for our upcoming webinar, How to Evaluate Active Directory SMB Shares at Scale. For those attending Black Hat on August 10-11, request a meeting with Scott at NetSPI booth #1687.
NetSPI’s global penetration testing team has developed several open-source tools, including popular penetration testing tools PowerUpSQL and MicroBurst. Learn more about NetSPI’s commitment to open-source tool development on the company’s tool repository.
About NetSPI
NetSPI is the leader in enterprise security testing and attack surface management, partnering with nine of the top 10 U.S. banks, three of the world’s five largest healthcare companies, the largest global cloud providers, and many of the Fortune® 500. NetSPI offers Penetration Testing as a Service (PTaaS) through its Resolve™ penetration testing and vulnerability management platform. Its experts perform deep dive manual penetration testing of application, network, and cloud attack surfaces, historically testing over one million assets to find four million unique vulnerabilities. NetSPI is headquartered in Minneapolis, MN and is a portfolio company of private equity firms Sunstone Partners, KKR, and Ten Eleven Ventures. Follow us on Facebook, Twitter, and LinkedIn.
Media Contacts:
Tori Norris, NetSPI
victoria.norris@netspi.com
(630) 258-0277
Inkhouse for NetSPI
netspi@inkhouse.com
(774) 451-5142
Explore more News
VMBlog: National Cybersecurity Awareness Month 2024: Industry Experts Share Their Thoughts
Gain insights into social engineering prevention from NetSPI Director of Social Engineering, Patrick Sayler, for Cybersecurity Awareness Month 2024.
Help Net Security: Microsoft patches two zero-days exploited in the wild
Get expert insights into Microsoft's Patch Tuesday in October 2024 from NetSPI Security Consultant, Will Bradle.
Breaking Badness: Defending Your Digital Domain: AI, Ransomware, and the Power of Reputation
Hear from NetSPI Field CISO, Nabil Hannan, as he joins the Breaking Badness podcast to discuss AI, ransomware, and the power of reputation.