Meet Your Penetration Testing Team
We find critical vulnerabilities that tools and other pentesting companies miss.
Open-Source Tools
Security tools for everyone. Built by penetration testers for penetration testers.
NetSPI Hall of Fame
CVEs, Vulnerability Research, and Presentations
Most of the vulnerabilities we find we can’t release publicly. However, here are some of the notable CVEs and vulnerability research we’ve responsibly disclosed or presented on.
- Kyle Rozendaal, Abusing Entra ID Misconfigurations to Bypass MFA
- Nick Landers, Riding the Azure Service Bus (Relay) into Power Platform
- Karl Fosaaen, Escalating Privileges with Azure Function Apps
- Patrick Sayler, Bypassing Mimecast URL and File Inspection
- Nick Landers, Elevating Kerberos to the Next Level, Black Hat USA 2022
- Karl Fosaaen, Exploiting azure automation accounts, Azure Cloud Security Meetup 2022
- Karl Fosaaen, CVE-2021-42306: CredManifest: App Registration Certificates Stored in Azure Active Directory
- Karl Fosaaen, Extracting all the Azure Passwords, DEF CON 29 Cloud Village
- Karl Fosaaen, An Introduction to Azure Offensive Security, fwd:cloudsec
- Jake Karnes, CVE-2020-17049: Kerberos Bronze Bit Attack
- Scott Sutherland, SQL Server Hacking Tips for Active Directory Environments, Troopers20
- Nick Landers, Flying a False Flag: Advanced C2, Trust Conflicts, and Domain Takeover, Black Hat USA 2019
- Karl Fosaaen, Adventures in Azure Privilege Escalation, DerbyCon 2019
- Nick Landers, CVE-2019-10617: AtherosSvc Registry LPE
- Karl Fosaaen, CVE-2019-0962: Azure Automation Elevation of Privilege Vulnerability
- Nick Landers, The answer to life the universe and everything offensive security, DerbyCon 2019
- Scott Sutherland, PowerUpSQL – Arsenal Presentation, Black Hat 2018
- Karl Fosaaen, Attacking Azure Environments with PowerShell, BSides Portland 2018
- Kevin Robertson, CVE-2018-8320: ADIDNS Revisited – WPAD, GQBL, and More
200+ Trained & Certified Global Pentesters
Leading the Charge in Offensive Security
Cody Wass
VP, Services
Karl Fosaaen
VP, Research
Scott Sutherland
VP, Research
Giles Inkson
Director, Services – EMEA
Sam Kirkman
Director, EMEA
Rich Wolferd
Director, Red Team
Eric Gruber
Director, Attack Surface Management
Antti Rantasaari
Sr. Director, Application Security
Andy Acer
Director, Mobile Application
Andre Joseph
Director, Thick App Pentesting
Paul Ryan
Director, Web Application
Paroksh Sharma
Director, Secure Code Review
Thomas Elling
Director, Cloud Pentesting
Josh Weber
Director, Network Pentesting
Larry Trowell
Director, IoT and Embedded Pentesting
Patrick Sayler
Director, Social Engineering
Philip Young
Director, Mainframe
