Security tools for everyone. Built by penetration testers for penetration testers.
NetSPI Hall of Fame
CVEs, Vulnerability Research, and Presentations
Most of the vulnerabilities we find we can’t release publicly. However, here are some of the notable CVEs and vulnerability research we’ve responsibly disclosed or presented on.
- Karl Fosaaen, Escalating Privileges with Azure Function Apps
- Patrick Sayler, Bypassing Mimecast URL and File Inspection
- Nick Landers, Elevating Kerberos to the Next Level, Black Hat USA 2022
- Karl Fosaaen, Exploiting azure automation accounts, Azure Cloud Security Meetup 2022
- Karl Fosaaen, CVE-2021-42306: CredManifest: App Registration Certificates Stored in Azure Active Directory
- Karl Fosaaen, Extracting all the Azure Passwords, DEF CON 29 Cloud Village
- Karl Fosaaen, An Introduction to Azure Offensive Security, fwd:cloudsec
- Jake Karnes, CVE-2020-17049: Kerberos Bronze Bit Attack
- Scott Sutherland, SQL Server Hacking Tips for Active Directory Environments, Troopers20
- Nick Landers, Flying a False Flag: Advanced C2, Trust Conflicts, and Domain Takeover, Black Hat USA 2019
- Karl Fosaaen, Adventures in Azure Privilege Escalation, DerbyCon 2019
- Nick Landers, CVE-2019-10617: AtherosSvc Registry LPE
- Karl Fosaaen, CVE-2019-0962: Azure Automation Elevation of Privilege Vulnerability
- Nick Landers, The answer to life the universe and everything offensive security, DerbyCon 2019
- Scott Sutherland, PowerUpSQL – Arsenal Presentation, Black Hat 2018
- Karl Fosaaen, Attacking Azure Environments with PowerShell, BSides Portland 2018
- Kevin Robertson, CVE-2018-8320: ADIDNS Revisited – WPAD, GQBL, and More
200+ Trained & Certified Global Pentesters
Penetration Testing Training Courses: Dark Side Ops
Learn from the best in penetration testing and adversary simulation. Check out our two-day courses on malware development, adversary simulation, and Azure cloud pentesting.