NetSpi Executives

JANUARY 30, 2024

Proven Reputation and Third-Party Validation Vendors new to the attack surface management space may not have enough experience tailoring their platform for greater business needs. Gartner shared the following about NetSPI in the report: NetSPI differentiates by combining its ASM capability with its human pentesting expertise.

Technology 52

Technology Penetration Testing Risk Internet 52

NetSpi Executives

DECEMBER 28, 2023

Buckle up, rewind, and get ready for NetSPI’s reveal! View this post on Instagram A post shared by NetSPI (@teamnetspi) 3. View this post on Instagram A post shared by NetSPI (@teamnetspi) 3. Before we dive into the new year, we’re taking a moment to reflect on 2023—a year that passed by in a blur of milestones and moments.

Education 93

Education Penetration Testing CISO Cybersecurity 93

NetSpi Executives

MARCH 5, 2024

The technology creates a comprehensive view of a company’s external assets by mapping the internet-facing attack surface to provide better insight into changes and where to focus the attention of security teams. 1 What is External Attack Surface Management? In fact, 67% of organizations have seen their attack surfaces expand in the last two years.

Penetration Testing 64

Penetration Testing Technology Marketing Mobile 64

NetSpi Executives

MARCH 19, 2024

Pairing vulnerability scanners with attack surface management (ASM) gives security teams high-fidelity analysis and prioritization of assets and exposures, while limiting noise and false positives commonly associated with technology-only platforms. That’s where NetSPI ASM comes in.

Penetration Testing 40

Penetration Testing DNS Technology Internet 40

NetSpi Executives

NOVEMBER 14, 2023

Quality vendors extend their reporting beyond a simple PDF and into custom software, such as NetSPI’s Resolve , that aids ongoing vulnerability management. Use this article and the penetration testing report examples below to make sure reports you receive speak to prioritized findings backed up with sound methodology.

Penetration Testing 102

Penetration Testing Architecture Security Performance Risk 102

NetSpi Executives

MARCH 5, 2024

The technology creates a comprehensive view of a company’s external assets by mapping the internet-facing attack surface to provide better insight into changes and where to focus the attention of security teams. 1 What is External Attack Surface Management? In fact, 67% of organizations have seen their attack surfaces expand in the last two years.

Penetration Testing 40

Penetration Testing Technology Marketing Mobile 40

NetSpi Executives

MARCH 26, 2024

NetSPI was the only US-based proactive security consulting firm present, and I found myself engaged in multiple conversations on mainframe security as it relates to new integrations with data lakes, analytics platform, blockchain, and AI. I also learned so much at both talks given by Philip Young, NetSPI’s Mainframe Director.

Penetration Testing 59

Penetration Testing Encryption Insurance Healthcare 59

NetSpi Executives

MARCH 26, 2024

NetSPI was the only US-based proactive security consulting firm present, and I found myself engaged in multiple conversations on mainframe security as it relates to new integrations with data lakes, analytics platform, blockchain, and AI. I also learned so much at both talks given by Philip Young, NetSPI’s Mainframe Director.

Penetration Testing 52

Penetration Testing Encryption Insurance Healthcare 52

NetSpi Executives

SEPTEMBER 28, 2023

NetSPI joined in with the launch of AI Penetration Testing to help teams bring their AI/ML implementations to market while staying confident in the security of their creations. Meet the Contributors This roundup includes contributions from NetSPI Partners and NetSPI’s Managing Director, Phil Morris. Read our show recap here.

Cybersecurity 64

Cybersecurity Artificial Intelligence Risk Technology 64

NetSpi Executives

SEPTEMBER 26, 2023

At Black Hat, NetSPI VP of Research Karl Fosaaen sat down with the host of the Cloud Security Podcast Ashish Rajan to discuss all things Azure penetration testing. Each cloud provider has its own identity platforms, so working within the platforms will be inherently different. Is cloud pentesting just configuration review?

Penetration Testing 59

Penetration Testing Cyber threats Internet Internet 59

NetSpi Executives

OCTOBER 31, 2023

It’s time to go back to the basics, and revisit the most common vulnerabilities across attack surfaces according to NetSPI’s 2023 Offensive Security Vision Report. For a more comprehensive look at the most common vulnerabilities, access NetSPI’s 2023 Offensive Security Vision Report. million scam during a phishing attack.

Mobile 97

Mobile Penetration Testing Social Engineering Authentication 97

NetSpi Executives

OCTOBER 24, 2023

NetSPI is proud to be recognized among industry peers as a Cybersecurity Awareness Month Champion Organization. Don’t be afraid of social engineering attacks this Cybersecurity Awareness Month! Use the four tactics in this article to defend against them. But the mission never ends.

Social Engineering 59

Social Engineering Engineering Cybersecurity Passwords 59

NetSpi Executives

OCTOBER 13, 2023

As NetSPI’s Field CISO Nabil Hannan put it, “It seems to me like the bigger challenge in this particular scenario is that organizations struggle to have an up-to-date asset inventory. In the words of NetSPI’s Research Engineer Isaac Clayton, “Patch early, patch often.” Who’s Impacted? of all websites.

DDOS 52

DDOS CISO Engineering Technology 52

NetSpi Technical

MARCH 11, 2024

In 2023 NetSPI discovered that Microsoft Outlook was vulnerable to authenticated remote code execution (RCE) via synced form objects. This blog will cover how we discovered CVE-2024-21378 and weaponized it by modifying Ruler , an Outlook penetration testing tool published by SensePost.

Authentication 52

Authentication Penetration Testing Technology Phishing 52

NetSpi Executives

APRIL 27, 2024

How penetration testing is done How to choose a penetration testing company How NetSPI can help Penetration testing enables IT security teams to demonstrate and improve security in networks, applications, the cloud, hosts, and physical locations. Table of Contents What is penetration testing?

Penetration Testing 52

Penetration Testing Social Engineering Software Wireless 52

NetSpi Technical

MARCH 11, 2024

In 2023 NetSPI discovered that Microsoft Outlook was vulnerable to authenticated remote code execution (RCE) via synced form objects. This blog will cover how we discovered CVE-2024-21378 and weaponized it by modifying Ruler , an Outlook penetration testing tool published by SensePost. You can also have multiple files written to disk.

Authentication 145

Authentication Penetration Testing Technology Phishing 145

NetSpi Executives

DECEMBER 19, 2023

NetSPI Partners bring a fresh perspective to the lofty goal of simplifying detection and response outcomes by weighing in on the long-term effects of complexity, discussing when to optimize versus invest in technology, and explaining how automation can ease workflows and enhance efficiency in detecting, investigating, and responding to threats.

CISO 105

CISO Technology Engineering Artificial Intelligence 105

NetSpi Technical

FEBRUARY 26, 2024

For those who aren’t familiar, HTML Smuggling is a technique which hides a blob inside a traditional HTML page. The aim is to bypass traditional detections for file downloads on the wire, such as a HTTP(S) GET request to an external domain for /maliciousmacro.doc. Smuggle.html contains a secret blob, such as a base64 string of the payload.

Encryption 121

Encryption Internet Internet Malware 121

NetSpi Technical

JULY 13, 2023

If a user receives 3 strikes, then they are blocked from the platform. While completely preventing scraping is likely impossible, implementing a defense in depth strategy can significantly increase the time and effort required to scrape an application. The first major change is that rate limiting has been enforced throughout the application.

Accountability 52

Accountability Authentication Passwords VPN 52

NetSpi Technical

FEBRUARY 26, 2024

For those who aren’t familiar, HTML Smuggling is a technique which hides a blob inside a traditional HTML page. The aim is to bypass traditional detections for file downloads on the wire, such as a HTTP(S) GET request to an external domain for /maliciousmacro.doc. Smuggle.html contains a secret blob, such as a base64 string of the payload.

Encryption 52

Encryption Internet Internet Malware 52

NetSpi Executives

APRIL 27, 2024

Ransomware trends Ransomware prevention Ransomware detection Ransomware simulation Ransomware security terms How NetSPI can help What is ransomware? Table of Contents What is ransomware? In this section, you learn what is ransomware, how it fuels criminal activity, how ransomware works, and how to stop ransomware. How does ransomware work?

Ransomware 52

Ransomware Cyber Insurance Backups Insurance 52

SecureList

MAY 4, 2022

Along with the aforementioned custom modules and techniques, several commercial pentesting tools like Cobalt Strike and NetSPI (ex-SilentBreak) are used. In February 2022 we observed the technique of putting the shellcode into Windows event logs for the first time “in the wild” during the malicious campaign. The infection chain.

Malware 137

Malware Encryption Architecture Technology 137

NetSpi Technical

JUNE 29, 2023

Introduction and Motivations for Scraping Scraping usually refers to the practice of utilizing automation to extract data from web applications. Anti-Scraping refers to the set of tactics, techniques, and procedures intended to make scraping as difficult as possible. All the users and data shown in the application were randomly generated.

Passwords 52

Passwords Accountability Authentication Media 52

NetSpi Technical

APRIL 20, 2023

The Ethereum Virtual Machine (EVM) functions as the sandboxed compatibility layer used by the thousands of nodes that constitute the Ethereum distributed state machine, ensuring that smart contracts are executed deterministically in a platform-independent environment. In this post, we will look at the inner workings of the EVM in detail.

Penetration Testing 52

Penetration Testing Accountability Cryptocurrency Architecture 52

SecureList

JULY 28, 2022

The complex, modular cyber-espionage platform rivals EquationDrug , Remsec, and Regin in complexity. SBZ probably refers to STRAITBIZZARE, a cyber-espionage platform used by the Equation Group. They are designed to highlight the significant events and findings that we feel people should be aware of. The most remarkable findings.

Malware 132

Malware Firmware Phishing Cryptocurrency 132