NetSPI

6.5K posts

NetSPI banner
NetSPI

NetSPI

@NetSPI

The Proactive Security Solution | Securing the most trusted brands on Earth #PenetrationTesting #proactivesecurity

Minneapolis, MN Katılım Şubat 2009
536 Takip Edilen4.1K Takipçiler
NetSPI
NetSPI@NetSPI·
Thousands of AI-generated findings won't tell you what risks are real. Our new Continuous AI Findings Validation service does. Experts verify severity and cut the noise so your team acts on what matters. Read more: ow.ly/zvOJ50Zloun #ContinuousTesting #PTaaS
NetSPI tweet media
English
0
0
0
137
NetSPI
NetSPI@NetSPI·
We're expanding our continuous pentesting platform to include: Continuous Web App Testing, Continuous AI Testing, Continuous Internal Testing, and Continuous AI Findings Validation. More visibility. Less noise. Read more: ow.ly/lP2b50ZlouG #ContinuousTesting #PTaaS
NetSPI tweet media
English
0
0
0
127
NetSPI
NetSPI@NetSPI·
See you at TROOPERS26 on June 25 at 2:15pm in Track 2! NetSPI’s @kfosaaen and Thomas Elling will present: Modern Adventures in Azure Privilege Escalation. Don’t miss the talk to get an overview of Azure attack paths. Learn more: ow.ly/vYoH50Z8RA8
NetSPI tweet media
English
0
0
4
623
NetSPI
NetSPI@NetSPI·
In his latest research, NetSPI's Thomas Byrne breaks down how Nested App Authentication (NAA) flows can be abused to bypass Microsoft Entra Conditional Access Policies entirely using the authentication flow working exactly as designed. Read more: ow.ly/TWtx50ZffNj
NetSPI tweet media
English
0
3
18
7.4K
NetSPI
NetSPI@NetSPI·
NetSPI's Karl Fosaaen & Thomas Elling are taking the stage at #TROOPERS26. Topic: Modern Adventures in Azure Privilege Escalation Initial access. Escalation. Lateral movement. Persistence. And a new resource for exploiting Azure attack paths: ow.ly/B0t050Z8RxM
NetSPI tweet media
English
1
1
1
432
NetSPI
NetSPI@NetSPI·
Journalist pretext + ProtonMail + Evilginx AITM = C-suite exec forwarding your phish to two vendors. Rafael Seferyan, Principal Tech Lead at NetSPI wrote a blog detailing the whole thing: ow.ly/o3At50Ze190
NetSPI tweet media
English
0
1
3
283
NetSPI
NetSPI@NetSPI·
PATCH NOW! CVE-2026-20253 Splunk Enterprise Unauthenticated Arbitrary File Operations / RCE. This vulnerability allows any network-reachable attacker to create or overwrite files on the server without credentials. Immediate action is necessary: ow.ly/ijNi50ZbY5n
NetSPI tweet media
English
1
8
15
2.4K
NetSPI
NetSPI@NetSPI·
MFA was a strong control in the environment. It was also the key to breaking it. Legacy NIS + Duo Auth Proxy + a RADIUS shared secret = full domain compromise. New technical blog walks the full attack chain from unauthenticated Apache NiFi RCE to DCSync: ow.ly/1qCO50Z92mM
NetSPI tweet media
English
0
4
5
595
NetSPI
NetSPI@NetSPI·
NetSPI Labs Researcher, @WebbinRoot, talks today at 11:40am PT. Live stream his session on OCInferno, an enumeration and graphing framework using OpenGraph for BloodHound-style attack path analysis: lnkd.in/gAcBvNCf
fwd:cloudsec@fwdcloudsec

Tomorrow (June 1) is fwd:cloudsec North America! If you can't be there, watch the live stream: Day 1, Room 1: youtube.com/live/w4FxLj4Bm… Day 1, Room 2: youtube.com/live/o5xM78udB… Day 2, Room 1: youtube.com/live/cw4O7wJsv… Day 2, Room 2: youtube.com/live/EM5SzIjOg…

English
0
1
0
225
NetSPI
NetSPI@NetSPI·
Employees are trained to be skeptical of suspicious emails, but physical phishing vectors are a blind spot. Attackers are getting creative. See how a fortune cookie in a breakroom led to harvested employee credentials: ow.ly/ICJ250Z4PE0
English
0
1
3
466
NetSPI
NetSPI@NetSPI·
Your external attack surface changes every time you deploy something new. Attackers notice. NetSPI's continuous external pentesting identifies and validates real risk across your internet-facing assets as they change, not months later: ow.ly/uNMQ50Z1aL1
NetSPI tweet media
English
0
0
0
132
NetSPI
NetSPI@NetSPI·
Critical Drupal + PostgreSQL SQL injection critical vulnerability. Unauthenticated attackers can run arbitrary SQL queries, leading to full database compromise or RCE. Actively exploited in the wild. Patch now. ow.ly/NuyZ50Z4sCw #Drupal #CVE #proactivesecurity #PatchNow
NetSPI tweet media
English
0
1
0
272
NetSPI
NetSPI@NetSPI·
Finding vulnerabilities is only half the battle. Getting them to the right team fast enough is where most programs break down. NetSPI's agentic MCP integrations automate that handoff, no manual data entry required. Learn more: ow.ly/3aik50Z1aHr
NetSPI tweet media
English
0
0
0
124
NetSPI
NetSPI@NetSPI·
UEFI flaws hide before your OS even loads. NetSPI's Larry 'Patch' Trowell built a blueprint for finding them without physical hardware. Read more: ow.ly/nzg250Z2Rfr
NetSPI tweet media
English
0
1
2
233
NetSPI
NetSPI@NetSPI·
New Hack Responsibly podcast episode 🎧 @kfosaaen talks to James Albany. Topics: continuous testing, AI in pentesting, overlooked attack surfaces, and breaking into a data center with a credit card. Listen here: ow.ly/jQzZ50Z2Gtb #podcast #hackresponsibly
NetSPI tweet media
English
0
0
3
145
NetSPI
NetSPI@NetSPI·
Cloud misconfigurations don't wait for your next scheduled test. Neither should your security program. NetSPI's continuous cloud pentesting catches excessive permissions, exposed services, and misconfigurations as they emerge: ow.ly/rLsE50Z1aCa #CloudSecurity #Pentesting
NetSPI tweet media
English
0
1
1
121
NetSPI
NetSPI@NetSPI·
Automation creates noise. Point-in-time testing leaves gaps. The answer is continuous, human-validated security testing. NetSPI's Continuous Pentesting finds and validates real risk as your environment changes. Read more: ow.ly/FYCZ50YY9Es
NetSPI tweet media
English
0
1
1
133