Explore the Minds of The NetSPI Agents
Advance your proactive security knowledge by learning from some of the brightest people in cybersecurity. Our executive blog gives perspective on industry trends, while Hack Responsibly dives deep into the latest CVEs and tactical approaches our team takes. Take your pick!
Our Favorite Picks
CVE-2024-21378 — Remote Code Execution in Microsoft Outlook
Learn how NetSPI discovered that Microsoft Outlook was vulnerable to authenticated remote code execution (RCE) via synced form objects.
15 Ways to Bypass the PowerShell Execution Policy
NetSPI security expert Scott Sutherland covers 15 ways to bypass the PowerShell execution policy without having local administrator rights on the system.
How to Use Attack Surface Management for Continuous Pentesting
Uncover attack surfaces and exposures with NetSPI’s offensive security including Attack Surface Management (ASM) to enable continuous pentesting.
CVE-2025-23009 & CVE-2025-23010: Elevating Privileges with SonicWall NetExtender
NetSPI discovered multiple arbitrary SYSTEM file delete vulnerabilities in SonicWall NetExtender for Windows. Learn how NetSPI discovered and leveraged these for local privilege escalation.
Should I Stay or Should I Go: Why Partnering with a Trusted PTaaS Vendor YoY Brings Success
Discover why long-term partnerships with penetration testing vendors offer greater efficiency, deeper risk insights, and better security outcomes than frequent switching.
Shift Left Security: Integrating Pentesting Early in Development
Discover how to integrate penetration testing into a shift left security strategy, enhancing application security early in the development lifecycle.
Validating Azure Cloud Security with Breach and Attack Simulation as a Service
NetSPI’s Breach and Attack Simulation as a Service offers focused simulation tests for Azure users to validate your cloud security capabilities.
Getting Shells at Terminal Velocity with Wopper
This article introduces Wopper – a new NetSPI tool that creates self-deleting PHP files and automates code execution on WordPress using administrator credentials.
CVE-2025-21299 and CVE-2025-29809: Unguarding Microsoft Credential Guard
Learn more about the January 2025 Patch Tuesday that addresses a critical vulnerability where Kerberos canonicalization flaws allow attackers to bypass Virtualization Based Security and extract protected TGTs from Windows systems.
CVE-2025-27590 – Oxidized Web: Local File Overwrite to Remote Code Execution
Learn about a critical security vulnerability (CVE-2025-27590) in Oxidized Web v0.14 that allows attackers to overwrite local files and execute remote code execution.
Is It Worth It? Let Me Work It: Calculating the Cost Savings of Proactive Security
Discover the cost savings of proactive security solutions to support your shift from traditional vulnerability management to a risk-based approach to exposure management.
A Not So Comprehensive Guide to Securing Your Salesforce Organization
Explore key background knowledge on authorization issues and common bad practices developers may unintentionally introduce in Salesforce Orgs.
Let’s Talk Cybersecurity on the Agent of Influence Podcast
Ready to contribute to meaningful conversations in cybersecurity? Join Agent of Influence with Nabil Hannan, NetSPI Field CISO and podcast host.
NetSPI’s Take on Exposure Management: Our Highlights from Gartner® Hype Cycle™ for Security Operations, 2024
Learn NetSPI’s key takeaways from Gartner® Hype Cycle™ for Security Operations, 2024
Internal vs. External Penetration Testing: What You Need to Know
Internal and external penetration testing are critical components of a holistic security testing program. Learn the differences and use cases of each type.