Research Blog

Welcome to our cybersecurity research blog where we uncover how malicious actors exploit weaknesses in systems, while going beyond the technical aspects and examining real-world perspectives across various industries.

Here you’ll find extensive research and insight from the well-known Horizon3.ai attack team, intuitive perspectives on everything security, and real-world attack path short stories that come directly from discoveries made by NodeZero.



Showing 1–6 of 134 results

Fireside Chat: Horizon3.ai and JTI Cybersecurity

Horizon3.ai Principal Security SME Stephen Gates and JTI Cybersecurity Principal Consultant Jon Isaacson discuss: - What JTI does to validate things like access control, data loss prevention, ransomware protection, and intrusion detection approaches. - How #pentesting and red team exercises allow orgs to validate the effectiveness of their security controls. - Why offensive operations work best to discover and mitigate...
Read More

CVE-2023-48788: Fortinet FortiClient EMS SQL Injection Deep Dive

Introduction In a recent PSIRT, Fortinet acknowledged CVE-2023-48788 – a SQL injection in FortiClient EMS that can lead to remote code execution. FortiClient EMS is an endpoint management solution for enterprises that provides a central location for administering enrolled endpoints. This SQL injection vulnerability is caused by user controlled strings that are passed directly into database queries. In this post...
Read More

Fireside Chat: Horizon3.ai and Intuitus

Horizon3.ai Principal Security SME Stephen Gates and Intuitus Chief Technology Officer Brian Beckwith discuss: - The greatest cyber threats to PSAP/911 services in municipalities across the US . - Where attackers are focusing their efforts that could result in ransom-based demands. - How Intuitus is taking a proactive approach to discover critical issues for their customers.
Read More