Contact Horizon3.ai

Horizon3.ai’s mission is to help you find and fix attack vectors before attackers can exploit them. Contact us now for a quote or if you have any questions.

Looking for more H3 content?

Tech Talk: An Attacker's Journey - Becoming an Ethical Hacker

Part IV - NTLM Relay

Wed, May 25, 2022 | 2:00 PM – 3:00 PM EDT

Noah King, one of Horizon3's front-end developers, is inviting you into his experience as he learns to be an expert at ethical hacking. In each session, Noah will be joined by experts from inside and outside Horizon3 who will share in-depth knowledge, experience, and advice from their years of industry and nation-state cybersecurity practice.

Monti Knode, Horizon3.ai’s Director of Customer Success, will be joined by James Stahl, Senior Offensive Security Consultant from our alliance partner Echelon Risk + Cyber, as they guide you and Noah through the attacker's journey.

Over the next few Tech Talks, they will dive deep into common Windows attacks, starting with NTLM Relay. At least half of Horizon3.ai’s internal pentesting clients are vulnerable to NTLM relay attacks. It's the top technique used by pentesters to acquire and use domain user credentials and can ultimately lead to full domain compromise.

Learn how this attack works and how to protect yourself against it!

Attackers Journey Part 4 - Hikers traveling with code fading into the background

Red Team Blog

Using NodeZero to Find and Fix Log4Shell

by Naveen Sunkavally | Jan 6, 2022 | Blog, Red Team

Log4Shell is a “once-in-a-decade” type of vulnerability that will linger in environments for years to come. For a vulnerability with such a broad, lasting impact, it’s important to establish a principled and disciplined approach for discovering and remediating it. NodeZero both detects and exploits Log4Shell, surfacing a wealth of information that can be used to understand its real impact and prioritize its remediation.

« Older Entries

Next Entries »

Customer Success Blog

Log4Shell RCE Vulnerability in Apache Log4j: The Gift No One Wished For

by Horizon3.ai | May 16, 2022 | Blog, Customer Success

The Log4Shell RCE vulnerability in Apache Log4j, CVE-2021-44228, dates to 2013 when Log4j 2.0-beta9 was released. An analysis of our pentesting data using NodeZero identified and provided proof of exploit for over 105 unique instances of the CVE within our customers’ environments.

« Older Entries

Next Entries »

iAmNodeZero

Hack The Box – Jerry

by NodeZero | Sep 16, 2021 | IAmNodeZero

The Jerry machine from the Hack The Box platform nicely illustrates the danger of weak and default credentials.

« Older Entries

Next Entries »

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.