The Attacker's Perspective
Horizon3.ai is a leader in security assessment and validation enabling continuous security overwatch from an attacker’s perspective. Our solution, NodeZero, identifies and contextualizes ineffective security controls and kill chains that can be exploited, all without consultants, persistent agents or up-front configurations, so you spend your security resources fixing what matters.
NodeZero is our prepackaged software module that simulates the activities of an attacker within your network. Setting up NodeZero requires only two things:
- A host with Docker installed from which NodeZero will operate (the NodeZero Host)
- We recommend Linux on a virtual machine. You can also use Mac or Windows with a little extra work. Click here for a deeper dive into the NodeZero Host.
- Place this host within the part of your network from which you want the attack to originate.
- If you need help with Docker installation, click on your platform: Linux, Mac, Windows
- Connectivity to the Internet from that host
- We recommend a hard-wired Ethernet connection of at least 40MBps download.
Once you have your NodeZero Host ready, log into a shell on it using your favorite method. We will be back here shortly.
Click here to navigate to our Portal and log in with your credentials.
Choose the type of operation you want to run in our Portal:
- Run a Pen Test: Executes an internal penetration test, recons and maneuvers using the same tactics as an attacker, chaining together harvested credentials + misconfigurations + dangerous defaults + safely exploitable vulnerabilities.
- Run an Initial Damage Assessment: Similar to a pen test, but focuses on discoverable credentials and data resources within the immediate blast radius of a breach point.
3.1 Operation Parameters
to bring up the Op Configuration panel.
3.1.2 Operation Scope
The operation scope is the set of IPs and/or subnets (in CIDR notation) within which you want to run the operation. The larger the scope, the better results you will get. This is not a "vulnerability scanner" that has a narrow focus. NodeZero assesses your environment and uses any data it finds, and the context around it, to identify and exploit your vulnerabilities, misconfigurations, and poor cyber-security hygiene.
If you are unclear on CIDR notation, here is a reference and a calculator app to assist you:
If your environment uses
192.168.1.0 and the subnet mask is
255.255.255.0, then you'll add the following to the scope:
For properly segmented environments, use comma-separated CIDR notation.
If you are running NodeZero in a more complex environment, you'll want to set the scope to cover as many subnets as possible.
You should ask your Network Administrator for a list of CIDR annotated subnets.
3.1.3 Operation Blacklist
The Blacklist stops NodeZero from scanning or exploiting a set of IPs or subnets. The IPs within the blacklist may be discovered by NodeZero via various techniques within the operation, but NodeZero will not touch them. They may show up in the "Out-of-scope" list in the post-operation report.
This parameter also requires CIDR notation.
3.1.4 Operation Name
Use the Operation Name to quickly identify this operation among the others you have run. We recommend you come up with a naming-standard that fits your needs.
2020-10-01|NodeZero|East-Coast-Bizops|Full. This Indicates that the NodeZero host was place in the East Coast Bizops network and the scope was the entire enterprise.
2020-12-24|NodeZero|Netherlands Dev|US East Finiance. This was a test to validate new controls were affective in stopping an attacker from reaching the US East finance network from a development network.
3.1.5 Prepare the Op
Click the button.
Your operation will begin to build its one-time-use software module, NodeZero, which you will execute in the next step. Our platform will coordinate with this module to assess your environment.
The operation will display its status in the window.
When the operational configuration is baked and ready to execute, you will be provided with a command.
Copy to Clipboard button or highlight the script and copy it with
Lastly, paste this command into the terminal of your NodeZero Host.
This script will validate the Docker installation, download the most up-to-date NodeZero Docker image, and begin the operation. You will see the status of the operation transition from