The Attacker’s Perspective

Horizon3.ai® can assess all of your environments, from the attack surface of your hybrid cloud to your on-prem network infrastructure, helping you continuously find and fix your internal and external attack vectors before criminals exploit them. Follow these simple steps to run a pentest within your network.


Set Up a NodeZero Host

NodeZero is our prepackaged software module that simulates the activities of an attacker within your network. Setting up NodeZero requires only two things:

  • A host with Docker installed from which NodeZero will operate (the NodeZero Host)
    • We strongly recommend using Linux, but you can also use Mac or Windows with a little extra work. Click here for a deeper dive into the NodeZero Host.
    • Place this host within the part of your network from which you want the attack to originate.
    • If you need help with Docker installation, click on your platform: LinuxMacWindows
  • Connectivity to the Internet from that host
    • We recommend a hard-wired Ethernet connection of at least 40MBps download.

Once you have your NodeZero Host ready, log into a shell on it using your favorite method. We will be back here shortly.


Log Into the Portal

Click here to navigate to our Portal and log in with your credentials.


Run a Pentest

1. Getting Started

Click
Run a Pentest button
to bring up the Pentest Configuration panel. There you’ll choose if you’d like to run a fully customized pentest or do a “Quick Run” from preexisting configurations.

Once you complete all of the configuration steps below, an internal pentest will be executed which will perform recon and maneuver using the same tactics as an attacker, chaining together harvested credentials, misconfigurations, dangerous defaults and safely exploitable vulnerabilities.

2-4. Configuring your Pentest

Run_a_Pen_Test_c67a3d5abe.jpg

Pentest Name

Use the Name section to quickly identify this pentest among the others you have run. We recommend you come up with a naming standard that fits your needs. For example:

[date]|[library]|[Nodezero Src]|[scope]

2021-09-01|NodeZero|East-Coast-Bizops|Full: This indicates that the NodeZero host was placed in the East Coast Bizops network and the scope was the entire enterprise.

2021-09-24|NodeZero|Netherlands Dev|US East Finance: This indicates a test to validate new controls were effective in stopping an attacker from reaching the US East Finance network from a development network.

Pentest Scope

The pentest scope is the set of IPs and/or subnets (in CIDR notation) within which you want to run the pentest. The larger the scope, the better results you will get. This is not a “vulnerability scanner” that has a narrow focus. NodeZero assesses your environment and uses any data it finds, and the context around it, to identify and exploit your vulnerabilities, misconfigurations, and poor cybersecurity hygiene.

If you are unclear on CIDR notation, here is a reference and a calculator app to assist you:

If your environment uses 192.168.0.1 and the subnet mask is 255.255.255.0, then you’ll add the following to the Include section: 192.168.0.0/24

For properly segmented environments, use comma-separated CIDR notation. For example: 192.168.0.0/16,172.16.10.0/24,10.0.0.0/8

If you are running NodeZero in a more complex environment, set the scope to cover as many subnets as possible. You should ask your Network Administrator for a list of CIDR annotated subnets.

The Exclude section stops NodeZero from scanning or exploiting a set of IPs or subnets. The IPs within this section may be discovered by NodeZero via various techniques within the pentest, but NodeZero will not touch them. They may show up in the Out of Scope list within the pentest results. Note that this parameter also requires CIDR notation.

5. Pentest Confirmation

Click
Next_Button_e8669ece6a.jpg
through the optional configuration panels until you reach the Review panel.

Op_Confirm_1a29a8839d.jpg

Click
Confirm_a9f97d2a1c.jpg
to launch the pentest.
In a few minutes, the command-and-control system for the pentest will be provisioned and ready for execution.

6. Deploy NodeZero

While the pentest is provisioning, its companion one-time-use software module, NodeZero, is made ready for deployment on your NodeZero Host.

Op_Execute_0e9558bc27.jpg

Click
Copy_to_Clipboard_5df769a805.jpg
or highlight the command line provided and copy it with cmd+c or ctrl+c. Now, return to the shell on your NodeZero Host.


Execute NodeZero

Paste the command line you just copied into the shell of your NodeZero Host.

This script will validate the Docker installation, download the most up-to-date NodeZero Docker image, and begin the pentest. In the Portal, you will see the status of the pentest transition from Ready to Running.nodezero_90f0a2aeb3.png

How can NodeZero help you?

Let our experts walk you through a demonstration of NodeZero, so you can see how to put it to work for your company.