NetSPI
@netspi.bsky.social
New research from NetSPI from
@kfosaaen.bsky.social & Thomas Elling reveals how Azure tenant IDs leaked through Entra ID authentication maps cloud resources to their owners.
Check out the new ATEAM tool for automated discovery.
Full technical breakdown: ow.ly/UOcu50WFzto
@kfosaaen.bsky.social & Thomas Elling reveals how Azure tenant IDs leaked through Entra ID authentication maps cloud resources to their owners.
Check out the new ATEAM tool for automated discovery.
Full technical breakdown: ow.ly/UOcu50WFzto
ATEAM - Azure Resource Attribution via Tenant ID Enumeration
At DEF CON 33, NetSPI presented a talk about how Azure resources supporting Entra ID authentication expose tenant IDs, enabling attackers to attribute cloud resources to specific organizations at scal...
ow.ly
August 14, 2025 at 2:20 PM
New research from NetSPI from
@kfosaaen.bsky.social & Thomas Elling reveals how Azure tenant IDs leaked through Entra ID authentication maps cloud resources to their owners.
Check out the new ATEAM tool for automated discovery.
Full technical breakdown: ow.ly/UOcu50WFzto
@kfosaaen.bsky.social & Thomas Elling reveals how Azure tenant IDs leaked through Entra ID authentication maps cloud resources to their owners.
Check out the new ATEAM tool for automated discovery.
Full technical breakdown: ow.ly/UOcu50WFzto
New Azure App Services security research by NetSPI's @kfosaaen.bsky.social
TL;DR: Users with Contributor permissions can extract & decrypt authentication tokens to impersonate other users accessing the application.
Read more: ow.ly/tgUA50Wuqpb
#Azure #CloudSecurity
TL;DR: Users with Contributor permissions can extract & decrypt authentication tokens to impersonate other users accessing the application.
Read more: ow.ly/tgUA50Wuqpb
#Azure #CloudSecurity
July 24, 2025 at 1:04 PM
New Azure App Services security research by NetSPI's @kfosaaen.bsky.social
TL;DR: Users with Contributor permissions can extract & decrypt authentication tokens to impersonate other users accessing the application.
Read more: ow.ly/tgUA50Wuqpb
#Azure #CloudSecurity
TL;DR: Users with Contributor permissions can extract & decrypt authentication tokens to impersonate other users accessing the application.
Read more: ow.ly/tgUA50Wuqpb
#Azure #CloudSecurity
New Vuln Research: NetSPI Principal Consultant Ceri Coburn exposes how Forescout SecureConnector agents can be hijacked via a named pipe vulnerability (CVE-2025-4660), turning endpoint security tools into attacker-controlled C2 channels.
Read more: ow.ly/6hl250WqWrX
Read more: ow.ly/6hl250WqWrX
July 17, 2025 at 1:15 PM
New Vuln Research: NetSPI Principal Consultant Ceri Coburn exposes how Forescout SecureConnector agents can be hijacked via a named pipe vulnerability (CVE-2025-4660), turning endpoint security tools into attacker-controlled C2 channels.
Read more: ow.ly/6hl250WqWrX
Read more: ow.ly/6hl250WqWrX
NetSPI Security Consultant Mayuri Bochare has published an insightful deep-dive on securing Java Spring applications through code review.
👉 Read the full article: ow.ly/IWfx50WnoVy
#proactivesecurity #JavaSecurity #SecureCodeReview
👉 Read the full article: ow.ly/IWfx50WnoVy
#proactivesecurity #JavaSecurity #SecureCodeReview
Detecting Authorization Flaws in Java Spring via Source Code Review (SCR)
Discover how secure code review catches privilege escalation vulnerabilities in Java Spring apps that pentests miss - identify insecure patterns early.
ow.ly
July 10, 2025 at 1:42 PM
NetSPI Security Consultant Mayuri Bochare has published an insightful deep-dive on securing Java Spring applications through code review.
👉 Read the full article: ow.ly/IWfx50WnoVy
#proactivesecurity #JavaSecurity #SecureCodeReview
👉 Read the full article: ow.ly/IWfx50WnoVy
#proactivesecurity #JavaSecurity #SecureCodeReview
NetSPI Principal Security Consultant Jason Juntunen recently published findings on a Remote Code Execution vulnerability in SailPoint's IQService component.
👉 Read the full technical breakdown: ow.ly/GbT150WmgRg
#proactivesecurity #VulnerabilityResearch
👉 Read the full technical breakdown: ow.ly/GbT150WmgRg
#proactivesecurity #VulnerabilityResearch
Set Sail: Remote Code Execution in SailPoint IQService via Default Encryption Key
NetSPI discovered a remote code execution vulnerability in SailPoint IQService using default encryption keys. Exploit details, discovery methods, and remediation guidance included.
www.netspi.com
July 8, 2025 at 1:02 PM
NetSPI Principal Security Consultant Jason Juntunen recently published findings on a Remote Code Execution vulnerability in SailPoint's IQService component.
👉 Read the full technical breakdown: ow.ly/GbT150WmgRg
#proactivesecurity #VulnerabilityResearch
👉 Read the full technical breakdown: ow.ly/GbT150WmgRg
#proactivesecurity #VulnerabilityResearch
Check out this new article published by @kfosaaen.bsky.social!
I have a new post out on the @netspi.bsky.social blog today. This one is on extracting sensitive information from the Azure Load Testing service. www.netspi.com/blog/technic...
Extracting Sensitive Information from Azure Load Testing
Learn how Azure Load Testing's JMeter JMX and Locust support enables code execution, metadata queries, reverse shells, and Key Vault secret extraction vulnerabilities.
www.netspi.com
July 2, 2025 at 1:06 PM
Check out this new article published by @kfosaaen.bsky.social!
Microsoft Defender for Identity vulnerability (CVE-2025-26685) allows unauthenticated attackers to capture Net-NTLM hashes and potentially gain AD access. Security tools can become attack vectors - understanding this risk is crucial: ow.ly/UOc050W8inY
June 12, 2025 at 12:10 PM
Microsoft Defender for Identity vulnerability (CVE-2025-26685) allows unauthenticated attackers to capture Net-NTLM hashes and potentially gain AD access. Security tools can become attack vectors - understanding this risk is crucial: ow.ly/UOc050W8inY
NetSPI's Sam Beaumont and Larry Trowell developed RayV Lite—a low-cost laser fault injection tool that makes advanced hardware security testing accessible beyond nation-states using open-source hardware & inexpensive IR-leaking lasers.
➡️ Read the full technical deep-dive: ow.ly/Nqtm50W4fjT
➡️ Read the full technical deep-dive: ow.ly/Nqtm50W4fjT
June 4, 2025 at 3:50 PM
NetSPI's Sam Beaumont and Larry Trowell developed RayV Lite—a low-cost laser fault injection tool that makes advanced hardware security testing accessible beyond nation-states using open-source hardware & inexpensive IR-leaking lasers.
➡️ Read the full technical deep-dive: ow.ly/Nqtm50W4fjT
➡️ Read the full technical deep-dive: ow.ly/Nqtm50W4fjT
Get the details on how multiple arbitrary SYSTEM file delete flaws (CVE-2025-23009, CVE-2025-23010) can be exploited for privilege escalation. ow.ly/tTLj50W0xWS
✅ SonicWall has patched these issues in NetExtender v10.3.2
✅ SonicWall has patched these issues in NetExtender v10.3.2
May 29, 2025 at 1:23 PM
Get the details on how multiple arbitrary SYSTEM file delete flaws (CVE-2025-23009, CVE-2025-23010) can be exploited for privilege escalation. ow.ly/tTLj50W0xWS
✅ SonicWall has patched these issues in NetExtender v10.3.2
✅ SonicWall has patched these issues in NetExtender v10.3.2
NetSPI's Sam Beaumont and Larry Trowell will demonstrate how low-cost hardware can be used to execute sophisticated optical attacks on computer chips—attacks previously thought to require nation-state resources at BSides Tokyo on May 17, 2025!
Learn more: ow.ly/CcHM50VPqzU
Learn more: ow.ly/CcHM50VPqzU
NetSPI Agents at BSides Tokyo 2025
Join NetSPI security experts at BSides Tokyo to learn how consumer-grade lasers can replicate nation-state optical hardware attacks.
ow.ly
May 9, 2025 at 2:04 PM
NetSPI's Sam Beaumont and Larry Trowell will demonstrate how low-cost hardware can be used to execute sophisticated optical attacks on computer chips—attacks previously thought to require nation-state resources at BSides Tokyo on May 17, 2025!
Learn more: ow.ly/CcHM50VPqzU
Learn more: ow.ly/CcHM50VPqzU
CVE-2025-27590: Oxidized Web v0.14 vulnerability allows attackers to overwrite local files via /migration page, enabling remote code execution.
Read the article written by NetSPI's Jamie Riden & Jon O'Reilly to highlight the discovery, findings, & remediation of the vulnerability. ow.ly/HLwr50VxKJt
Read the article written by NetSPI's Jamie Riden & Jon O'Reilly to highlight the discovery, findings, & remediation of the vulnerability. ow.ly/HLwr50VxKJt
CVE-2025-27590 – Oxidized Web: Local File Overwrite to Remote Code Execution
Learn about a critical security vulnerability (CVE-2025-27590) in Oxidized Web v0.14 that allows attackers to overwrite local files and execute remote code execution.
ow.ly
April 10, 2025 at 2:22 PM
CVE-2025-27590: Oxidized Web v0.14 vulnerability allows attackers to overwrite local files via /migration page, enabling remote code execution.
Read the article written by NetSPI's Jamie Riden & Jon O'Reilly to highlight the discovery, findings, & remediation of the vulnerability. ow.ly/HLwr50VxKJt
Read the article written by NetSPI's Jamie Riden & Jon O'Reilly to highlight the discovery, findings, & remediation of the vulnerability. ow.ly/HLwr50VxKJt
The overall attack surface of Salesforce is often overlooked, and the result could be disastrous for your organization. ow.ly/CYZ350VrvEz
NetSPI's Weylon Solis wrote an article that explores authorization issues and common bad practices to avoid. Learn more!
#salesforce #proactivesecurity
NetSPI's Weylon Solis wrote an article that explores authorization issues and common bad practices to avoid. Learn more!
#salesforce #proactivesecurity
A Not So Comprehensive Guide to Securing Your Salesforce Organization
Explore key background knowledge on authorization issues and common bad practices developers may unintentionally introduce in Salesforce Orgs.
ow.ly
March 31, 2025 at 1:29 PM
The overall attack surface of Salesforce is often overlooked, and the result could be disastrous for your organization. ow.ly/CYZ350VrvEz
NetSPI's Weylon Solis wrote an article that explores authorization issues and common bad practices to avoid. Learn more!
#salesforce #proactivesecurity
NetSPI's Weylon Solis wrote an article that explores authorization issues and common bad practices to avoid. Learn more!
#salesforce #proactivesecurity
An attacker with access to a Web Help Desk backup file could recover some encrypted passwords stored within it.
NetSPI Principal Security Consultant Jamie Riden wrote to tell about it. Check out his latest blog post to learn more: ow.ly/HFZC50VflwC
NetSPI Principal Security Consultant Jamie Riden wrote to tell about it. Check out his latest blog post to learn more: ow.ly/HFZC50VflwC
CVE-2024-28989: Weak Encryption Key Management in Solar Winds Web Help Desk
Learn how an attacker with access to a backup file could potentially recover certain encrypted passwords.
ow.ly
March 11, 2025 at 12:51 PM
An attacker with access to a Web Help Desk backup file could recover some encrypted passwords stored within it.
NetSPI Principal Security Consultant Jamie Riden wrote to tell about it. Check out his latest blog post to learn more: ow.ly/HFZC50VflwC
NetSPI Principal Security Consultant Jamie Riden wrote to tell about it. Check out his latest blog post to learn more: ow.ly/HFZC50VflwC
Help us define the future of Trustworthy AI by contributing to our expanding benchmarks, from fairness to ethical alignment and beyond. Your insights could drive the next breakthroughs in balancing security and usability. ow.ly/S81y50Ux3nr
January 16, 2025 at 6:16 PM
Help us define the future of Trustworthy AI by contributing to our expanding benchmarks, from fairness to ethical alignment and beyond. Your insights could drive the next breakthroughs in balancing security and usability. ow.ly/S81y50Ux3nr
NetSPI Security Hardware Pentesting Team gives a starting point for those wanting to learn how to decap chips for optical viewing & reversal of integrated controller.
Read the article: ow.ly/1hmZ50UGU3M
Read the article: ow.ly/1hmZ50UGU3M
Practical Methods for Decapping Chips
Discover the intricate process of chip decapping, exposing secrets stored within snuggly layers of industrial epoxy, sleeping in beds of silicon.
ow.ly
January 15, 2025 at 2:58 PM
NetSPI Security Hardware Pentesting Team gives a starting point for those wanting to learn how to decap chips for optical viewing & reversal of integrated controller.
Read the article: ow.ly/1hmZ50UGU3M
Read the article: ow.ly/1hmZ50UGU3M
How can security gaps can emerge in Azure Machine Learning?
@kfosaaen.bsky.social latest blog covers:
• Code execution via Storage Account permissions
• A privilege escalation bug (now fixed)
• A tool for automating credential dumping
Read the full blog 👉 www.netspi.com/blog/technic...
@kfosaaen.bsky.social latest blog covers:
• Code execution via Storage Account permissions
• A privilege escalation bug (now fixed)
• A tool for automating credential dumping
Read the full blog 👉 www.netspi.com/blog/technic...
Hijacking Azure Machine Learning Notebooks (via Storage Accounts)
Abusing Storage Account Permissions to attack Azure Machine Learning notebooks
www.netspi.com
January 8, 2025 at 3:08 PM
How can security gaps can emerge in Azure Machine Learning?
@kfosaaen.bsky.social latest blog covers:
• Code execution via Storage Account permissions
• A privilege escalation bug (now fixed)
• A tool for automating credential dumping
Read the full blog 👉 www.netspi.com/blog/technic...
@kfosaaen.bsky.social latest blog covers:
• Code execution via Storage Account permissions
• A privilege escalation bug (now fixed)
• A tool for automating credential dumping
Read the full blog 👉 www.netspi.com/blog/technic...
Tackling AI security and usability challenges requires collaboration across the community. Join us in shaping benchmarks that make AI safer and more effective for everyone. ow.ly/fNbk50UwxCM
#artificialintelligence #LLM #securitybenchmark #proactivesecurity
#artificialintelligence #LLM #securitybenchmark #proactivesecurity
December 30, 2024 at 2:26 PM
Tackling AI security and usability challenges requires collaboration across the community. Join us in shaping benchmarks that make AI safer and more effective for everyone. ow.ly/fNbk50UwxCM
#artificialintelligence #LLM #securitybenchmark #proactivesecurity
#artificialintelligence #LLM #securitybenchmark #proactivesecurity
🔍 Exploring Second-Order SQL Injection with Out-of-Band Techniques
NetSPI's Deepak Dhasmana dives into detecting & exploiting second-order SQL injection vulnerabilities.
👉 Check out the blog: ow.ly/gukg50UvMvl
#SQLInjection #penetrationtesting #proactivesecurity
NetSPI's Deepak Dhasmana dives into detecting & exploiting second-order SQL injection vulnerabilities.
👉 Check out the blog: ow.ly/gukg50UvMvl
#SQLInjection #penetrationtesting #proactivesecurity
Exploiting Second Order SQL Injection with Stored Procedures
Learn how to detect and exploit second-order SQL injection vulnerabilities using Out-of-Band (OOB) techniques, including leveraging DNS requests for data extraction.
ow.ly
December 23, 2024 at 4:41 AM
🔍 Exploring Second-Order SQL Injection with Out-of-Band Techniques
NetSPI's Deepak Dhasmana dives into detecting & exploiting second-order SQL injection vulnerabilities.
👉 Check out the blog: ow.ly/gukg50UvMvl
#SQLInjection #penetrationtesting #proactivesecurity
NetSPI's Deepak Dhasmana dives into detecting & exploiting second-order SQL injection vulnerabilities.
👉 Check out the blog: ow.ly/gukg50UvMvl
#SQLInjection #penetrationtesting #proactivesecurity
What happens when you prioritize security over usability in AI models—or vice versa? Our Open LLM Security Benchmark dives deep into the trade-offs and implications, showcasing why this balance is critical for the future of AI. Access the paper here: ow.ly/zT2g50UsaZH
GitHub - NetSPI/Open-LLM-Security-Benchmark
Contribute to NetSPI/Open-LLM-Security-Benchmark development by creating an account on GitHub.
ow.ly
December 17, 2024 at 2:17 PM
What happens when you prioritize security over usability in AI models—or vice versa? Our Open LLM Security Benchmark dives deep into the trade-offs and implications, showcasing why this balance is critical for the future of AI. Access the paper here: ow.ly/zT2g50UsaZH
Balancing usability and security in deployments introduce new and unfamiliar risks to organizations. NetSPI created an open Large Language Model (LLM) framework to help clarify some ambiguity around LLM security.
Read more about this framework in our most recent article: ow.ly/Nhjs50Usaio
Read more about this framework in our most recent article: ow.ly/Nhjs50Usaio
Balancing Security and Usability of Large Language Models: An LLM Benchmarking Framework
Explore the integration of Large Language Models (LLMs) in critical systems and the balance between security and usability with a new LLM benchmarking framework.
www.netspi.com
December 16, 2024 at 8:45 PM
Balancing usability and security in deployments introduce new and unfamiliar risks to organizations. NetSPI created an open Large Language Model (LLM) framework to help clarify some ambiguity around LLM security.
Read more about this framework in our most recent article: ow.ly/Nhjs50Usaio
Read more about this framework in our most recent article: ow.ly/Nhjs50Usaio