Portal

Note

NodeZero Web UI will be commonly referred to as simply Portal.

Helpful resources pertaining to Horizon3.ai products and services:

Test Types

NodeZero provides several types of penetration tests:

Infrastructure Attack Surface Tests

NodeZero's Infrastructure Attack Surfaces tests are NodeZero's autonomous network penetration tests. These all-inclusive tests are deployable from various perspectives and identify attack paths across on-premise, hybrid-cloud, perimeter, and cloud networks.

• Internal Pentest - A pentest run against an internal network. NodeZero is deployed on a Docker host within your private network.
• External Attacks - NodeZero runs from the Horizon3.ai cloud and tests your public-facing or external assets.

Identity Attack Surface

NodeZero's Identity Attack Surface tests find and exploit real-world attack-paths and vulnerabilities in IAM controls and platforms.

• AWS Pentest - NodeZero uses a privileged role in your AWS account to discover vulnerabilities and misconfigurations.
• Azure Entra ID Pentest - NodeZero runs on a docker host within your private network to discover and assess attack paths within your hybrid Entra ID environment.
• Active Directory Password Audit - Audit your users' Active Directory Passwords. NodeZero will reveal weak, breached, and re-used passwords.

Operational Scenario Testing

NodeZero's Operational Scenario tests are used to validate your organization's security readiness by using real-world attack techniques to tests its resilience to operational scenarios.

• Segmentation Testing - Discover your internal attack surface. NodeZero enumerates IPS, ports, services and applications within your network.
• Phishing Pentest- use NodeZero to measure the impact of phishing campaigns by injecting the phished credentials into an internal pentest

Rapid Response

(Must Opt-In) NodeZero's Rapid Response tests help you stay on top of emerging vulnerabilities. These tests enable you to quickly assess your environment for high-impact N-day vulnerabilities that have been exploited in the wild or are likely to be exploited in the wild. These tests often include custom exploits developed by Horizon3.

• Rapid Response - Displays alerts and tests targeted at specific attacks

Portal Settings

• Setting a Proxy - If your organization utilizes a proxy for external traffic
• Email Notifications - When and why does NodeZero send out emails
• Pentest Templates - How to set up and managing inputs to pentests
• User Management - NodeZero allows users to be added, edited, removed and have their permissions set and changed
• Single Sign On (SSO) - Enable and setup Single Sign On (SSO)
• Identification Provider (IdP) Setup - Guides on setting up an IdP for use with SSO

Additional Features

• Attack Configuration - configure pentest behavior
• Bloodhound - analyze Active Directory information
• Injecting Credentials - run NodeZero from an authenticated perspective
• Schedules - automate scheduling of pentests
• Co-Branding - How to create reports for clients

See navigation pane for the full list of resources.