Skip to content


Welcome to our product glossary, a quick reference for essential cybersecurity terms unique to our solution. Whether you're new to cybersecurity or a seasoned professional, this resource will help you understand the specific language used in our product. Organized alphabetically, if you find something is missing, please feel free to provide feedback at the bottom of the page!

Attack Path

An attack path refers to the sequence of steps or actions an attacker may take to compromise a system or network. It involves identifying vulnerabilities and other weaknesses, exploiting them, and navigating through the network to access valuable information or resources.

BloodHound Data

BloodHound data is the reconnaissance information collected and analyzed by the BloodHound tool within an Active Directory and/or Azure environment. NodeZero users have the option to obtain the BloodHound data collected during a pentest.


Impacts summarize, in business terms, the effects NodeZero was able to achieve as a result of exploiting weaknesses in your environment.


An N-day is a software or hardware vulnerability that is already publicly known, (n days since disclosure) but there may or may not be a security update available to remediate the vulnerability.

NodeZero Runner

The NodeZero runner enables the automated deployment of a NodeZero Docker container. This allows you to provision and deploy pentests from the portal, without having to manually run a NodeZero launch script.

Notable Event

A feature of Real-Time View (RTV). These events signify that during the pentest, NodeZero performed actions that would likely lead to a critical Impact.


RAT stands for remote access tool, software that gives a person full control of a tech device remotely. They have legitimate uses, such as technical support, but can also be controlled by attackers with malicious intent. In the context of NodeZero, a RAT is used to provide NodeZero with additional access to further explore attack paths during operations.

Real-Time View (RTV)

Real-Time View in NodeZero provides you with real-time information and updates on the progress of your running pentest, including status updates for injected credentials.

Sensitive Data Exposure

An Impact that indicates NodeZero was able to potentially access sensitive information given the filetype or service that is compromised. Examples include, but are not limited to:

  • Business documents in file shares (.docx, .pdf, .xlsx)
  • Outlook PST files
  • Confluence RCE
  • Exchange RCE

States (Pentest)

The pentest lifecycle encompasses several stages, each with its unique purpose and characteristics. These stages surface in portal with words like: 'Preparing', 'Action Needed', 'Running', 'Processing', and 'Done'. Below, you will find a detailed breakdown of these stages and their respective descriptions.

State Name Description
Action Needed Copy and run the one-time command on your Docker Host to launch NodeZero.
Action Needed: Paused Start your pentest after adding NodeZero's IP to your allowlist.
Done The pentest is fully complete and results are available in the portal.
Ended The pentest was ended early by the user. Results are available in the portal.
Error An error was encountered during this pentest.
Paused The pentest is paused.
Pausing The pentest is in the process of pausing.
Preparing The pentest is setting up the resources it needs.
Preparing (Start Paused) Resources are being provisioned for the pentest. Once provisioning is complete, the pentest will start in a paused state.
Processing The pentest results are being processed.
Resuming The pentest is resuming from a paused state.
Running The pentest is live and running.
Scheduled The pentest has been scheduled and will begin provisioning resources shortly.
Unknown The pentest encountered an issue. Contact us for further assistance if this issue persists.


A weakness refers to a vulnerability or security flaw that can be exploited by an attacker to compromise a system or network. Weaknesses can include misconfigurations, outdated software, default credentials, or other vulnerabilities that can be leveraged to gain unauthorized access or perform malicious actions.