Release Notes

Our Release Notes provide a consolidated monthly summary of all the enhancements and updates delivered. These notes capture the culmination of continuous improvements we've made throughout the month, offering you a cohesive overview.

For real-time updates and the latest release information, please check the notifications directly within the portal.

2024.03

March Updates March marches in with the promise of new growth and our commitment to continuous innovation. This month, we've cultivated a crop of robust features and enhancements aimed at strengthening your security landscape. Spring into action with our latest update highlights:

Rapid Response Tests: Spring into action with our new Rapid Response tests, tailored to help you surgically test and verify the most critical and emerging vulnerabilities within your environment.
New Attack Content: New content like the Fortinet FortiClient EMS SQL injection vulnerability that leads to remote code execution, and other high-profile CVEs.
Template Management Page: Organize and streamline your attack templates with our newly designed template management UI.
Active Directory Password Audit: Enhanced performance, now dumping NTDS secrets 10 times faster.

Check out the 2024.03 Details Page for all the details.

2024.02

February Updates Love is in the air, and so is the promise of enhancing cybersecurity with our February updates. This month, we're delivering a bouquet of new features and improvements, all designed to sweeten your security strategy. From user interface enhancements to testing your defenses from the attacker's perspective, let our latest offerings be your Valentine's gift from NodeZero.

Sticky Table Headers: Navigate large data tables with ease, thanks to sticky headers that stay in view as you scroll.
Dashboard Views: Customize your dashboard experience with new vertical and horizontal layout options, ensuring the most critical information is always where you need it.
Cookie Consent for GDPR: Enhance user privacy with our updated cookie consent feature, now in compliance with GDPR.
New Attack Content: Stay ahead of attackers with new attack modules, including CVEs targeting Ivanti Connect Secure, GitLab, ConnectWise SecureConnect, and more.
Azure and AWS Enhancements: Gain deeper insights and control in cloud environments with our latest Azure user creation and AWS metadata service credential harvesting capabilities.

Check out the 2024.02 Details Page for all the details.

2024.01

January Updates As the new year begins amidst the quiet chill of winter, our team has ignited a beacon of innovation to heat up your security strategy. This January, we're rolling out powerful updates aimed at enhancing your cybersecurity posture. Embrace new beginnings and make a resolution to harden your infrastructure with our latest developments from the attacker's perspective!

Phishing Impact Test: A significant leap forward with the launch of the Phishing Impact Test in NodeZero, enabling organizations to measure the potential impact of phishing with precision. See our phishing page here
Attack Path Enhancements: Major improvements to Attack Paths, introducing a Vertical Display and Concise/Detailed views, for a clearer narrative on your security landscape.
External Asset Discovery Updates: A series of updates to enhance the identification and management of external assets.
New Attack Content: Expanding our arsenal with critical vulnerabilities targeting Ivanti Connect Secure VPN, Fortra GoAnywhere MFT, Apache OFBiz, Jenkins, and more, alongside inclusion of 21 vulnerabilities from the CISA KEV list.

Check out the 2024.01 Details Page for all the details.

2023.11

November Updates As November ushers in the crispness of late autumn, our team has been busy harvesting a rich array of updates and enhancements. This month, we present a bountiful selection of new features and refinements, each designed to fortify and streamline your security landscape. Step into November's technological cornucopia and explore what we've cultivated for you!

New Attack Content: Attack content targeting Cisco IOS XE, Citrix NetScaler, Apache ActiveMQ, and Confluence.
Cyanide Activity Identification: Enhanced NodeZero activity identification in logs with updated Cyanide, now including a static suffix 'H3N0' for simplified tracking.
Azure Attack Flow Improvements: Strengthened Azure integration with the ability to use Azure Refresh and Access Tokens, streamlining the authentication process.
Advanced Pentest Management: Introducing new functionalities like moving pentests between accounts and downloading key pentest data such as External IPs and AD Password Audit results in CSV format.

Check out the 2023.11 Details Page for all the details.

2023.10

October Updates As the nights grow longer and Halloween shadows creep in, we've conjured up a spellbinding set of updates for you this month. Like a cauldron brimming with potions, our platform brews with enhancements to bewitch and bolster your security endeavors. Dive in, if you dare!

Credential Injection with Node Zero Runners: Node Zero Runners now support automatic credential injection for scheduled operations, requiring zero manual input post-setup. Especially useful for monthly Active Directory Password Audits, ensuring process adherence and catching overlooked policy errors.
Revamped Fix Actions Report: The newly refreshed fix action report offers an intuitive table of contents and detailed insights, pinpointing affected hosts for each identified weakness. It's a consolidated resource for action-based insights.
Enhanced Exposure Score Visibility: The pentest summary now displays an Overall Exposure Score, derived from a meticulous assessment of critical impacts, weaknesses, and data exposure. Improve your security by addressing these highlighted vulnerabilities.

Check out the 2023.10 Details Page for all the details.

2023.09

September Updates As the leaves turn golden and begin their descent, we're thrilled to unveil a flurry of fresh features this autumn. Just as trees are shedding layers, we added layers of innovation in September!

Expanded Attack Content: New content for Citrix devices, Azure VM access, Adobe Coldfusion, advanced password spray, and more!
Phishing Integration: Dive into NodeZero's brand-new test type and seamlessly integrate it with your Phishing campaigns.
NodeZero Runner Resilience: Use h3-cli for effortless registration of your NodeZero Runner as a system service.
Enhanced Data Discovery: See "Protected Data" results during pentests for more insightful findings.
Revamped Executive Summary: Discover our refreshed, intuitive design

Check out the 2023.09 Details Page for all the details.

2023.08

August Updates 🌞 As the summer sun continues to shine bright, so do our platform enhancements! We've brought in a fresh wave of updates this month, aiming to make your experience more seamless and engaging.

Enhanced Proxy Support: Easier and more streamlined proxy configurations.
Expanded Coercion Methods: New methods added to exploit PetitPotam vulnerabilities.
Improved Single Sign-On (SSO) Experience: Open beta for paid accounts.
Portal UI Updates: Introducing new color themes ("Modern" and "Light") and redesigned navigation bar for enhanced user interaction.
Phishing Impact Test (Beta): Introducing new Phishing Impact Test to measure the impact of phishing attacks.
Feature Additions: Added attack content for Juniper, cPanel, H2 Database, Adobe ColdFusion, and Metabase.

Check out the 2023.08 Details Page for all the details.

2023.07

The only thing hotter than July is all the new features. Here are some highlights:

New/Updated Vulnerability Detections: Added several new detections and exploits for weaknesses.
Password Spraying: Improved dynamic generation of weak passwords.
External Host Discovery: Expanded NodeZero's coverage and accuracy for identifying hosts during external enumeration.
Domain Controller Identification: Added better domain controller identification in adverse networks.

Check out the 2023.07 Details Page for all the details.

2023.06

Summer is here, along with a release packed with great new features! Here are a few highlights:

Single Sign-On (SSO) Integration: Added support for Single Sign-On using OpenID Connect (OIDC).
Password Audit Operations: Easily audit the strength and similarity of user passwords in your Active Directory environment.
Remote Access Tool (RAT): NodeZero can now leverage detected weaknesses and vulnerabilities to deploy Remote Access Tools (RATs).
Bulk Authorize External Assets: The External Assets page has improved ability to sort, filter, and bulk-authorize assets.
NodeZero Runner Management: New Runner Management page improves visibility and control over your Runners.
BloodHound Data Collection: NodeZero now collects BloodHound data during Pentest operations, which can be downloaded post-op.

Check out the 2023.06 Details Page for all the details.

2023.05

After the abundance of amazing attacks in April, we're thrilled to share even more May blooms with you! Here are some of the key highlights:

Pentest Scheduling in the Portal: Say goodbye to manual configurations! You can now easily schedule future pentests and series of pentests directly in the Portal, streamlining your workflows. See the scheduling page for more information.
VirtualHost Support for Kubernetes: NodeZero now supports VirtualHosts in Kubernetes modules, providing enhanced testing capabilities for containerized environments.
Real-Time View Enhancements: Gain deeper insights with Real-Time View updates for External Pentests, including status updates for injected credentials. Stay on top of the progress with real-time information.
Portal Login Enhancements: Experience enhanced authentication capabilities with a new Social Sign-In button for Microsoft/Azure.
Attack Content Updates: As always, we're continually keeping NodeZero up-to-date with important exploits and attack techniques.

Check out the 2023.05 Details Page for all the details.

2023.04

This release packs in some great new features, including NodeZero Runners and the Network Enumeration operation type. A few highlights for this release include:

Introduction of NodeZero Runners, which enable automated deployment of NodeZero without needed to copy-paste the curl script.
The Network Enumeration operation, the first of several Targeted Tests, which enables you to discover the attack surface of your internal network without identifying or exploiting vulnerabilities.
Added ability for users to inject credentials immediately after scheduling a pentest and while a pentest is paused
Added new visualizations and filtering to the Hosts Page
Enhanced password spray and password cracking routines to utilize usernames from breach data
As always, we're continually keeping NodeZero up-to-date with important exploits and attack techniques.

Check out the 2023.04 Details Page for all the details.

2023.03

Spring is in the air, and with it comes the latest updates to NodeZero! March brings a fresh breeze of features and improvements to help your cybersecurity program bloom. Check out the highlights below, or view in detail on the March 2023 page.

New user experience enabled by default!
The new user experience is now enabled by default. Customers that had access to the old experience can still switch back for a limited time.
As always, we're continually keeping NodeZero up-to-date with important exploits and attack techniques.

Check out the 2023.03 Details Page for all the details.

2023.02

This release is filled with amazing new capabilities and we are excited for you to use them

View the 2023.02 Details Page for detailed explanations, but here are some highlights:

New User Experience: This is a whole new look and feel to the portal. We've revamped the executive summary and made it much easier to navigate through the results of your pentest
Externally pentest IP Addresses: Available in the new user experience, you can now add IPs to the scope for an External pentest
Pause and Resume pentest operations: Available in the new user experience, you can now pause and resume ops from the portal
1-Click-Verify multiple weaknesses at a time: Available in the new user experience
H3 CLI: You can now schedule a pentest to run automatically on a recurring basis using the H3 CLI tool

And much more. Check out the 2023.02 Details Page for all the details.

2023.01

Happy New Year!

This month's release improves functionality in user interface and additional attack content including:

View the 2023.01 Details Page for detailed explanations, enhancements, and bugfixes!