Release Notes

Our Release Notes provide a consolidated monthly summary of all the enhancements and updates delivered. These notes capture the culmination of continuous improvements we've made throughout the month, offering you a cohesive overview.

For real-time updates and the latest release information, please check the notifications directly within the portal.

2023.09

September Updates As the leaves turn golden and begin their descent, we're thrilled to unveil a flurry of fresh features this autumn. Just as trees are shedding layers, we added layers of innovation in September!

• Expanded Attack Content: New content for Citrix devices, Azure VM access, Adobe Coldfusion, advanced password spray, and more!
• Phishing Integration: Dive into NodeZero's brand-new test type and seamlessly integrate it with your Phishing campaigns.
• NodeZero Runner Resilience: Use h3-cli for effortless registration of your NodeZero Runner as a system service.
• Enhanced Data Discovery: See "Protected Data" results during pentests for more insightful findings.
• Revamped Executive Summary: Discover our refreshed, intuitive design

Check out the 2023.09 Details Page for all the details.

2023.08

August Updates 🌞 As the summer sun continues to shine bright, so do our platform enhancements! We've brought in a fresh wave of updates this month, aiming to make your experience more seamless and engaging.

• Enhanced Proxy Support: Easier and more streamlined proxy configurations.
• Expanded Coercion Methods: New methods added to exploit PetitPotam vulnerabilities.
• Improved Single Sign-On (SSO) Experience: Open beta for paid accounts.
• Portal UI Updates: Introducing new color themes ("Modern" and "Light") and redesigned navigation bar for enhanced user interaction.
• Phishing Test (Beta): Introducing new Phishing Test to measure the impact of phishing attacks.
• Feature Additions: Added attack content for Juniper, cPanel, H2 Database, Adobe ColdFusion, and Metabase.

Check out the 2023.08 Details Page for all the details.

2023.07

The only thing hotter than July is all the new features. Here are some highlights:

• New/Updated Vulnerability Detections: Added several new detections and exploits for weaknesses.
• Password Spraying: Improved dynamic generation of weak passwords.
• External Host Discovery: Expanded NodeZero's coverage and accuracy for identifying hosts during external enumeration.
• Domain Controller Identification: Added better domain controller identification in adverse networks.

Check out the 2023.07 Details Page for all the details.

2023.06

Summer is here, along with a release packed with great new features! Here are a few highlights:

• Single Sign-On (SSO) Integration: Added support for Single Sign-On using OpenID Connect (OIDC).
• Password Audit Operations: Easily audit the strength and similarity of user passwords in your Active Directory environment.
• Remote Access Tool (RAT): NodeZero can now leverage detected weaknesses and vulnerabilities to deploy Remote Access Tools (RATs).
• Bulk Authorize External Assets: The External Assets page has improved ability to sort, filter, and bulk-authorize assets.
• NodeZero Runner Management: New Runner Management page improves visibility and control over your Runners.
• BloodHound Data Collection: NodeZero now collects BloodHound data during Pentest operations, which can be downloaded post-op.

Check out the 2023.06 Details Page for all the details.

2023.05

After the abundance of amazing attacks in April, we're thrilled to share even more May blooms with you! Here are some of the key highlights:

• Pentest Scheduling in the Portal: Say goodbye to manual configurations! You can now easily schedule future pentests and series of pentests directly in the Portal, streamlining your workflows. See the scheduling page for more information.
• VirtualHost Support for Kubernetes: NodeZero now supports VirtualHosts in Kubernetes modules, providing enhanced testing capabilities for containerized environments.
• Real-Time View Enhancements: Gain deeper insights with Real-Time View updates for External Pentests, including status updates for injected credentials. Stay on top of the progress with real-time information.
• Portal Login Enhancements: Experience enhanced authentication capabilities with a new Social Sign-In button for Microsoft/Azure.
• Attack Content Updates: As always, we're continually keeping NodeZero up-to-date with important exploits and attack techniques.

Check out the 2023.05 Details Page for all the details.

2023.04

This release packs in some great new features, including NodeZero Runners and the Network Enumeration operation type. A few highlights for this release include:

• Introduction of NodeZero Runners, which enable automated deployment of NodeZero without needed to copy-paste the curl script.
• The Network Enumeration operation, the first of several Targeted Tests, which enables you to discover the attack surface of your internal network without identifying or exploiting vulnerabilities.
• Added ability for users to inject credentials immediately after scheduling a pentest and while a pentest is paused
• Added new visualizations and filtering to the Hosts Page
• Enhanced password spray and password cracking routines to utilize usernames from breach data
• As always, we're continually keeping NodeZero up-to-date with important exploits and attack techniques.

Check out the 2023.04 Details Page for all the details.

2023.03

Spring is in the air, and with it comes the latest updates to NodeZero! March brings a fresh breeze of features and improvements to help your cybersecurity program bloom. Check out the highlights below, or view in detail on the March 2023 page.

• New user experience enabled by default!
• The new user experience is now enabled by default. Customers that had access to the old experience can still switch back for a limited time.
• As always, we're continually keeping NodeZero up-to-date with important exploits and attack techniques.

Check out the 2023.03 Details Page for all the details.

2023.02

This release is filled with amazing new capabilities and we are excited for you to use them

View the 2023.02 Details Page for detailed explanations, but here are some highlights:

• New User Experience: This is a whole new look and feel to the portal. We've revamped the executive summary and made it much easier to navigate through the results of your pentest
• Externally pentest IP Addresses: Available in the new user experience, you can now add IPs to the scope for an External pentest
• Pause and Resume pentest operations: Available in the new user experience, you can now pause and resume ops from the portal
• 1-Click-Verify multiple weaknesses at a time: Available in the new user experience
• H3 CLI: You can now schedule a pentest to run automatically on a recurring basis using the H3 CLI tool

And much more. Check out the 2023.02 Details Page for all the details.

2023.01

Happy New Year!

This month's release improves functionality in user interface and additional attack content including:

• VMware vRealize Log Insight VMSA-2023-0001
• Active Directory Certificate Services (ADCS) ESC8
• Additional Cloud Attack Content
• Multiple CISA KEVs

View the 2023.01 Details Page for detailed explanations, enhancements, and bugfixes!