2023.04

Features / Enhancements

Added new Network Enumeration operation. This operation performs initial phases of an Internal Pentest, including Host and Service Discovery, but does not detect or exploit weaknesses. It can be used to measure the internal attack surface of your network and identify scopes to be used in Internal Pentest operations
Added NodeZero Runners, which enable an alternative deployment method for Internal Pentests without needing access to the NodeZero host each time a pentest is started. See this guide for more information
Added ability for users to inject credentials immediately after scheduling a pentest and while a pentest is paused
Added new visualizations and filtering to the Hosts Page
Added Download CSV Item to Fileshare and S3 Detail Pages
Enhanced password spray and password cracking routines to utilize usernames from breach data
Added exploits for new weaknesses
Improved co-branding error handling
Improved API-key management experience
Improved Proof views
Improved accessibility
Improved related data in Data details
Co-branding: Increase phone number max digits from 14 to 20

Reduce likelihood of printers printing loads of paper when scanning TCP/9100
Fix false negative for Log4J against elasticsearch targets
Fix issue in which Azure password spray would stop early
Fix issue in which CVE-2022-1162 was not being detected on targets requiring a VHost
Fix issue in which domain credentials with blank passwords may cause modules to fail
Fix issue in which NoPAC attack module would fail to tag users as admins
Fix issue in which Microsoft Active Directory Certificate Services authentication endpoints may not be discovered
Fix issue performing gMSA dumping over some LDAPS connections