Skip to content

2023.09

Major Features / Enhancements

New Test Type: Phishing

It’s here! Introducing the ability to simulate the effects of successful phishing campaigns within internal pentests. This provides a tangible insight into the potential consequences of phishing attacks on your infrastructure. Further details can be found in the Phishing Documentation.

NodeZero Runner: Auto-restart Feature

With h3-cli, it's now straightforward to register the NodeZero Runner as a system service using systemd, a common service manager for modern Linux systems. Once set up, systemd ensures the Runner restarts automatically after system reboots. More information available here.

Enhanced Single Sign-On

Our enhanced Single Sign-On process for Private SSO accommodates users of all OIDC-based SSO solutions, streamlining the setup process for organizational SSO capabilities. For detailed guidance, see the SSO Documentation

Updated Executive Summary PDF

The Executive Summary PDF has been updated for improved readability and presentation, including Co-Branding Support. It now features an "Exposure Score" summary and content alignment with Portal results.

Data Discovery Capabilities

Horizon3.ai defines “Protected Data” as specific, typically sensitive, data types that are attractive targets for malicious actors if accessible.

NodeZero is equipped to scan for various types of PII/PCI. These “protected data items” will be reflected in the Data Tab of your pentest results.

Discovered Data Types
US Passport Number
US Tax ID Number
Credit Card Number
ABA Routing Number
US Social Security Number

New Attack Content

  • Azure VM Access: With compromised Azure credentials, NodeZero now lists all accessible Azure virtual machines. It can also attempt code execution on these virtual machines and access files in Sharepoint and OneDrive.
  • AWS Database Enumeration: We've enhanced NodeZero with the ability to detail DynamoDB permissions associated with AWS users.
  • Adobe ColdFusion Pre-Authentication RCEs: NodeZero identifies and exploits pre-authentication remote code execution vulnerabilities in Adobe ColdFusion versions 2018, 2021, and 2023. Associated CVEs are CVE-2023-29300, CVE-2023-38203, CVE-2023-38204, and CVE-2023-38205.
  • Citrix Exploit: NodeZero can now exploit CVE-2023-3519 to achieve remote code execution on Citrix devices configured as gateways.
  • Log4shell Implant Module: This new module is effective against both the log4shell vulnerability and general JNDI exploits, including ColdFusion RCE.
  • H2 Embedded Database Exploit: Added H3-2023-0028, targeting misconfigurations in databases with H2 embedded appliances.
  • Kong Gateway Vulnerability: NodeZero can now exploit CVE-2020-11710, an unauthenticated RCE vulnerability affecting Kong Gateways.
  • Enhanced Password Spray Modules: These modules have been upgraded to use usernames extracted from injected credentials.

Additional Enhancements

  • Removed the “Go to Legacy Portal” button.
  • Introduced sorting and filtering capabilities for the "Pentests - Scheduled Group View".
  • Updated the “Hosts Count” card on the summary page to display “Compromised / Total Hosts”.
  • Enhanced sorting and filtering for the "Weaknesses - Grouped by ID View".
  • Optimized the 1-click verify experience on the summary page for 1-click verified pentests.
  • Improved the sub-navigation in pentest details to adapt to various screen sizes.
  • Incorporated filtering for Notable Events within the Real-Time View.
  • Introduced a "Filter by Signed/Not Signed" option in the Certificates tab.

Bug Fixes

  • Enhanced exception handling for communication errors in dig when targeting non-DNS servers with an open port 53.
  • Improved services discovery using DNS SRV records by adding additional ports and exception handling.
  • Strengthened error handling for unexpected output during anonymous LDAP server queries.
  • Resolved an issue in the Log4Shell post-exploit module related to Nuclei template parsing.
  • Updated reference links in some Fix Actions to correct dead links.
  • Eliminated false positives in the credential verification module.
  • Addressed a Cyanide issue where it would fail silently if Responder couldn't bind to an already occupied listening port on the NodeZero host.
  • Rectified a regression issue in the SMB credential verification analyzer.
  • Refined DNS reconnaissance to enhance the consistency of DNS enumeration results.
  • Introduced UDP scanning in Zmap for improved host discovery within networks.
  • Horizon3.ai Remote Access Tool (RAT) Enhancements:
    • Improved implant stability by isolating modules.
    • Refined command and control communication processes.