Major Features / Enhancements
New Test Type: Phishing
It’s here! Introducing the ability to simulate the effects of successful phishing campaigns within internal pentests. This provides a tangible insight into the potential consequences of phishing attacks on your infrastructure. Further details can be found in the Phishing Documentation.
NodeZero Runner: Auto-restart Feature
h3-cli, it's now straightforward to register the NodeZero Runner as a system service using
systemd, a common service manager for modern Linux systems. Once set up, systemd ensures the Runner restarts automatically after system reboots. More information available here.
Enhanced Single Sign-On
Our enhanced Single Sign-On process for Private SSO accommodates users of all OIDC-based SSO solutions, streamlining the setup process for organizational SSO capabilities. For detailed guidance, see the SSO Documentation
Updated Executive Summary PDF
The Executive Summary PDF has been updated for improved readability and presentation, including Co-Branding Support. It now features an "Exposure Score" summary and content alignment with Portal results.
Data Discovery Capabilities
Horizon3.ai defines “Protected Data” as specific, typically sensitive, data types that are attractive targets for malicious actors if accessible.
NodeZero is equipped to scan for various types of PII/PCI. These “protected data items” will be reflected in the Data Tab of your pentest results.
|Discovered Data Types|
|US Passport Number|
|US Tax ID Number|
|Credit Card Number|
|ABA Routing Number|
|US Social Security Number|
New Attack Content
- Azure VM Access: With compromised Azure credentials, NodeZero now lists all accessible Azure virtual machines. It can also attempt code execution on these virtual machines and access files in Sharepoint and OneDrive.
- AWS Database Enumeration: We've enhanced NodeZero with the ability to detail DynamoDB permissions associated with AWS users.
- Adobe ColdFusion Pre-Authentication RCEs: NodeZero identifies and exploits pre-authentication remote code execution vulnerabilities in Adobe ColdFusion versions 2018, 2021, and 2023. Associated CVEs are CVE-2023-29300, CVE-2023-38203, CVE-2023-38204, and CVE-2023-38205.
- Citrix Exploit: NodeZero can now exploit CVE-2023-3519 to achieve remote code execution on Citrix devices configured as gateways.
- Log4shell Implant Module: This new module is effective against both the log4shell vulnerability and general JNDI exploits, including ColdFusion RCE.
- H2 Embedded Database Exploit: Added H3-2023-0028, targeting misconfigurations in databases with H2 embedded appliances.
- Kong Gateway Vulnerability: NodeZero can now exploit CVE-2020-11710, an unauthenticated RCE vulnerability affecting Kong Gateways.
- Enhanced Password Spray Modules: These modules have been upgraded to use usernames extracted from injected credentials.
- Removed the “Go to Legacy Portal” button.
- Introduced sorting and filtering capabilities for the "Pentests - Scheduled Group View".
- Updated the “Hosts Count” card on the summary page to display “Compromised / Total Hosts”.
- Enhanced sorting and filtering for the "Weaknesses - Grouped by ID View".
- Optimized the 1-click verify experience on the summary page for 1-click verified pentests.
- Improved the sub-navigation in pentest details to adapt to various screen sizes.
- Incorporated filtering for Notable Events within the Real-Time View.
- Introduced a "Filter by Signed/Not Signed" option in the Certificates tab.
- Enhanced exception handling for communication errors in
digwhen targeting non-DNS servers with an open port 53.
- Improved services discovery using
DNS SRVrecords by adding additional ports and exception handling.
- Strengthened error handling for unexpected output during anonymous LDAP server queries.
- Resolved an issue in the Log4Shell post-exploit module related to Nuclei template parsing.
- Updated reference links in some Fix Actions to correct dead links.
- Eliminated false positives in the credential verification module.
- Addressed a Cyanide issue where it would fail silently if Responder couldn't bind to an already occupied listening port on the NodeZero host.
- Rectified a regression issue in the SMB credential verification analyzer.
- Refined DNS reconnaissance to enhance the consistency of DNS enumeration results.
- Introduced UDP scanning in Zmap for improved host discovery within networks.
- Horizon3.ai Remote Access Tool (RAT) Enhancements:
- Improved implant stability by isolating modules.
- Refined command and control communication processes.