2023.03
Features / Enhancements
NodeZero
- Added exploits for new weaknesses
- Improved OSINT username collection
Portal
- The New User Experience is now the default interface for NodeZero, providing an intuitive and streamlined experience.
- Existing customers can still access the Legacy Portal via a button in the portal toolbar.
- New customers who sign up after April 1, 2023, will not have the Legacy Portal option.
- Known Issue: Switching between portal versions may cause the page to fail to load intermittently. A hard refresh should resolve this issue.
- Existing customers can still access the Legacy Portal via a button in the portal toolbar.
- New Attack Config options are highlighted for older pentest templates in Run-a-Pentest wizard.
- Added
Quick Run
option for op templates in the new UI. Consulting Plus
andMSSP
Org Admins can now add sub-client users inSettings > Account Management
.- Enhanced IP parsing in pentest scopes to include newlines and comma-delimited input.
- Example:
192.168.0.0/24 192.168.1.0/26 192.168.0.128/25, 192.168.32.4/32 192.168.5.23
- Example:
- Added a Veeam N-Day COA (Course of Action) Card in Pentest Setup Modal to identify exploitable Veeam instances.
- Added bulk 1-Click-Verify option for grouped items by Weakness ID or Host
- Real-Time View (RTV) Enhancements:
- Moved running modules to Command Log view and set as default.
- Added summary count to Notable Events tab.
- Added Impacts and Datastores CSVs to bulk export archive (also available on individual pages).
Bugfixes
NodeZero
- Significantly improved performance for AWS service enumeration
Portal
- Fixed Real Time View bugs where Cyanide credentials and cracked hashes were not surfaced, and Findings counts were shown as 0 in paused ops.
- Corrected data-alignment issue across dashboard charts on main pentests page.
- Fixed issue where "Rerun" option for an external pentest created a new pentest with incorrect type and configuration.