Skip to content

2024.05

Features/Enhancements

Rapid Response Alert Center

  • NodeZero Rapid Response: Introduces a Rapid Response Center in the portal for early alerts and actionable intelligence. This feature allows organizations to proactively tackle emerging cyber threats.
    • Alerts and Actions: Org Admins receive emails detailing affected assets by IP, Domain, or Hostname, the specific operations involved, and recommended actions.
    • Single-exploit Deployment: Conduct tests on emerging threats directly from the Rapid Response center.
    • Activity Tracking: Monitor both real-time and historical Rapid Response activities within the dedicated center.

Phishing Pentest Summary Enhancements

  • Visual Metrics: New Exposure Level and Phishing Impact Score charts enhance visual feedback on pentest status.
  • Phishing Sankey Chart: Visualizes connections between top phished credentials and their impacts.
  • Pictogram Visualization: Displays the ratio of phished to validated credentials, indicating their active usage in the environment.

Template Management Enhancements

  • Schedule UI: Enhanced the Schedule selection UI in the template management form to include options for Weekly, Monthly, Quarterly, or Custom cadences.
    Schedule Screenshot

  • Custom Scheduling: Custom options allow for specifying the "Nth" weekday for monthly or quarterly schedules. Custom Scheduling Cadence

New Attack Content

  • RAT Enhancements: Advanced local system scans for sensitive configurations and files.
  • Exchange ProxyNotShell Vulnerabilities (CVE-2022-41040, CVE-2022-41082): Authenticated RCE facilitates the implantation of NodeZero RAT via PowerShell on vulnerable servers.
  • ColdFusion Deserialization Vulnerability (CVE-2023-44353): Targets deserialization vulnerabilities to uncover potentially sensitive data.
  • BloodHound CE Update: Integration of the latest versions of BloodHound and AzureHound compatible with BloodHound CE.
  • Newly Supported Vulnerabilities: The following vulnerabilities, identified and disclosed by Horizon3.ai researchers, have been responsibly reported and subsequently integrated into the product:
    • FortiSIEM RCEs: CVE-2023-34992 and CVE-2024-23108. For more details, see our Attack Team blog
    • HuggingFace Gradio CVEs: CVE-2023-51449 and CVE-2023-34239 (Local File Inclusion vulnerabilities), and CVE-2024-34510 (Windows credential leak).
    • Traccar GPS Software: CVE-2024-31214 allows RCE via default credentials or self-signup using device image file uploads.

Fixed Bugs

  • Fortinet Version Parsing: Corrected version parsing for CVE-2024-48788.