Skip to content

2024.04

Features/Enhancements

Rapid Response

  • Rapid Response Alert Center: This new feature provides NodeZero platform license holders with early alerts and actionable intelligence, enabling them to counteract emerging cyber threats before they are widely exploited.
  • Rapid Response Tests for External Pentests: Enhancements now allow users to run N-Day tests from an external perspective, focusing on identifying exposed and vulnerable assets.

Azure Support for Injected Credentials

  • Injected Credentials for Azure: Now visible on the Real Time View (RTV) page.
  • Auto-Injected Azure Credentials: Azure credentials can now be automatically injected into scheduled pentests using a NodeZero runner.

Template Management Improvements

  • Schedule UI: Users can now optionally attach a schedule to any template. For internal-type templates, a runner is required if a schedule is used.
  • Auto-Injected Credentials: Now available in the Template Tab UI.
  • Documentation: Comprehensive user documentation for templates is now available on the Templates page.

New Attack Content

  • CVE-2024-1212 Progress Kemp LoadMaster RCE: This vulnerability allows unauthenticated attackers to execute commands remotely due to an authentication bypass.
  • Entra Seamless SSO (Silver Ticket Attack): If NodeZero compromises the AZUREADSSOACC$ account in Active Directory, it can forge fraudulent credentials to log into cloud resources.
  • Azure Instance Metadata Service (IMDS) Queries: Enhanced NodeZero RAT capabilities include querying the Azure Instance MetaData Service (IMDS).
  • AWS RDS Database Enumeration: NodeZero can now enumerate AWS RDS databases, attempt default credentials, and perform database enumeration if valid credentials are found.
  • CVE-2024-3400: This critical, unauthenticated command injection vulnerability affects GlobalProtect in specific configurations and can be tested via targeted N-Day Test or standard internal/external pentest.
  • Detection for CISA KEV CVE-2024-3273 and support for CVE-2023-6975 and CVE-2023-6977 targeting MLFlow version 2.11 and below.

Other Updates & Improvements

  • Fortinet Server SQLi RCE Exploit: Extended to work against targets in version 7.2.X.

Fixed Bugs

  • Resolved an issue where NodeZero incorrectly labeled IP addresses as belonging to a cloud service.