Skip to content

2025.03

Features & Enhancements

Subclient Management for MSPs

  • Subclient Creation & Allocation: MSPs using asset-based SKUs can now create subclients and allocate features (Insights, Tripwires, Rapid Response) in a single step.
  • Subclient Deletion & Asset Reclamation: Assets tied to deleted subclients will now be recoverable after a 60-day lockout period. Deleted subclients appear in the UI with a countdown timer showing when assets will be returned.

Kubernetes Operator Upgrade

  • Improved Asset Matching: The upgraded Operator now performs deeper introspection into Kubernetes pods for improved IP and hostname visibility during pentests.
  • Upgrade Guidance: Users with older Operators will be prompted in-app to upgrade with a guided script and Helm chart download.

MFA Login Improvements

  • Streamlined Setup: Removed redundant MFA challenge during initial login and setup. This change reduces friction for users resetting MFA, beginning free trials, or joining existing organizations.

Runner Enhancements

  • Runner IP Reporting: Runners now report their IP addresses to improve asset attribution. Requires updating the h3-cli, either via GUI, the NodeZero OVA, or the CLI directly.
  • Improved Launch Reliability:
  • Safeguards prevent false “failed to launch” errors.
  • Automatic retry behavior added for Docker mount errors.

Launch Script Update

  • Docker Image Source Migration: NodeZero now defaults to pulling images from AWS ECR to avoid Docker Hub’s rate limits. If ECR is not yet whitelisted, the system will fall back to Docker Hub.

Insights

  • Peer Benchmarking: A new benchmarking view in the Insights dashboard allows organizations to compare their security posture against anonymized peers within the same industry segment.
  • Streamlined Filtering: Insights dashboards now feature simplified filters pinned to the top of the page for easier access.

Attack Graph Enhancements

  • Improved Vector Tracing: Attack graphs have been updated to provide clearer visualization of exploit chains and attack paths, making it easier to trace lateral movement during a pentest.

New Attack Content

RAT Enhancements

  • NodeZero can now:
  • Steal Chrome cookies, even when locked.
  • Decrypt cookies offline to avoid EDR detection.
  • Use decrypted Okta session cookies to hijack valid user sessions.
  • Deploy implants via a new Metasploit integration to expand post-exploitation capabilities.