2025.05

Features & Enhancements

Flex Access introduces a new entry point for organizations beginning their autonomous pentesting journey. Ideal for teams with limited budgets, urgent compliance needs, or one-time testing requirements, Flex provides access to NodeZero^® without the commitment of continuous testing.
Customers can purchase a pool of Flex Assets usable across qualifying operation types throughout the year. Asset usage is calculated per test, without matching across operations.

Peer Benchmarks allow organizations to compare their security posture against anonymized and aggregated industry peers.
These benchmarks are derived from the Horizon3.ai customer base and surface in the Insights section as comparative metrics across impact, remediation rates, and exposure.

A new SMB-based deployment method enables tripwires to be dropped using the Server Message Block protocol.
This method operates in conjunction with the implant (RAT) and increases the likelihood of successful deployment, even in cases where implant execution fails.

NodeZero now uses new, less detectable techniques to dump credentials from SAM and LSA.
These locations represent the most frequently leveraged sources of credentials across all pentests, and the update improves success rates against modern EDR defenses.

RAT Support for AARCH64: The NodeZero Remote Access Tool now supports post-exploitation implants on aarch64 Linux targets, expanding platform compatibility.
Improved RAT Deployment over SSH: Avoids common failure scenarios by evading noexec mount points during deployment. This improves start-up reliability in environments where secure mount options block execution.

MSP parent accounts can now view subclient resources from the parent account.
- This replaces the need to manually switch into each subclient to view certain resources.
- The first components to be visible parent-wide are API Keys and NodeZero Runners, stay tuned for additional resources to be added in future releases!