NetSPI

ATEAM - Azure Resource Attribution via Tenant ID Enumeration At DEF CON 33, NetSPI presented a talk about how Azure resources supporting Entra ID authentication expose tenant IDs, enabling attackers to attribute cloud resources to specific organizations at scal...

New research from NetSPI from
@kfosaaen.bsky.social & Thomas Elling reveals how Azure tenant IDs leaked through Entra ID authentication maps cloud resources to their owners.

Check out the new ATEAM tool for automated discovery.

Full technical breakdown: ow.ly/UOcu50WFzto

New Azure App Services security research by NetSPI's @kfosaaen.bsky.social

TL;DR: Users with Contributor permissions can extract & decrypt authentication tokens to impersonate other users accessing the application.

Read more: ow.ly/tgUA50Wuqpb

#Azure #CloudSecurity

New Vuln Research: NetSPI Principal Consultant Ceri Coburn exposes how Forescout SecureConnector agents can be hijacked via a named pipe vulnerability (CVE-2025-4660), turning endpoint security tools into attacker-controlled C2 channels.

Read more: ow.ly/6hl250WqWrX

Detecting Authorization Flaws in Java Spring via Source Code Review (SCR) Discover how secure code review catches privilege escalation vulnerabilities in Java Spring apps that pentests miss - identify insecure patterns early.

NetSPI Security Consultant Mayuri Bochare has published an insightful deep-dive on securing Java Spring applications through code review.

👉 Read the full article: ow.ly/IWfx50WnoVy

#proactivesecurity #JavaSecurity #SecureCodeReview

Set Sail: Remote Code Execution in SailPoint IQService via Default Encryption Key NetSPI discovered a remote code execution vulnerability in SailPoint IQService using default encryption keys. Exploit details, discovery methods, and remediation guidance included.

NetSPI Principal Security Consultant Jason Juntunen recently published findings on a Remote Code Execution vulnerability in SailPoint's IQService component.

👉 Read the full technical breakdown: ow.ly/GbT150WmgRg

#proactivesecurity #VulnerabilityResearch

Check out this new article published by @kfosaaen.bsky.social!

Microsoft Defender for Identity vulnerability (CVE-2025-26685) allows unauthenticated attackers to capture Net-NTLM hashes and potentially gain AD access. Security tools can become attack vectors - understanding this risk is crucial: ow.ly/UOc050W8inY

NetSPI's Sam Beaumont and Larry Trowell developed RayV Lite—a low-cost laser fault injection tool that makes advanced hardware security testing accessible beyond nation-states using open-source hardware & inexpensive IR-leaking lasers.

➡️ Read the full technical deep-dive: ow.ly/Nqtm50W4fjT

Get the details on how multiple arbitrary SYSTEM file delete flaws (CVE-2025-23009, CVE-2025-23010) can be exploited for privilege escalation. ow.ly/tTLj50W0xWS

✅ SonicWall has patched these issues in NetExtender v10.3.2

NetSPI Agents at BSides Tokyo 2025 Join NetSPI security experts at BSides Tokyo to learn how consumer-grade lasers can replicate nation-state optical hardware attacks.

NetSPI's Sam Beaumont and Larry Trowell will demonstrate how low-cost hardware can be used to execute sophisticated optical attacks on computer chips—attacks previously thought to require nation-state resources at BSides Tokyo on May 17, 2025!

Learn more: ow.ly/CcHM50VPqzU

CVE-2025-27590 – Oxidized Web: Local File Overwrite to Remote Code Execution Learn about a critical security vulnerability (CVE-2025-27590) in Oxidized Web v0.14 that allows attackers to overwrite local files and execute remote code execution.

CVE-2025-27590: Oxidized Web v0.14 vulnerability allows attackers to overwrite local files via /migration page, enabling remote code execution.

Read the article written by NetSPI's Jamie Riden & Jon O'Reilly to highlight the discovery, findings, & remediation of the vulnerability. ow.ly/HLwr50VxKJt

A Not So Comprehensive Guide to Securing Your Salesforce Organization Explore key background knowledge on authorization issues and common bad practices developers may unintentionally introduce in Salesforce Orgs.

The overall attack surface of Salesforce is often overlooked, and the result could be disastrous for your organization. ow.ly/CYZ350VrvEz

NetSPI's Weylon Solis wrote an article that explores authorization issues and common bad practices to avoid. Learn more!

#salesforce #proactivesecurity

CVE-2024-28989: Weak Encryption Key Management in Solar Winds Web Help Desk Learn how an attacker with access to a backup file could potentially recover certain encrypted passwords.

An attacker with access to a Web Help Desk backup file could recover some encrypted passwords stored within it.

NetSPI Principal Security Consultant Jamie Riden wrote to tell about it. Check out his latest blog post to learn more: ow.ly/HFZC50VflwC

Help us define the future of Trustworthy AI by contributing to our expanding benchmarks, from fairness to ethical alignment and beyond. Your insights could drive the next breakthroughs in balancing security and usability. ow.ly/S81y50Ux3nr

Practical Methods for Decapping Chips Discover the intricate process of chip decapping, exposing secrets stored within snuggly layers of industrial epoxy, sleeping in beds of silicon.

NetSPI Security Hardware Pentesting Team gives a starting point for those wanting to learn how to decap chips for optical viewing & reversal of integrated controller.

Read the article: ow.ly/1hmZ50UGU3M

Hijacking Azure Machine Learning Notebooks (via Storage Accounts) Abusing Storage Account Permissions to attack Azure Machine Learning notebooks

How can security gaps can emerge in Azure Machine Learning?

@kfosaaen.bsky.social latest blog covers:

• Code execution via Storage Account permissions
• A privilege escalation bug (now fixed)
• A tool for automating credential dumping

Read the full blog 👉 www.netspi.com/blog/technic...

Tackling AI security and usability challenges requires collaboration across the community. Join us in shaping benchmarks that make AI safer and more effective for everyone. ow.ly/fNbk50UwxCM

#artificialintelligence #LLM #securitybenchmark #proactivesecurity

Exploiting Second Order SQL Injection with Stored Procedures Learn how to detect and exploit second-order SQL injection vulnerabilities using Out-of-Band (OOB) techniques, including leveraging DNS requests for data extraction.

🔍 Exploring Second-Order SQL Injection with Out-of-Band Techniques

NetSPI's Deepak Dhasmana dives into detecting & exploiting second-order SQL injection vulnerabilities.

👉 Check out the blog: ow.ly/gukg50UvMvl

#SQLInjection #penetrationtesting #proactivesecurity

GitHub - NetSPI/Open-LLM-Security-Benchmark Contribute to NetSPI/Open-LLM-Security-Benchmark development by creating an account on GitHub.

What happens when you prioritize security over usability in AI models—or vice versa? Our Open LLM Security Benchmark dives deep into the trade-offs and implications, showcasing why this balance is critical for the future of AI. Access the paper here: ow.ly/zT2g50UsaZH

Balancing Security and Usability of Large Language Models: An LLM Benchmarking Framework Explore the integration of Large Language Models (LLMs) in critical systems and the balance between security and usability with a new LLM benchmarking framework.

Balancing usability and security in deployments introduce new and unfamiliar risks to organizations. NetSPI created an open Large Language Model (LLM) framework to help clarify some ambiguity around LLM security.

Read more about this framework in our most recent article: ow.ly/Nhjs50Usaio