Portal
Note
NodeZero Web UI will be commonly referred to as simply Portal.
Helpful resources pertaining to Horizon3.ai products and services:
Test Types
NodeZero provides several types of penetration tests:
Infrastructure Attack Surface Tests
NodeZero's Infrastructure Attack Surfaces tests are NodeZero's autonomous network penetration tests. These all-inclusive tests are deployable from various perspectives and identify attack paths across on-premise, hybrid-cloud, perimeter, and cloud networks.
- Internal Pentest - A pentest run against an internal network. NodeZero is deployed on a Docker host within your private network.
- External Attacks - NodeZero runs from the Horizon3.ai cloud and tests your public-facing or external assets.
- Kubernetes Pentest - Deploy NodeZero directly into a Kubernetes cluster, either on-prem or in the cloud, to pentest its security controls and vulnerabilities.
Identity Attack Surface
NodeZero's Identity Attack Surface tests find and exploit real-world attack-paths and vulnerabilities in IAM controls and platforms.
- AWS Pentest - NodeZero uses a privileged role in your AWS account to discover vulnerabilities and misconfigurations.
- Azure Entra ID Pentest - NodeZero runs on a docker host within your private network to discover and assess attack paths within your hybrid Entra ID environment.
- Active Directory Password Audit - Audit your users' Active Directory Passwords. NodeZero will reveal weak, breached, and re-used passwords.
Operational Scenario Testing
NodeZero's Operational Scenario tests are used to validate your organization's security readiness by using real-world attack techniques to tests its resilience to operational scenarios.
- Segmentation Testing - Discover your internal attack surface. NodeZero enumerates IPS, ports, services and applications within your network.
- Phishing Pentest - use NodeZero to measure the impact of phishing campaigns by injecting the phished credentials into an internal pentest
- Insider Threat Testing - use NodeZero to validate your organization's security posture against insider threats.
Rapid Response
(Must Opt-In) NodeZero's Rapid Response tests help you stay on top of emerging vulnerabilities. These tests enable you to quickly assess your environment for high-impact N-day vulnerabilities that have been exploited in the wild or are likely to be exploited in the wild. These tests often include custom exploits developed by Horizon3.
- Rapid Response - Displays alerts and tests targeted at specific attacks
Portal Settings
- Setting a Proxy - If your organization utilizes a proxy for external traffic
- Email Notifications - When and why does NodeZero send out emails
- Pentest Templates - How to set up and managing inputs to pentests
- User Management - NodeZero allows users to be added, edited, removed and have their permissions set and changed
- Single Sign On (SSO) - Enable and setup Single Sign On (SSO)
- Identification Provider (IdP) Setup - Guides on setting up an IdP for use with SSO
Additional Features
- Attack Configuration - configure pentest behavior
- Bloodhound - analyze Active Directory information
- Injecting Credentials - run NodeZero from an authenticated perspective
- Schedules - automate scheduling of pentests
- Co-Branding - How to create reports for clients
See navigation pane for the full list of resources.