“Who cares that the intern was phished during our phishing campaign? It’s an intern, they don’t have access to anything important.”
As a security practitioner, that mindset among business leaders drove me nuts. There are many ways a credential as innocuous as an intern’s could be used by an attacker to compromise a domain or gain access to sensitive data, but it was very difficult to articulate the “blast radius” of a phished credential.
That’s why I’m really excited to launch the new Phishing test type within NodeZero…
- A user sets up a phishing campaign using KnowBe4, Proofpoint, Mimecast or other phishing test tools.
- That user adds a few lines of javascript generated by NodeZero to their phishing page.
- Credentials caught by KnowBe4 are automatically injected into a running NodeZero pentest via the javascript copied into the phishing page.
- NodeZero then uses those phished credentials as part of its attack, finding ways to chain together credentials, misconfigurations, CVEs, and dangerous product defaults to achieve a technical objective (e.g. Domain Compromise, Sensitive Data Exposure, etc).
- The user gets a detailed report of the blast radius for every credential phished by the KnowBe4 campaign.
The NodeZero Phishing Impact test is first-to-market and gives you the ammunition required to drive meaningful improvements to the credential attack surface of your organization.
“Actually boss, the intern’s credentials enabled the attacker—NodeZero—to gain access to our sensitive financial data. Take a look for yourself…”
How can NodeZero help you?
Let our experts walk you through a demonstration of NodeZero, so you can see how to put it to work for your company.