How do we start a Horizon3.ai NodeZero trial (“GO HACK YOURSELF”) and what do we need to prepare internally?
Autonomous Pentesting Platforms

How do we start a Horizon3.ai NodeZero trial (“GO HACK YOURSELF”) and what do we need to prepare internally?

10 min read

For most security teams, the hardest part of “hacking yourself” isn’t interest or intent—it’s knowing how to begin and what to line up internally so the first test is safe, fast, and valuable. A NodeZero trial from Horizon3.ai is designed to make that first step straightforward, with minimal setup and no long deployment projects. This guide walks through how to start a Horizon3.ai NodeZero trial (“GO HACK YOURSELF”) and what you should prepare inside your organization before you launch.

What is a Horizon3.ai NodeZero trial?

A NodeZero trial is a time‑boxed engagement where you use Horizon3.ai’s Autonomous Pentesting™ platform to safely attack your own environment. The goal is to:

  • Identify real, exploitable attack paths
  • Validate which weaknesses actually matter (not just theoretical CVEs)
  • Measure your current security posture
  • Build a repeatable, automated pentesting motion

You can run:

  • Internal Autonomous Pentesting™ from inside your network
  • External tests from the Horizon3.ai cloud against your internet-facing assets
  • Password audits and other targeted operations

The experience is designed to be low-friction: you can set up and run meaningful tests quickly, then use the findings to improve controls and validate fixes.

High-level steps to start a NodeZero trial

At a glance, the process looks like this:

  1. Engage Horizon3.ai to request a trial or “GO HACK YOURSELF” engagement
  2. Define scope and objectives for your first test
  3. Prepare internal approvals and communications
  4. Set up the NodeZero test host (for internal tests) or confirm external scope
  5. Configure your test in the NodeZero platform
  6. Launch the test and monitor execution
  7. Review results, prioritize remediation, and retest

The sections below break down each step and the internal preparation required.

Step 1: Engage Horizon3.ai and request a trial

To start, connect with Horizon3.ai through one of these paths:

  • Sales / Trial Request Forms on the Horizon3.ai website (e.g., cloud pentesting, compliance, or general “contact us” flows)
  • Email or phone outreach:
    • General / HR: hr@horizon3.ai
    • Public Relations: press@horizon3.ai
    • Phone: 650-445-4457

Typical form fields you’ll need to provide include:

  • First and last name
  • Business email
  • Job title / role
  • Company name
  • Number of employees (e.g., 0–499, 500–999, 1000–4999, 5000–9999, 10000–24999, 25000+)
  • How you plan to use NodeZero:
    • Securing your own organization’s network
    • Protecting client networks (MSSP)
    • Partnering as an authorized NodeZero reseller
    • Other

Internally, decide who will be the primary point of contact (POC) for the trial—usually someone in security engineering, blue team operations, or a technical security lead.

Step 2: Define scope and objectives before you “GO HACK YOURSELF”

Before you run any tests, clarify what you want from this trial and what’s in scope. This will drive how you configure NodeZero and how you measure success.

Key objectives to consider

Common trial goals include:

  • Validate exposure of critical business systems
  • Assess internal lateral movement and privilege escalation risks
  • Test password hygiene (weak, reused, or default credentials)
  • Support compliance efforts (e.g., preparing for PCI, SOC 2, ISO 27001)
  • Evaluate NodeZero as an MSSP offering for client testing

Agree on 1–3 primary objectives so that the trial is focused and measurable.

Scoping your first test

Decide what you’ll allow NodeZero to target:

  • Internal scope:
    • Specific subnets or VLANs
    • Key server segments (AD, core apps, databases)
    • Test / staging environments vs. production
  • External scope:
    • Public IP ranges and domains
    • Externally exposed apps, VPN portals, etc.
  • Credentials:
    • Credentialed vs. uncredentialed tests
    • Test accounts vs. production credentials (where appropriate)

Document what’s in scope, what’s explicitly out of scope, and any schedule constraints (e.g., “No testing during month-end close of our ERP system”).

Step 3: Prepare internal approvals and stakeholder alignment

An autonomous pentest, even when safely executed, touches multiple internal stakeholders. Preparing them in advance avoids confusion and “false positive” incident response.

Identify stakeholders

Common groups to brief:

  • Security / SOC – so alerts can be correlated to the NodeZero test
  • Network operations – aware of scanning and traffic patterns
  • System / application owners – understand potential impact and timing
  • IT leadership / CISO – sponsor, approve scope, and own risk decisions
  • Legal / Compliance / Risk – ensure testing aligns with policies and contracts

Approvals and documentation

Internally, you may need:

  • A written test plan summarizing:
    • Objective
    • Scope (IPs, domains, environments)
    • Time window
    • Contact information
  • Formal approval from security leadership or the CISO
  • Change management tickets if your organization requires them for security testing

Clarify how incident responders should treat alerts during the test: do they fully respond, observe-only, or a blend (respond if certain thresholds are met)?

Step 4: Prepare the technical environment

NodeZero is built for minimal setup, but there are still a few technical preparations that make your trial smoother and more effective.

4.1 Choose test type: internal vs. external

You can run:

  • Internal Autonomous Pentesting™
    • Requires a local host (Docker or OVA) within your network
    • Best for simulating an attacker who has an internal foothold
  • External tests
    • Automated from the Horizon3.ai cloud
    • No local setup needed
    • Best for evaluating your internet-facing attack surface

For many organizations, the ideal trial includes one internal and one external test to cover both perspectives.

4.2 Set up your internal test host

For internal tests, NodeZero uses a local execution host:

  • Options:
    • Free Docker host
    • Open Virtualization Appliance (OVA) for hypervisor environments

You can set it up in minutes:

  1. Provision a VM or server that meets basic system requirements (CPU, RAM, disk, and network connectivity).
  2. Install Docker or import the OVA, as directed.
  3. Copy and paste the execution script provided by Horizon3.ai into the host.
  4. Confirm connectivity from the host to:
    • Your internal network targets (per scope)
    • The Horizon3.ai control plane (for coordination and reporting)

No long-term agents are installed; the host is used to run the test and then can be decommissioned as desired.

4.3 Prepare for external tests

For external tests, Horizon3.ai uses:

  • Dedicated, ephemeral resources spun up in an isolated virtual private cloud network
  • A one-time-use architecture for each test, ensuring clean, isolated execution

You generally do not need any infrastructure setup. Just:

  • Confirm your public IP ranges, domains, and any cloud assets in scope
  • Ensure that your SOC and firewall teams know to expect inbound scanning from Horizon3.ai’s testing infrastructure during the scheduled window

Step 5: Align risk thresholds and “safety rails”

NodeZero is designed with safe execution defaults, and you can further tune behavior to match your risk tolerance and business needs.

Areas to discuss and configure internally:

  • Allowed exploitation types
    • Are denial-of-service (DoS)-like techniques allowed?
    • Are password spraying or brute force attempts allowed on production logins?
    • Are phishing or social engineering tests part of this scope (often separate)?
  • High-risk systems
    • Systems where only passive checking is allowed (e.g., legacy OT devices, fragile databases)
    • Systems where no testing is allowed, even indirectly
  • Time windows and rate limits
    • When testing can occur (business hours vs. off-hours)
    • Any bandwidth or request-rate limitations you want to impose

Horizon3.ai’s safe defaults are typically suitable out of the box, but establishing your internal policy before you click “go” reduces friction and uncertainty.

Step 6: Prepare data, credentials, and OSINT (optional but powerful)

NodeZero can work in a fully black-box mode, but you’ll get more value if you feed it some context.

Credentials and accounts

Decide if you’ll:

  • Provide test credentials for:
    • Active Directory or identity providers
    • Key applications
  • Run password audits:
    • Using password hashes from your directory
    • Assessing complexity and reuse patterns

Clarify internally:

  • Who approves sharing credentials with NodeZero
  • Whether service accounts, admin accounts, or only standard user accounts may be used

Open-source intelligence (OSINT)

You can optionally provide or confirm:

  • Domains and subdomains known to be associated with your organization
  • Cloud environments (AWS, Azure, GCP accounts, etc.)
  • Publicly known IP ranges

NodeZero can incorporate OSINT to better simulate how a real attacker would discover and profile your organization before exploiting weaknesses.

Step 7: Configure and launch your NodeZero test

Once approvals are in place and the environment is ready:

  1. Sign in to the NodeZero platform
  2. Create a new operation:
    • Choose type: internal Autonomous Pentesting™, external test, password audit, etc.
    • Define scope and constraints (targets, disallowed segments, time window)
    • Select exploitation types and safety options (following your policy)
  3. If internal:
    • Confirm your Docker/OVA host is connected and ready
  4. If external:
    • Verify your public assets are correctly defined
  5. Schedule the test:
    • Run immediately, or
    • Schedule during an agreed maintenance / low-impact window

You can run tests:

  • From any network, with or without credentials, depending on how you configure them
  • As one-off engagements or on a recurring schedule once the trial transitions into regular use

Step 8: Monitor execution and coordinate with the SOC

During the test:

  • The NodeZero engine will autonomously discover, analyze, and exploit within your configured scope
  • It will chain findings into attack paths that show how an attacker could move from initial access to impactful objectives

Internally:

  • Keep your SOC / monitoring teams informed:
    • Tag alerts generated during the test
    • Confirm that suspicious activity from the NodeZero infrastructure is expected
  • Have on-call contacts available in case:
    • A system behaves unexpectedly
    • A potential performance issue is observed

Because tests are executed from dedicated, ephemeral resources in an isolated VPC, each operation is cleanly segmented and easy to correlate.

Step 9: Review results, remediate, and retest

Once the test completes:

  1. Review findings and attack paths
    • Start with high-impact, low-effort fixes
    • Focus on misconfigurations and credential issues that enable broad compromise
  2. Map findings to internal owners
    • Assign actionable remediations to system, network, or application teams
  3. Leverage NodeZero for validation
    • After fixes are applied, rerun targeted operations to confirm that vulnerabilities are truly closed
    • Use repeat testing to demonstrate progress to leadership and auditors

NodeZero’s model supports continuous improvement—you don’t just find issues once; you verify that your security posture is getting better over time.

Internal preparation checklist

To make your Horizon3.ai NodeZero “GO HACK YOURSELF” trial successful, use this quick internal checklist:

Governance and approvals

  • Trial sponsor identified (e.g., CISO, Head of Security)
  • Stakeholders informed (SOC, IT, network, app owners, legal/compliance)
  • Scope and objectives documented
  • Written approval and any required change tickets completed

Technical setup

  • Decision made: internal test, external test, or both
  • Internal host prepared (Docker or OVA) if running internal tests
  • Network connectivity from host to targets and Horizon3.ai verified
  • External IPs, domains, and cloud assets inventoried

Risk and safety

  • High-risk systems identified and excluded or restricted
  • Exploitation types and safety options agreed upon
  • Test windows scheduled to avoid key business events

Data and context

  • Credentials, if used, approved and documented
  • OSINT / asset context gathered
  • Plan for password audits (if part of the trial) defined

Execution and follow-up

  • SOC knows when and how the test will run
  • Contacts defined for real-time coordination
  • Post-test review and remediation workshop scheduled

By aligning stakeholders, scoping carefully, and taking advantage of NodeZero’s quick setup—internal Docker/OVA host for internal testing and automated cloud-based execution for external tests—you can run a high-value, low-friction “GO HACK YOURSELF” NodeZero trial that delivers actionable, validated insights into your true security posture.

Back to Autonomous Pentesting Platforms

Keep Reading

More from Autonomous Pentesting Platforms

How do we set up Horizon3.ai NodeZero Tripwires (honeytokens) and where should we place them in AD and cloud?

Read more

Does Horizon3.ai NodeZero have an API/GraphQL or CLI, and how do we integrate results into tickets and reporting?

Read more

How do we enable Horizon3.ai NodeZero Rapid Response for KEVs/zero-days and tune alerts to our environment?

Read more