How do we start a Horizon3.ai NodeZero trial (“GO HACK YOURSELF”) and what do we need to prepare internally?
Autonomous Pentesting Platforms

How do we start a Horizon3.ai NodeZero trial (“GO HACK YOURSELF”) and what do we need to prepare internally?

9 min read

Getting started with a Horizon3.ai NodeZero “GO HACK YOURSELF” trial is straightforward, but a bit of upfront planning will help you get maximum value from the engagement. This guide walks through how to start a NodeZero trial and what you should prepare internally before you launch your first test.

What is a Horizon3.ai NodeZero “GO HACK YOURSELF” trial?

A NodeZero trial gives your organization a hands-on way to experience Autonomous Pentesting™ against your own environment. Instead of waiting for a manual penetration test, NodeZero automatically discovers, validates, and chains attack paths using an attacker's mindset.

Key things to know:

  • You choose the operation type: internal Autonomous Pentesting™, external testing, password audits, and more.
  • Internal tests run from a free Docker host or OVA that you deploy inside your environment.
  • External tests are automated from the Horizon3.ai cloud with no internal setup required.
  • Each test uses one-time-use, dedicated, ephemeral resources in an isolated virtual private cloud (VPC), designed for safe execution.

The “GO HACK YOURSELF” approach means you’re proactively looking for real, exploitable weaknesses before adversaries do.

Step 1: Engage Horizon3.ai and request a NodeZero trial

To start a trial, your first step is to connect with Horizon3.ai:

  • Visit Horizon3.ai and navigate to a NodeZero or trial/contact page.
  • Submit the form with:
    • First and last name
    • Business email
    • Job title
    • Company name
    • Number of employees
    • How NodeZero will enhance your security strategy (e.g., securing your own network, protecting client networks as an MSSP, or partnering as a reseller)
    • How many pentests you run annually, if requested

You can also reach out to:

Once your request is reviewed, the Horizon3.ai team will coordinate next steps, which typically include access setup, scoping your first test, and any onboarding sessions.

Step 2: Decide what you want to test in your NodeZero trial

Before you launch anything, decide what “success” looks like and what you want NodeZero to focus on.

Questions to align on internally:

  • Environment focus
    • Internal network (workstations, servers, AD, internal apps)?
    • External attack surface (internet-facing apps, VPN, email gateways, cloud endpoints)?
    • Specific segments (e.g., production vs. staging, data center vs. branch offices)?
  • Use case
    • Validating your current security controls and configurations?
    • Supporting compliance (e.g., PCI, SOC 2) with more frequent pentesting?
    • Assessing client environments (for MSSPs) or preparing to resell NodeZero?
  • Risk priorities
    • Business-critical apps or data stores
    • Identity and access paths (AD, SSO, VPN)
    • Ransomware and lateral movement risk
  • Frequency and scale
    • Single proof-of-concept engagement vs. multiple tests over the trial period

Document your objectives and target scope. This will guide how you configure NodeZero and how you interpret the results.

Step 3: Prepare stakeholders and approvals

Even though NodeZero is designed for safe execution, you should treat the trial like you would any penetration test.

Align the following stakeholders:

  • Security / InfoSec team
    • Owns the security use case, test scope, and risk decisions.
  • IT / Infrastructure / Network teams
    • Provides visibility into network topology, critical systems, change windows, and monitoring.
  • Application owners
    • For critical apps or services that may be in scope.
  • Management / compliance
    • To confirm that Autonomous Pentesting™ aligns with policy and compliance needs.

Consider documenting:

  • Formal approval for the trial and for ethical hacking of your own assets.
  • Change window or maintenance window if you want to minimize impact on business hours.
  • Communication plan so SOC/NOC teams are aware that a test is running and don’t treat it as an unknown live attack.

Step 4: Inventory and define your test scope

A well-defined scope helps you get meaningful insights quickly while keeping risk controlled and manageable.

Clarify:

  • In-scope assets
    • IP ranges, domains, subnets, or specific hosts
    • Cloud accounts or regions (if applicable)
    • Identity providers, AD domains, VPN entry points
  • Out-of-scope assets
    • Sensitive systems that cannot tolerate testing (e.g., some OT, legacy, or fragile systems)
    • Third-party-hosted services where you do not have authorization to test
  • Access model
    • Unauthenticated (external attacker perspective)
    • Authenticated (using credentials or keys you choose to provide for deeper coverage)
  • Testing windows
    • During business hours (to see how defenses respond in realistic conditions)
    • Off-hours (to minimize operational noise)

Share this scope with Horizon3.ai during onboarding so they can help you align NodeZero configuration with your goals.

Step 5: Prepare for an internal Autonomous Pentesting™ operation

If you want to test your internal environment during the trial, you’ll run NodeZero from your own network using a lightweight host.

Choose your internal host option

NodeZero supports:

  • Free Docker host
    • Good for organizations with existing container infrastructure or Linux servers.
  • Open Virtualization Appliance (OVA)
    • Ideal for VMware or other virtualization platforms where you can quickly deploy a VM.

Both options are designed to be set up in minutes.

Prepare the host environment

Before you install:

  • Identify a VM or host in a network segment from which NodeZero can reach your in-scope assets.
  • Ensure the host meets basic resource requirements (CPU, memory, disk, network connectivity).
  • Confirm network egress to the Horizon3.ai cloud if required for coordination and reporting.
  • Check any egress controls, proxies, or firewalls that might block communication.

Plan for quick setup

Internal tests are initiated via a simple copy‑and‑paste execution script:

  • You’ll receive the script from the NodeZero platform once your account is set up.
  • You paste and run this script on the Docker host or OVA.
  • NodeZero then autonomously handles the test from that host, leveraging the one-time-use architecture for safety and isolation.

Because setup is so quick, you can often deploy and run your first internal test within a single working session.

Step 6: Prepare for an external NodeZero test

If your priority is the external attack surface, you can run tests directly from the Horizon3.ai cloud without deploying a host inside your environment.

To prepare:

  • Confirm the domains, IPs, and cloud assets that are owned by your organization.
  • Ensure DNS records are accurate so NodeZero can correctly identify and reach your assets.
  • Coordinate with your SOC, MSSP, or upstream providers so they know the activity is authorized.
  • Confirm that your external-facing systems (WAF, IPS, DDoS protection) will not automatically block or throttle NodeZero in a way that prevents meaningful testing—unless that behavior is something you specifically want to evaluate.

Because external tests are fully automated from the cloud, you can often schedule and launch them with no internal infrastructure setup.

Step 7: Gather credentials and OSINT (optional but recommended)

NodeZero can operate both with and without credentials.

To increase coverage and realism:

  • Optional credentials
    • Test accounts for Active Directory / LDAP
    • VPN, SSO, or application user accounts
    • Cloud IAM credentials with well-defined roles
  • Open-source intelligence (OSINT)
    • Public domains and subdomains
    • Public code repositories and documentation
    • Any known leaked credential data you want to validate

During test configuration, you can customize with OSINT and select exploitation types that align with your risk tolerance and objectives, using defaults designed for safe execution as a baseline.

Step 8: Review safety, rules of engagement, and monitoring

Before you hit “launch,” finalize your rules of engagement:

  • Safety settings
    • Leverage NodeZero’s defaults, which are designed for safe execution.
    • Decide whether to enable or restrict certain exploitation types (e.g., heavy brute forcing, high-load scanning, or destructive actions).
  • Impact-sensitive systems
    • Confirm any systems that must be excluded or treated with extra caution.
  • Monitoring
    • Inform SOC/NOC so they can tag and analyze NodeZero activity.
    • Verify logging is enabled on endpoints, firewalls, and SIEM to capture test behavior.

This ensures your trial focuses on meaningful attack paths without unintentionally disrupting business operations.

Step 9: Launch your first NodeZero test

Once your setup and planning are complete, you’re ready to launch.

From the NodeZero platform:

  1. Create a new operation
    • Choose the operation type: internal Autonomous Pentesting™, external testing, password audits, etc.
  2. Configure scope and settings
    • Define targets, credentials (if any), and OSINT.
    • Select exploitation types, leaving safety defaults in place unless you have a specific reason to change them.
  3. Schedule or start immediately
    • You can run on-demand or schedule tests to run at specific times.
    • NodeZero will provision dedicated, ephemeral resources in an isolated VPC for your operation.

Once started, NodeZero executes autonomously, discovering, exploiting, and chaining weaknesses while capturing detailed evidence.

Step 10: Plan how you’ll consume and act on the results

The real value of a “GO HACK YOURSELF” trial comes from how quickly you can use findings to improve your security posture.

Prepare in advance:

  • Who will review the results?
    • Security engineers, vulnerability management teams, system owners, and management.
  • How will you prioritize issues?
    • Focus first on exploitable attack paths to crown jewels, then on high-risk misconfigurations and credential issues.
  • How will you validate fixes?
    • Use NodeZero’s ability to re-test quickly, so you can immediately confirm that your remediation actions are effective.
  • How will you communicate outcomes?
    • Summarize key findings, attack paths, and remediation progress for leadership and compliance stakeholders.

Creating this workflow before you launch ensures the trial doesn’t just generate data—it generates measurable improvements.

Internal preparation checklist for a NodeZero “GO HACK YOURSELF” trial

Use this condensed list to verify readiness before you start:

  • Management and security leadership have approved the trial.
  • Scope, risk tolerance, and rules of engagement are defined.
  • Internal stakeholders (IT, SOC, app owners) are informed.
  • In-scope and out-of-scope assets are documented.
  • Decision made: internal test, external test, or both.
  • Internal host option selected (Docker or OVA) and network placement decided.
  • Network paths and egress connectivity requirements are validated.
  • Optional credentials and OSINT sources are gathered.
  • Monitoring and logging are prepared to observe NodeZero activity.
  • A remediation and re-testing plan is in place.

With these steps completed, you’ll be ready to launch a Horizon3.ai NodeZero “GO HACK YOURSELF” trial that safely emulates real-world attackers, delivers actionable findings, and fits smoothly into your existing security program.

Back to Autonomous Pentesting Platforms

Keep Reading

More from Autonomous Pentesting Platforms

How do we set up Horizon3.ai NodeZero Tripwires (honeytokens) and where should we place them in AD and cloud?

Read more

Does Horizon3.ai NodeZero have an API/GraphQL or CLI, and how do we integrate results into tickets and reporting?

Read more

How do we enable Horizon3.ai NodeZero Rapid Response for KEVs/zero-days and tune alerts to our environment?

Read more