Headshot of Eric Gruber

Eric Gruber

VP, Services Research

Eric Gruber serves as the VP of Services Research at NetSPI, where he is responsible for enhancing and expanding NetSPI's product capabilities with the research and tooling from the services team. He also serves as the technical director for Attack Surface Management, where he leads its research and technical direction, expands its security capabilities, and manages the operations team that performs continuous testing within it. With over a decade of experience at NetSPI, Eric is a recognized expert in network, web application, thick application, and mobile penetration testing, and he actively contributes to the development of applications and scripts for the company's penetration testing team.

Eric's academic background includes a BS and a Master's degree in Computer Science from the University of Minnesota, with a focus on networking, security, and software engineering. His professional experience encompasses work in the education, information technology, and information security sectors, where he has been involved in designing and developing software, maintaining information systems, and researching security topics.

More by Eric Gruber

Videos & Livestreams

Uncovering the Unseen: Real Stories of Asset Discovery

Securing your environment starts with knowing what you don’t know. Watch this webinar on-demand now for asset discovery stories from the front line.

Learn More
Videos & Livestreams

Mastering the Art of Attack Surface Management

In this webinar, you'll learn from two of our ASM experts, Cody Chamberlain and Eric Gruber, on how to implement a human-first, continuous, risk-based approach to attack surface management.

Learn More
Web Application Pentesting

Anonymous SQL Execution in Oracle Advanced Support

This blog post is a walk through of an anonymous SQL execution vulnerability I discovered in Oracle Advanced Support.

Learn More
Web Application Pentesting

Java Deserialization Attacks with Burp

The recent Java deserialization attack that was discovered has provided a large window of opportunity for penetration testers to gain access to the underlying...

Learn More
Web Application Pentesting

Debugging Burp Extensions

In this blog post, I'm going to walk through how we can setup debugging in Burp and our IDE when we create Burp extensions. Essentially, we are just going to be setting up Java remote debugging.

Learn More
Mobile Application Pentesting

Top 10 Critical Findings of 2014 – Mobile Applications

In this blog post I will cover high level trends and the top 10 critical vulnerabilities we saw in 2014 during mobile applications penetration tests.

Learn More
Thick Application Pentesting

Top 10 Critical Findings of 2014 – Thick Applications

Top 10 critical findings from thick application penetration tests, along with high-level trends and insights for app developers.

Learn More
Web Application Pentesting

Decrypting WebLogic Passwords

The following blog walks through part of a recent penetration test and the the decryption process for WebLogic passwords that came out of it.

Learn More
Network Pentesting

Dumping Git Data from Misconfigured Web Servers

In this blog, I will be walking through ways in which a person can obtain information from a web server that has a publicly available .git directory.

Learn More
Mobile Application Pentesting

Attacking Android Applications With Debuggers

In this blog, I am going to walk through how we can attach a debugger to an Android application and step through method calls by using information gained from first decompiling it.

Learn More
Network Pentesting

Verifying ASLR, DEP, and SafeSEH with PowerShell

PowerShell is a great solution for this because it is a native tool and can tap into the Windows API and carve out information within files. What I’m interested in are the PE (Portable Executable) headers within compiled 32bit and 64bit images.

Learn More
Mobile Application Pentesting

Android Root Detection Techniques

I have taken a look at a lot of Mobile Device Management (MDM) solutions lately to figure out how they are detecting rooted Android devices. In this blog, I will provide a list of packages, files, folders, and commands that I have found to be used in root detection.

Learn More