New

Release Notes

The latest releases to the Method platform.

October 6, 2025

Operator can now watch for specific objects to help identify valuable assets within discovered data. During Operation setup, configure Object Watch to look for object types or object property values that align with the Operation’s objectives – for example, configure Operator to indicate when a Credential has been discovered.

Object Watch helps identify important object types or property values.

Operators can now visually explore linked Object discoveries using the graph view that shows related objects.

Objects in Operator can now be explored using a graph of linked objects.

Method has an improved AWS integration to provide a comprehensive inventory of accounts, services, and resources. It covers all major AWS primitives, including identities, networks, and cloud assets, through safe, read-only API calls. With this foundation, users can leverage Method’s blackbox tools and now enumerate Cloud Objects to gain a deeper, end-to-end understanding of their cloud footprint.

Breakdown of the Cloud Enumerate AWS task in Method.

15 updated tools have been released. You can view them in the Tools app in Method.

  1. Updated: AWS API Gateway Enumerate enumerates all the API Gateway instances of an AWS account. This tool is useful for understanding the security rules, policies, and configurations of API Gateway instances in AWS.
  2. Updated: AWS CloudFront Enumerate enumerates all the CloudFront resources of an AWS account. This tool is useful for understanding the content delivery networks, distributions, and caching configurations of CloudFront in AWS.
  3. Updated: AWS EC2 Enumerate enumerates all the EC2 resources of an AWS account. This tool is useful for understanding the compute instances, volumes, and networking configurations of EC2 resources in AWS.
  4. Updated: AWS EKS Creds retrieves the credentials for an EKS cluster. This tool is useful for retrieving the credentials for an EKS cluster in AWS.
  5. Updated: AWS EKS Enumerate enumerates all the EKS clusters of an AWS account. This tool is useful for understanding the security rules, policies, and configurations of EKS clusters in AWS.
  6. Updated: AWS IAM Enumerate enumerates all the IAM resources of an AWS account. This tool is useful for understanding the security rules, policies, and configurations of IAM resources in AWS.
  7. Updated: AWS Lambda Enumerate enumerates all the Lambda functions of an AWS account. This tool is useful for understanding the security rules, policies, and configurations of WAF web ACLs in AWS.
  8. Updated: AWS Load Balancer Enumerate enumerates all the Load Balancer resources of an AWS account. This tool is useful for understanding the traffic distribution, health checks, and target group configurationsof Load Balancers in AWS.
  9. Updated: AWS RDS Enumerate enumerates all the RDS instances of an AWS account. This tool is useful for understanding the security rules, policies, and configurations of RDS instances in AWS.
  10. Updated: AWS Route53 Enumerate enumerates all the Route53 resources of an AWS account. This tool is useful for understanding the DNS configurations, hosted zones, and record sets of Route53 in AWS.
  11. Updated: AWS S3 Enumerate enumerates all the S3 resources of an AWS account. This tool is useful for understanding the storage, permissions, and metadata of S3 buckets in AWS.
  12. Updated: AWS S3 Exposure Scan scans and analyzes public-facing S3 buckets without credentials to determine existence, access controls, directory listings, and anonymous read capabilities. Includes support for parsing various S3 URL formats and inspecting policies and ACLs for potential misconfigurations.
  13. Updated: AWS Security Group Enumerate enumerates all the Security Groups of an AWS account. This tool is useful for understanding the security rules, policies, and configurations of Security Groups in AWS.
  14. Updated: AWS VPC Enumerate enumerates all the VPCs of an AWS account. This tool is useful for understanding the security rules, policies, and configurations of VPCs in AWS.
  15. Updated: AWS WAF Enumerate enumerates all the WAF resources of an AWS account. This tool is useful for understanding the security rules, policies, and configurations of WAF web ACLs in AWS.

September 22, 2025

Available in beta: Sync Issues from Method to your preferred ticketing system using Method’s webhooks integration and SDK.

  • Use Method to set up powerful security automations, then track, assign, and close issues in your favorite project management tool.
  • Easily hop back in to Method to explore assets linked to your issues in Explorer and run operations against them in Operator.

We’ll be expanding the API and SDK over the coming months based on early usage and feedback. Reach out to your Method contact to schedule getting started.

Two new or improved tools have been released. You can view them in the Tools app in Method and try them in Operator.

  1. New: Kerberos Service Ticket exploits resource-based constrained delegation (RBCD), constrained delation, and unconstrained delegation to request service tickets for arbitrary service principle name (SPN) as any domain user enabling service-impersonation based lateral movement and privilege escalation.
  2. New: DCSync emulates a domain controller via MSRPC to pull the domain operating context, allowing full credential exfiltration and permanent domain persistence.

September 8, 2025

Operators can now configure specific risk axes to minimize their risk of detection within a specific Operation. Choose from 11 risk axes that give you granular control over facets such as log noise, network footprint, exfiltration, and more. See the full list in Operator during setup.

Configure risk axes during Operation setup.
Tool configurations that violate risk rules will be prevented from running.

Operators can now set certain targets as No Strike, which restricts tool runs against specific, off-limits targets for the duration of the Operation.

Choose No Strike targets during Operation setup.
Tools will not run against targets on the No Strike List.

Method can now send you alerts in Slack or Microsoft Teams when new Issues are discovered. You can create rules that trigger alerts that meet any of following criteria: environment, issue type, and issue severity.

Configure Alerts in the Admin app.

You can now re-scan for an Issue with one click to see if it is still open. The Issue View will tell you when the issue was last seen. If the Issue hasn’t been seen in the last 24 hours, you will be reminded to check for it again.

A banner will appear for Issues that haven't been seen in over a day.

August 25, 2025

Method’s data exploration has been overhauled with a fluid new experience. Environments, Issues, and Objects open in stacking panels that allow you to quickly navigate from one asset to the next. You can now traverse different paths through your system without switching tabs or losing your place.

Method's new data exploration experience.

Operator’s data exploration has also been revamped, using the same new experience paired with powerful, new capabilities, including: keyword search, flexible filters, and better data presentation to make it easier to see and understand what you’ve found in your operation.

View discovered objects in filterable lists with much more detail.
Drill down into your findings while seeing your exploration history in panels.

Operations now show whether discovered assets are actionable. Tool runs that find actionable data objects will now be distinguished from those that completed without finding actionable data. These changes make it easier to decide which branches in your operation are useful and actionable and which are not.

Executions are grouped by those with actionable and unactionable discoveries.

Operator tools now support granular selection of input objects. You can now select targets for your tool runs more precisely using filters or manual selection.

Filter input objects
Manually select input objects

Easily see related objects on Issue and Object views with the Related Objects graph on Issues and Objects.

Related Objects Graph on an Issue.

Four new or improved tools have been released. You can view them in the Tools app in Method and try them in Operator.

  1. New: Host Discovery Tool performs ping scans against CIDRs / IP addresses. Supports several scan types.
  2. New: SMB Shares Enumeration enumerates SMB shares for access permissions.
  3. New: Web Page Static Asset Takeover Detection identifies stale or unclaimed static assets that are loaded on a user’s webpage that may be vulnerable to takeover.
  4. Improved: Internal Network Pentest and Internal Network Discovery now feature stealth modes to support red team workflows.

August 4, 2025

Issues have been re-imagined from the ground-up with more powerful capabilities and a new design. You can now track Issues by status and perform your issue investigation without leaving the Issue view. Coming soon: viewing the history of an issue and leaving comnments.

New Issue View

You can now auto-generate Issue Reports to share with colleagues who do not have Method access. Issue Reports allow you to share details of the issue such as severity, date discovered, issue description, remediation, and the details of the assets associated with the issue. Coming soon: instructions for the Report recipient to reproduce the issue without needing access to Method.

Generate and edit Reports
Export as PDF

Five new tools have been released. You can view them in the Tools app in Method and try them in Operator.

  1. New: Domain Discover identifies active domains from network applications or IP addresses on on-premise networks.
  2. New: Username Spray attempts to enumerate valid usernames before spraying passwords against them.
  3. New: Password Spray attempts login using a single password on multiple usernames against non-HTTP services to gain initial access.
  4. New: LDAP Domain Dump enumerates users, groups, and relationships from Active Directory using LDAP domain enumeration.
  5. New: SMB Credential Dump uses valid admin credentials to access system security databases on Windows systems and extract password hashes and secrets.

July 21, 2025

Five new or improved tools have been released. You can view them in the Tools app in Method.

  1. New: Web CVE Scan scans web applications to identify known vulnerabilities from the last 25 years of CVEs.
  2. New: Web Technology Scan identifies known vulnerabilities in specific types of web servers.
  3. New: Web Misconfiguration Scan identifies misconfiguration in web applications. (Currently limited to headers with expansion coming soon.)
  4. Improved: Web WAF (Web Application Firewall) Detect detects which WAF is protecting web applications and web endpoints. Now has significantly better accuracy.
  5. Improved: Web DAST (Dynamic Application Security Testing) has been improved with expanded injection types, allowing you to detect more classes of exploitable vulnerabilities than before.

July 7, 2025

Bastion 2.0 is released. Use Bastion to evaluate your cross-environment defenses and to drill-down into any risk across your environments. Use the Scorecard tab to see your healthiest, riskiest, and most active environments. Use Risk Types to explore risk patterns that cross-environments. Drill down into any environment to see the specifics of its issues and assets.

Bastion Scorecard
Bastion Risk Types

Environment views have been expanded and refreshed. You can now explore the Latest issues and New assets, risk patterns across the assets, track inventory in the environment, and more.

New environment detail view

The Issue Inbox now supports better filtering. Explore issues by issue severity, issue tag, and environment.

The updated Inbox

Method Documentation now includes Guides. Guides are short tutorials to make you maximally effective when using Method. The first set of guides covers Bastion, Reaper, Explorer, Inbox, and Automator. Check them out here.

June 23, 2025

Tool selection and configuration in Operator is smarter and easier to use. Only tools that are available for use (with valid inputs available) appear as options. The tool configuration form is redesigned, with better explanations and labels. Use the Preview panel to preview the executions before they run.

New Tool Config in Operator

Operator’s AI Copilot has even deeper knowledge of Operation context and general security understanding.

Method has a new Homepage. Follow high-level metrics, kick off a search, and easily hop into any application.

Activity, Test Cases, and Tasks have a new home in the Automator app. Automator is the one-stop shop for all automations in the platform.

June 9, 2025

Reaper now supports Adversary Emulation. Create an Adversary in the Reaper app, then run adversary emulation operations in Operator. The Operator AI will use Adversary details to build its attack plan.

Adversary Profiles in Reaper