Ethical hacking & pentesting blog

Come for the PoCs and security research focused on new CVEs and stay for the ethical exploitation guides and how-tos our offensive security specialists create.

Pro tips from 10 ethical hackers for stellar reports

The strongest proof of your work and expertize are the pentest reports you deliver. They capture your investigative skills, razor-sharp critical thinking, and creative hacking abilities. So your reports better be great. Looking to impress your team or clients with outstanding pentest reports? You're in luck! Delve into the collective wisdom of 10 seasoned offensive security professionals who've generously shared their insider tips on mastering the art of pentest reporting.

Ioana Rijnetu

Published at: 05 May 2023

19 min read

Pro tips from 10 ethical hackers for stellar reports

Ioana Rijnetu

Published at: 05 May 2023

19 min read

CVE-2023-21716microsoft-word-rce-vuln-cve-2023-21716.webp

Why this 14-year-old heap corruption vulnerability in MS Word is still relevant

A critical vulnerability with Remote Code Execution (RCE) potential in Microsoft Word (CVE-2023-21716) with a CVSS score of 9.8 was among the Zero-Day vulnerabilities that were fixed.

Kelyan Yesil

Published at: 18 Apr 2023

6 min read

laravel application securitylaravel-application-security-guide.webp

Securing Your Laravel Application: A Comprehensive Guide

As someone who has worked with the Laravel framework for years, I've seen firsthand the importance of taking security seriously. I've seen how simple mistakes lead to disastrous consequences, and I've also seen the benefits of a secure and well-maintained Laravel application.

Cosmin Coman

Published at: 11 Apr 2023

23 min read

log4j vulnerabilitylog4j-vulnerability.webp

Log4J - why some CVEs (almost) never disappear

Unless you’ve been on a sabbatical for the past year, you probably know how a critical vulnerability known as Log4shell took over the world.

Kelyan Yesil

Published at: 07 Apr 2023

7 min read

Explore our vulnerability research

top most exploited vulnerabilities in 2022top-10-most-exploited-vulns.webp

The most exploited vulnerabilities in 2022

Offensive security is a fast-moving space, yet some security vulnerabilities persist for years, causing problem after problem. 2023 being no exception, you can spare yourself from repetitive work by learning to find and mitigate these top 10 CVEs.

Kelyan Yesil

Published at: 16 Mar 2023

12 min read

Read the article titled business-logic-vulnerabilities.webp

Thinking outside the box: 3 creative ways to exploit business logic vulnerabilities in pentests

These flaws are particularly dangerous because attackers exploit behavioral patterns by interacting with apps in different ways than intended. When exploited successfully, they cause serious disruption, including business processes impact and reputational damage.

Razvan Ionescu

Published at: 02 Mar 2023

12 min read

Read the article titled supply-chain-attacks.webp

How supply chain attacks work and 7 ways to mitigate them

Your organization is a connected network of vendors, software, and people that keep your business operational. Each of these elements has various degrees of access to sensitive information which a bad actor can use as entry points in supply chain attacks.

Iulian Tita

Published at: 20 Feb 2023

14 min read

100+ essential penetration testing statistics [2023 edition]

If there’s anything we learned from years of working in infosec is this: don’t make assumptions without knowing the context and make decisions based on reliable data. With that in mind, we’ve put together this extensive list of penetration testing statistics and relevant data that shed light on many aspects of the industry.

Ioana Rijnetu

Published at: 13 Feb 2023

31 min read

Read the article titled 7-zip-misconfiguration-og-1674210488.png

Phishing a company through a 7-Zip misconfiguration

Reading about phishing can sometimes feel tedious, as many articles simply rehash the same old scenarios and prevention strategies without diving into technical details or offering anything fresh. But don't worry, we've got you covered!

Kelyan Yesil

Published at: 19 Jan 2023

8 min read

the DMARC protocol email securitythe-dmarc-protocol-email-security.webp

How the DMARC email security protocol can take down an entire company

Get familiar with DMARC, a less-known email security protocol that can help businesses prevent phishing campaigns.

Kelyan Yesil

Published at: 13 Dec 2022

12 min read

Behind the scenes

the future of penetration testingthe-future-of-penetration-testing.webp

17 Infosec pros talk about the future of penetration testing

As offensive security specialists, we want to understand how pentesting changes over the next decade so we can use our experience and know-how to make better decisions.

Ioana Rijnetu

Published at: 25 Nov 2022

18 min read

Read the article titled openssl-vulnerabilities-2022.webp

Everything you need to know about the new OpenSSL vulnerabilities (CVE-2022-3602 & CVE-2022-3786)

Before securing systems, we need to understand what we’re trying to secure and how to do it. Today we are exploring two new vulnerabilities that got the community's attention this month. Most importantly you will learn how to patch them and how impactful they are.

Kelyan Yesil

Published at: 18 Nov 2022

10 min read

Read the article titled conduct-a-full-network-vulnerability-assessment.webp

How to conduct a full network vulnerability assessment

The best ethical hackers build and maintain an outstanding workflow and process because it pays off – big time! When you’re always overwhelmed with work, it’s difficult to make time for tweaks and improvements, even if we both know they have compound returns in the long run.

Daniel Bechenea

Published at: 24 Aug 2022

19 min read

Ethical hacking & pentesting blog

Pro tips from 10 ethical hackers for stellar reports

Pro tips from 10 ethical hackers for stellar reports

Why this 14-year-old heap corruption vulnerability in MS Word is still relevant

Securing Your Laravel Application: A Comprehensive Guide

Log4J - why some CVEs (almost) never disappear

Explore our vulnerability research

The most exploited vulnerabilities in 2022

Thinking outside the box: 3 creative ways to exploit business logic vulnerabilities in pentests

How supply chain attacks work and 7 ways to mitigate them

Popular articles

How to manually detect and exploit Spring4Shell (CVE-2022-22965)

5 Practical Scenarios for XSS Attacks

Common SQL Injection Attacks

100+ essential penetration testing statistics [2023 edition]

Phishing a company through a 7-Zip misconfiguration

How the DMARC email security protocol can take down an entire company

Behind the scenes

Behind the scenes – an interview with Adrian Furtuna, our founder and CEO

Behind the Tools: Răzvan Ionescu on the growth mindset, insatiable curiosity, and being comfortable with change in ethical hacking

17 Infosec pros talk about the future of penetration testing

Everything you need to know about the new OpenSSL vulnerabilities (CVE-2022-3602 & CVE-2022-3786)

How to conduct a full network vulnerability assessment