Pentest-Tools Blog

Articles, news, tips and tricks from pentesting and infosec

Capital One, CafePress, Suprema data breaches and their root causes

In this article, we discuss some of the most recent data breaches, what are their root causes and how to better secure your most valuable personal information and other digital assets.

Read more

Analysis of recent Exim mail server vulnerabilities

For the past months, multiple critical vulnerabilities were found in Exim mail servers that could allow attackers to gain remote access and perform malicious activities: CVE-2019-16928, CVE-2019-15846 and CVE-2019-10149.

Read more

How to Perform Internal Network Scanning with Pentest-Tools.com

In this article, we show you how to scan hosts from your internal network using our security tools from Pentest-Tools.com. This is a new capability that we have recently added to our platform and it uses VPN tunnels to reach the internal networks.

Read more

How to Exploit BlueKeep Vulnerability with Metasploit

In this article we show our approach for exploiting the RDP BlueKeep vulnerability using the recently proposed Metasploit module.

Read more

How to Perform Authenticated Website Scans with Pentest-Tools.com

This article shows how to scan a web application that requires authentication using the Website Vulnerability Scanner of Pentest-Tools.com.

Read more

Pentest-Tools.com to participate at Black Hat Europe 2019

Pentest-Tools.com will be exhibiting at Black Hat Europe 2019. Join us in December for one of the biggest cybersecurity events and come to meet the Pentest-Tools.com team.

Read more

BlueKeep, the Microsoft RDP vulnerability – What we know so far

BlueKeep is a critical security flaw found in Microsoft Remote Desktop Services that was making the headlines for the past two months. In this article, we explore the key facts about this vulnerability.

Read more

Exploiting Magento SQL Injection with Sqlmap

In this article we show a new method of exploiting the critical SQL Injection vulnerability in Magento (CVE-2019-7139), using the well known Sqlmap tool.

Read more

How to do a Basic Website Vulnerability Assessment with Pentest-Tools.com

Let’s see how to perform a basic security evaluation of your web application with the tools from Pentest-Tools.com.

Read more

Analysis of a WordPress Remote Code Execution Attack

This article shows our analysis of a known attack (presented in February 2019) against WordPress versions 5.0.0 and lower, awarding an intruder with arbitrary code execution on the web server. The article covers each exploitation step and HTTP request required for a successful attack.

Read more

Common SQL Injection Attacks

SQL Injection attacks are still a threat to current web applications, despite their long history. In this article we discuss the most common SQL Injection attack techniques with concrete examples from DVWA (Damn Vulnerable Web Application).

Read more

Exploiting OGNL Injection in Apache Struts

Let’s understand how OGNL Injection works in Apache Struts. We’ll exemplify with two critical vulnerabilities in Struts: CVE-2017-5638 (Equifax breach) and CVE-2018-11776.

Read more

Inside Nmap, the world’s most famous port scanner

This article is a deep dive into how nmap works, in order to understand its internal structure and to master its functionality.

Read more

Pentest report writing in 5 minutes (Defcamp 2018 talk)

Tired of writing pentest reports? Let’s automate this and let you get back to hacking! Slides included.

Read more

Essential HTTP Headers for Securing Your Web Server

In this article we discuss the most important HTTP headers that you should configure on your web server in order to improve its security.

Read more

5 Practical Scenarios for XSS Attacks

Let’s explore a couple of practical attack scenarios that can be implemented as PoCs to prove the real risk of Cross-Site Scripting (XSS) vulnerabilities.

Read more