3 initial access tactics to simulate in your penetration tests
In this guide, I’ll talk about these tactics (phishing attacks, RDP attacks, and exploitable vulnerabilities) pentesters can use to simulate realistic attack scenarios and apply them in their ethical hacking engagements. You'll walk away with practical examples and actionable advice on how to effectively replicate these attacks. Plus, you’ll help your customers to create better security awareness inside their organizations.
How these offensive security books changed their readers - and their authors
Books have extraordinary power. They give both readers and authors new perspectives on how to see the world – and how to inhabit it more meaningfully. They allow you to go in-depth on a topic you love (or didn’t know you could love). Books create space for reflection and give you the chance to soak up someone else's experience and make parts of it your own.
Breaking down the 5 most common SQL injection threats
In this ongoing battle, organizations and offensive security pros grapple with many questions: Why do these attacks persist? What are the most prevalent types of SQL injection attacks? And, most importantly, how do we prevent them effectively? You’ll get answers to these burning questions (and more!) in this practical guide.
Pro tips from 10 ethical hackers for stellar reports
The strongest proof of your work and expertize are the pentest reports you deliver. They capture your investigative skills, razor-sharp critical thinking, and creative hacking abilities. So your reports better be great. Looking to impress your team or clients with outstanding pentest reports? You're in luck! Delve into the collective wisdom of 10 seasoned offensive security professionals who've generously shared their insider tips on mastering the art of pentest reporting.
Why this 14-year-old heap corruption vulnerability in MS Word is still relevant
A critical vulnerability with Remote Code Execution (RCE) potential in Microsoft Word (CVE-2023-21716) with a CVSS score of 9.8 was among the Zero-Day vulnerabilities that were fixed.
Securing Your Laravel Application: A Comprehensive Guide
As someone who has worked with the Laravel framework for years, I've seen firsthand the importance of taking security seriously. I've seen how simple mistakes lead to disastrous consequences, and I've also seen the benefits of a secure and well-maintained Laravel application.
- Published at
- Updated at
The most exploited vulnerabilities in 2022
Offensive security is a fast-moving space, yet some security vulnerabilities persist for years, causing problem after problem. 2023 being no exception, you can spare yourself from repetitive work by learning to find and mitigate these top 10 CVEs.
Thinking outside the box: 3 creative ways to exploit business logic vulnerabilities in pentests
These flaws are particularly dangerous because attackers exploit behavioral patterns by interacting with apps in different ways than intended. When exploited successfully, they cause serious disruption, including business processes impact and reputational damage.
How supply chain attacks work and 7 ways to mitigate them
Your organization is a connected network of vendors, software, and people that keep your business operational. Each of these elements has various degrees of access to sensitive information which a bad actor can use as entry points in supply chain attacks.
100+ essential penetration testing statistics [2023 edition]
If there’s anything we learned from years of working in infosec is this: don’t make assumptions without knowing the context and make decisions based on reliable data. With that in mind, we’ve put together this extensive list of penetration testing statistics and relevant data that shed light on many aspects of the industry.
Phishing a company through a 7-Zip misconfiguration
Reading about phishing can sometimes feel tedious, as many articles simply rehash the same old scenarios and prevention strategies without diving into technical details or offering anything fresh. But don't worry, we've got you covered!
Everything you need to know about the new OpenSSL vulnerabilities (CVE-2022-3602 & CVE-2022-3786)
Before securing systems, we need to understand what we’re trying to secure and how to do it. Today we are exploring two new vulnerabilities that got the community's attention this month. Most importantly you will learn how to patch them and how impactful they are.
How to conduct a full network vulnerability assessment
The best ethical hackers build and maintain an outstanding workflow and process because it pays off – big time! When you’re always overwhelmed with work, it’s difficult to make time for tweaks and improvements, even if we both know they have compound returns in the long run.
Authenticated Magento RCE with deserialized PHAR files
Back in August 2019, I reported a security vulnerability in Magento affecting versions 2.3.2, 2.3.3, and 2.3.4 using the HackerOne bug bounty platform. The bug impacted some installations of Magento and it allowed us to gain Remote Code Execution based on the way PHAR files are deserialized and by abusing Magento’s Protocol Directives.
How to manually detect CVE-2022-21371 in Oracle WebLogic Servers
If you’re constantly thinking about better ways to discover critical vulnerabilities in systems, you are not alone. As a security researcher, I spend most of my time understanding their root cause and their potential impact on organizations, striving to help other security specialists communicate them effectively.
April updates: Get RCE evidence for 6 critical CVEs
After weeks of working on auto-exploitation for this critical CVE (CVSSv3 9.8), we finally have it! As a Pentest-Tools.com customer, you can run Sniper Auto-Exploiter to get conclusive proof that validates targets vulnerable to this high-risk vulnerability, which bad actors have already shown interest in.
How to exploit Zabbix Unsafe Session Storage (CVE-2022-23131)
Due to its increasing popularity and administrative access to most companies’ infrastructure, Zabbix has become a high-profile target for threat actors. So of course a security issue like the Unsafe Session Storage vulnerability attracts motivated cybercriminals. If it’s up to you to find exploitable targets and gather proof for vulnerability validation for your ethical hacking engagements, this guide is for you!
- Published at
- Updated at
How to manually detect and exploit Spring4Shell (CVE-2022-22965)
Just a few months after the Log4Shell brutally shook our world, when things started to look calm and peaceful again, the Vulnerability Gods have unleashed upon us. Another similarly named vulnerability in a popular Java framework – Spring4Shell – came to light. Is CVE-2022-22965 as dangerous and as widespread as its (slightly) older sibling? Stick with us to find out!
March updates: Spring4Shell: find and confirm exploitable targets and more updates
If you instantly thought of Log4Shell when Spring4Shell emerged just a few days ago, you’re not alone. A coolheaded analysis reveals this CVE is not as severe as last year’s Log4j vulnerability. Nevertheless, it remains a priority in terms of detection and patching. Here’s why.
How to detect and exploit Citrix ADC and Citrix Gateway (CVE-2020-8194)
Citrix systems are very popular, even famous, one could say. They even sponsor Formula 1 teams! But despite their notoriety, they use the FreeBSD OS on their devices and plain PHP for web services, so I got easy access to the code and analyzed it.
How to exploit a Remote Code Execution vulnerability in Laravel (CVE-2021-3129)
I discovered this vulnerability for the first time in the Horizontall machine from Hack The Box, and the conditions in which it’s triggered pushed me to understand it in more detail. CVE-2021-3129 reminds me about a log poisoning vulnerability, but with a different flavor.
How to exploit the HTTP.sys Remote Code Execution vulnerability (CVE-2022-21907)
Pattern recognition is what hundreds of security specialists in our community voted as the skill to cultivate for a rewarding infosec career. While we have some innate pattern recognition abilities, developing them is essential – and that’s a matter of practice. Working in offensive security gives you plenty of opportunities to do this, with new vulnerabilities ripe for close examination. So let’s go ahead and do just that while discovering how this CVE carries echoes from another vulnerability from a while back.
Behind the scenes – an interview with Adrian Furtuna, our founder and CEO
The constant rise in cybercrime has surely pushed companies to take their cybersecurity more seriously, and many have turned to penetration testing as a way to combat multiplying threats. Although this established practice is highly effective, there are still many necessary improvements to help scale it to the current needs of the tech ecosystem. CyberNews sat down with Adrian Furtuna, our Founder & CEO, to talk about the ins and outs of penetration testing. Here’s why Adrian believes that no matter how advanced the technology is, some aspects still need a human approach.
How to detect and exploit the Oracle WebLogic RCE (CVE-2020-14882 & CVE-2020-14883)
Pentesters love a good RCE, but, as much as we enjoy the thrill of detecting and exploiting it (ethically, of course), the tech ecosystem suffers every time one of these pops up. That’s why fast and effective recon and vulnerability assessment remain the go-to pentesting stages that help companies manage their risks so they can keep doing business and serving their customers. With your knowledge, experience, and advice, they can turn a potential hazard into a process that makes them stronger. Let’s take a closer look at the critical RCE vulnerability discovered in Oracle WebLogic Server and see how you can have a bigger positive impact in your organization and beyond it.
How to detect and exploit CVE-2021-26084, the Confluence Server RCE
Thinking like an attacker is the right mindset that can help you better cope with this staggering growth of RCE vulnerabilities. As a pentester, you know it better than anyone. You’re also the best positioned to use your experience and know-how to detect exposed critical assets before malicious actors do. To help you help others, I’ll explore a critical RCE vulnerability in the Atlassian Confluence server across Linux and Windows in this practical guide packed with detection tactics and mitigation methods.
How to exploit the VMware vCenter RCE with Pentest-Tools.com (CVE-2021-21985)
More high-risk vulnerabilities mean more work for you. The good news? You won’t be out of work anytime soon. The bad news? You’ll probably work a lot more than you anticipate. So how do you balance the good and the not-so-great? By having a replicable process for when a high-risk CVE that leads to RCE hits your targets (the likes of CVE-2021-21985).
December updates: 6 new ways to make your workflow smoother
Hope 2022 is off to a great start for you! Supporting your security efforts is what we do, so here’s a fresh batch of platform updates we rolled out at the end of 2021. Why check them out? Because they’ll help you get more work done, faster with the same tools and features you know (and hopefully love!).
How we detect and exploit Log4Shell to help you find targets using vulnerable Log4j versions
We’re breaking down our technique for detecting CVE-2021-44228 (Log4Shell) because we believe our users should understand what’s happening behind the scanners so they can avoid a false sense of security.
November updates for powerful workflows, including detection for Log4Shell
Giving you the tools you need right now to speed up detection and reporting is always our top priority. Especially when your work is essential to effectively prioritize remediation. So, with every monthly update, we strive to do just that.
How to detect the Zoho ManageEngine ADSelfService Plus RCE (CVE-2021-40539)
Overwhelmed by so many high-risk vulnerabilities that emerge? Thousands of them are disclosed every year and 2021 is no exception. Systems are complex, cyber attacks get more sophisticated, and patching is still a challenge for many organizations. As infosec pros, it’s our responsibility to help companies (and individuals) understand the real implications and impact of a critical vulnerability and help them find it before it gets worse.
Detect and exploit Gitlab CE/EE RCE with Pentest-Tools.com (CVE-2021-22205)
“Just patch it!” is the usual advice when a vulnerability hits (and it’s not a zero-day). But it’s never that simple in organizations that have to manage layers upon layers of infrastructure. When you have to deal with a critical CVE like the latest unauthenticated RCE in Gitlab (CVSSv3 10.0), the tangled, messy process of patching bubbles to the surface.
How to detect CVE-2021-22986 RCE with Pentest-Tools.com
As a pentester, when you see a major critical vulnerability persist for months in unpatched systems (like Log4Shell), you have a responsibility to help others understand its severity and how they can fix it. This is exactly why this article exists.
Behind the Tools: Răzvan Ionescu on the growth mindset, insatiable curiosity, and being comfortable with change in ethical hacking
At Pentest-Tools.com, we use our managed pentesting services to learn from our customers and listen to them. Every one of us works hard to understand what users need and why, feeding that knowledge into the platform while we continue to learn and grow as individuals and as a team. That’s why we eat our own dog food and we always practice what we preach.
Detect ProxyShell (pre-auth Microsoft Exchange RCE) with Pentest-Tools.com
On-prem Microsoft Exchange servers have created a lot of work for IT and security specialists in the past months. In March, ProxyLogon left servers vulnerable to Server-Side Request Forgery through CVE-2021-26855, so we launched a dedicated scanner for it. In May, #proxynotfound popped up, so we integrated detection for it into our Network Vulnerability Scanner to make detection and reporting faster.
6 techniques for account enumeration in a penetration test [demo included]
Enumeration is one of the essential tactics that help you gain a foothold in your target’s ecosystem. As a penetration tester, you can gain a lot of speed and prep your exploitation phase more thoroughly if you get enumeration right.
Detect Microsoft Exchange RCE #proxynotfound with our Network Vulnerability Scanner
Running on-prem Microsoft Exchange servers? If you didn’t catch the NSA boilerplate announcement, there’s another batch of vulnerabilities to scan for – and we built what you need.
How to detect VMware vCenter RCE with Pentest-Tools.com (CVE-2021-21972)
The current, multi-layer setup big organizations run on is a challenge to manage and we both know that (it’s an understatement). And when a vulnerability like CVE-2021-21972 pops up, it reveals how messy the process of patching and mitigation can be.
How to do a full website vulnerability assessment with Pentest-Tools.com
As a pentester, I have a good day when my workflow is smooth and uninterrupted. Pushing routine tasks to the background (sweet automation!) helps me stay focused. It frees up my mind to work on interesting findings and attack sequences that not everyone can see. Plus, it feels good to be productive and get stuff done!
Run laser-focused scans with these 5 platform updates
This month we roll out 5 fresh updates worth trying. Why?
Pentest Robots - rocket fuel for pentesters, not their replacement
Let me say this from the start: full automation is the wrong approach for scaling penetration testing. The whole “machines will replace humans” view doesn’t sit well with us. It’s too simplistic and it fails to capture the complexity and depth involved in security testing and the larger information security ecosystem. So how come we launched pentest robots - an automation feature - at Black Hat Europe 2020?
Work like a pro: 4 automation updates to save time and simplify your workflow
We worked hard this month to roll out new updates and we’re excited to share them with you! These 4 platform features are all about making your workflow smoother, so you can focus on the essential tasks:
Discover how dangerous a ‘Bad Neighbor’ can be - TCP/IP Vulnerability (CVE-2020-16898)
Patching is never easy, but doing it imperfectly can come back to bite you. That’s why today we’re unpacking a vulnerability that can resurface when improperly mitigated.
Why Zerologon is the silent threat in your network
No red flags. No alerts. Full-on compromise. The way cybercriminals are putting together various vulnerabilities within the Microsoft infrastructure, including Zerologon vulnerability (CVE-2020-1472), is more than a trending topic in the infosec community. It’s a massive threat for organizations small and large.
Why we continue to support young people find their way in infosec
Lifelong learning, constant practice, and the need to share knowledge and ideas with others are the reasons that got us in the infosec community. Because we all try to do our best in the work we do and have a positive impact on our field. And for that, we need to remind ourselves to stay engaged and always practice what we preach.
4 updates for next-level automation in security testing
Here are 4 platform improvements we’ve deployed to make Pentest-Tools.com a must-have for your security testing tool stack: Mark False Positives for future scans, Target description - automatically added to reports, Enable & configure email scan notifications, Login session timeout increased
[New feature] Discover your Network’s Attack Surface
What if you could automatically… Get an instant overview of your network perimeter exposure? Find open ports that shouldn’t be publicly accessible at a glance? Detect old and forgotten web technologies from a centralized view?
Find out why lower-severity vulns are the bigger pain
Sometimes headline-making vulnerabilities aren’t necessarily the ones causing the most burning challenges for companies. What makes a difference during uncertain times is identifying the key focus points needed to support business priorities.
How to attack F5 BIG-IP using CVE-2020-5902 (TMUI RCE)
Let’s tackle a vulnerability that broke out not only in BIG-IP firewalls but also on social media! When a major issue affecting a security product emerges, it immediately makes the headlines, the paradox of the situation impossible to ignore.
How to chain SMBleed and SMBGhost to get RCE in Windows 10
Think like an attacker, act like a defender. That’s the pentesters’ mantra, if you ask me. That’s why today we’re diving into one of the most interesting tactics that malicious actors use: vulnerability chaining.
How to exploit the DotNetNuke Cookie Deserialization
We looked at around 300 DotNetNuke deployments in the wild and discovered that one in five installations was vulnerable to CVE-2017-9822. That includes governmental and banking websites. As part of this research, we discovered a Remote Code Execution vulnerability exploitable through DNN Cookie Deserialization in one of the U.S. Department Of Defense’s biggest websites. After having responsibly reported it through HackerOne, the DOD solved the high-severity vulnerability and disclosed the report, with all details now publicly available.
[New feature] Scan internal networks with the VPN Agent
To enhance the way you scan your internal networks, we added a new way to perform this on Pentest-Tools.com. It is a lot easier and does not require any special configuration. All you need to do is run the VPN Agent and start scanning!
How to detect the Microsoft SMBGhost vulnerability with Pentest-Tools.com
For the past couple of weeks, a critical RCE vulnerability found in Microsoft Server Message Block 3.1.1 (SMBv3) has kept both the Microsoft users and the security community on their toes. To help our customers better detect if their Windows hosts were affected by the critical SMBGhost vulnerability, we developed and added a new, dedicated scanner on Pentest-Tools.com.
[New scanners] Detect SMBGhost and Ghostcat vulnerabilities with Pentest-Tools.com
Vulnerability scanners are essential pentesting tools to quickly discover critical security flaws before hackers do. The more specific, the more useful! To help our customers better detect if their systems are impacted by the SMBGhost and GhostCat vulnerabilities, we built and added two new, dedicated scanners on Pentest-Tools.com.
[New enterprise feature] Add sub-users and share your Pentest-Tools.com plan
Working on a security project is always better when your team is involved. That’s why you can now add multiple users to your Pentest-Tools.com account and share the plan with your team members. The new feature allows the account owner (the parent user) to create sub-users and share access to their account.
How to simulate phishing attacks with the HTTP Request Logger
As a penetration tester or a Red Team security consultant, you probably deal with lots of challenges when you want to simulate phishing attacks using social engineering techniques. Because our team’s goal is to make your job easier by providing the right tools, we’ve put together a hands-on guide you can use straight away!
API support for TCP Port Scan, API scans & more updates
Through our API integration, you can easily streamline and automate your pentesting tasks for better results. Because we know how important it is for your business, we’ve worked on improving our API system to become a fully programmable penetration testing platform for your specific needs. Here are 3 new API improvements we added in the current update
New tool for detecting the critical Citrix RCE vulnerability (CVE-2019-19781)
To help our customers assess the security of their Citrix ADC and Citrix Gateway devices, we have added a new tool on Pentest-Tools.com to detect the recent RCE vulnerability (CVE-2019-19781).
How to detect the SACK Panic vulnerability with Wireshark
The security team at Pentest-Tools.com has recently performed an in-depth analysis of the SACK Panic vulnerability (which was first disclosed in June 2019) to find out its exploitability against Linux machines. Throughout this research, we’ve identified a new method to detect vulnerable servers using Wireshark, the popular network traffic analyzer.
- Published at
- Updated at
Black Hat Europe 2019 Highlights
We are extremely grateful and happy to find out how many users already know about our online platform each time we explore a new context. To know people around the world use Pentest-Tools.com on a daily basis to discover vulnerabilities in websites or networks drives us to achieve even more going forward. In this article, we share our recent experience at the Black Hat Europe 2019 conference and what we learned from it.
Analysis of recent Exim mail server vulnerabilities
For the past months, multiple critical vulnerabilities were found in Exim mail servers that could allow attackers to gain remote access and perform malicious activities: CVE-2019-16928, CVE-2019-15846, and CVE-2019-10149.
How to Perform Internal Network Scanning with Pentest-Tools.com
In this article, we show you how to scan hosts from your internal network using our security tools from Pentest-Tools.com. This is a new capability that we have recently added to our platform and it uses VPN tunnels to reach the internal networks.
- Published at
- Updated at
[New feature] Internal network scanning with Pentest-Tools.com
To quickly discover potential vulnerabilities or evaluate your security posture, regular internal network scans are essential. To make this easier for you, we’ve added a new feature on Pentest-Tools.com!
[New scanners] Find Associated Domains, Password Auditor, and 2 more new tools
Vulnerability scanners are essential tools for penetration testers who need to assess the security of their servers, sites, or networks. That’s why we focus on adding new scanners on Pentest-Tools.com to help our customers discover critical security flaws quickly and effectively.
BlueKeep, the Microsoft RDP vulnerability - What we know so far
BlueKeep is a critical security flaw found in Microsoft Remote Desktop Services that was making the headlines for the past two months. In this article, we explore the key facts about this vulnerability.
Analysis of a WordPress Remote Code Execution Attack
This article shows our analysis of a known attack (presented in February 2019) against WordPress versions 5.0.0 and lower, awarding an intruder with arbitrary code execution on the webserver. The article covers each exploitation step and HTTP request required for a successful attack.
An enhanced version of our Website Vulnerability Scanner
To check the security of a web application or server, you need an automated scanner to save time spent on manual work. Our Website Vulnerability Scanner does that and much more (including detecting widespread vulnerabilities like Log4Shell)!