Catalin Iovita

3 initial access tactics to simulate in your penetration tests

In this guide, I’ll talk about these tactics (phishing attacks, RDP attacks, and exploitable vulnerabilities) pentesters can use to simulate realistic attack scenarios and apply them in their ethical hacking engagements. You'll walk away with practical examples and actionable advice on how to effectively replicate these attacks. Plus, you’ll help your customers to create better security awareness inside their organizations.

How to manually detect CVE-2022-21371 in Oracle WebLogic Servers

If you’re constantly thinking about better ways to discover critical vulnerabilities in systems, you are not alone. As a security researcher, I spend most of my time understanding their root cause and their potential impact on organizations, striving to help other security specialists communicate them effectively.

How to detect and exploit the Oracle WebLogic RCE (CVE-2020-14882 & CVE-2020-14883)

Pentesters love a good RCE, but, as much as we enjoy the thrill of detecting and exploiting it (ethically, of course), the tech ecosystem suffers every time one of these pops up. That’s why fast and effective recon and vulnerability assessment remain the go-to pentesting stages that help companies manage their risks so they can keep doing business and serving their customers. With your knowledge, experience, and advice, they can turn a potential hazard into a process that makes them stronger. Let’s take a closer look at the critical RCE vulnerability discovered in Oracle WebLogic Server and see how you can have a bigger positive impact in your organization and beyond it.

Author(s)

Catalin Iovita

Published at: 02 Feb 2022

Catalin Iovita

Posts by this author

3 initial access tactics to simulate in your penetration tests

How to manually detect CVE-2022-21371 in Oracle WebLogic Servers

How to detect and exploit the Oracle WebLogic RCE (CVE-2020-14882 & CVE-2020-14883)