Cristian Cornea

Posts by this author

• 

  How to detect CVE-2021-22986 RCE with Pentest-Tools.com

  As a pentester, when you see a major critical vulnerability persist for months in unpatched systems (like Log4Shell), you have a responsibility to help others understand its severity and how they can fix it. This is exactly why this article exists.

  

  Author(s)

  • Cristian Cornea

  Published at

  21 Sep 2021

  Updated at

  09 Jun 2023

• 

  6 techniques for account enumeration in a penetration test [demo included]

  Enumeration is one of the essential tactics that help you gain a foothold in your target’s ecosystem. As a penetration tester, you can gain a lot of speed and prep your exploitation phase more thoroughly if you get enumeration right.

  

  Author(s)

  • Cristian Cornea

  Published at

  20 Jul 2021

  Updated at

  10 Jul 2022

• 

  How to detect Sensitive Data Exposure with Pentest-Tools.com

  The best security specialists have a very strong grasp of fundamental vulnerabilities, the kind that pops up in every engagement.

  

  Author(s)

  • Cristian Cornea

  Published at

  14 Apr 2021

  Updated at

  09 Jun 2023

• 

  How to detect broken authentication with Pentest-Tools.com

  OWASP Top 10 is an industry staple for a reason: because it’s incredibly well documented and provides a reliable framework for security specialists striving to prioritize vulns.

  

  Author(s)

  • Cristian Cornea

  Published at

  07 Apr 2021

  Updated at

  18 Jul 2023

• 

  How to detect injection flaws with Pentest-Tools.com

  Whether you’re a penetration tester, bug bounty hunter, or security pro, you’re probably familiar with all the OWASP Top 10 vulnerabilities affecting web applications.

  

  Author(s)

  • Cristian Cornea

  Published at

  19 Mar 2021

  Updated at

  09 Jun 2023

• 

  Discover how dangerous a ‘Bad Neighbor’ can be - TCP/IP Vulnerability (CVE-2020-16898)

  Patching is never easy, but doing it imperfectly can come back to bite you. That’s why today we’re unpacking a vulnerability that can resurface when improperly mitigated.

  

  Author(s)

  • Cristian Cornea

  Published at

  03 Nov 2020

  Updated at

  18 Jul 2023

• 

  Why Zerologon is the silent threat in your network

  No red flags. No alerts. Full-on compromise. The way cybercriminals are putting together various vulnerabilities within the Microsoft infrastructure, including Zerologon vulnerability (CVE-2020-1472), is more than a trending topic in the infosec community. It’s a massive threat for organizations small and large.

  

  Author(s)

  • Cristian Cornea

  Published at

  21 Oct 2020

  Updated at

  18 Jul 2023

• 

  The 17-year-old DNS vulnerability that leads to RCE in Windows

  Previously on our blog, we unpacked vulnerabilities in web applications, firewalls, SMB protocols… and now we have a DNS one.

  

  Author(s)

  • Cristian Cornea

  Published at

  17 Jul 2020

  Updated at

  17 Jul 2023

• 

  How to attack F5 BIG-IP using CVE-2020-5902 (TMUI RCE)

  Let’s tackle a vulnerability that broke out not only in BIG-IP firewalls but also on social media! When a major issue affecting a security product emerges, it immediately makes the headlines, the paradox of the situation impossible to ignore.

  

  Author(s)

  • Cristian Cornea

  Published at

  08 Jul 2020

  Updated at

  13 Apr 2023