How to detect CVE-2021-22986 RCE with Pentest-Tools.comAs a pentester, when you see a major critical vulnerability persist for months in unpatched systems (like Log4Shell), you have a responsibility to help others understand its severity and how they can fix it. This is exactly why this article exists.Author(s)Cristian CorneaPublished at21 Sep 2021Updated at09 Jun 2023
6 techniques for account enumeration in a penetration test [demo included]Enumeration is one of the essential tactics that help you gain a foothold in your target’s ecosystem. As a penetration tester, you can gain a lot of speed and prep your exploitation phase more thoroughly if you get enumeration right.Author(s)Cristian CorneaPublished at20 Jul 2021Updated at10 Jul 2022
How to detect Sensitive Data Exposure with Pentest-Tools.comThe best security specialists have a very strong grasp of fundamental vulnerabilities, the kind that pops up in every engagement.Author(s)Cristian CorneaPublished at14 Apr 2021Updated at09 Jun 2023
How to detect broken authentication with Pentest-Tools.comOWASP Top 10 is an industry staple for a reason: because it’s incredibly well documented and provides a reliable framework for security specialists striving to prioritize vulns.Author(s)Cristian CorneaPublished at07 Apr 2021Updated at18 Jul 2023
How to detect injection flaws with Pentest-Tools.comWhether you’re a penetration tester, bug bounty hunter, or security pro, you’re probably familiar with all the OWASP Top 10 vulnerabilities affecting web applications.Author(s)Cristian CorneaPublished at19 Mar 2021Updated at09 Jun 2023
Discover how dangerous a ‘Bad Neighbor’ can be - TCP/IP Vulnerability (CVE-2020-16898)Patching is never easy, but doing it imperfectly can come back to bite you. That’s why today we’re unpacking a vulnerability that can resurface when improperly mitigated.Author(s)Cristian CorneaPublished at03 Nov 2020Updated at18 Jul 2023
Why Zerologon is the silent threat in your networkNo red flags. No alerts. Full-on compromise. The way cybercriminals are putting together various vulnerabilities within the Microsoft infrastructure, including Zerologon vulnerability (CVE-2020-1472), is more than a trending topic in the infosec community. It’s a massive threat for organizations small and large.Author(s)Cristian CorneaPublished at21 Oct 2020Updated at18 Jul 2023
The 17-year-old DNS vulnerability that leads to RCE in WindowsPreviously on our blog, we unpacked vulnerabilities in web applications, firewalls, SMB protocols… and now we have a DNS one.Author(s)Cristian CorneaPublished at17 Jul 2020Updated at17 Jul 2023
How to attack F5 BIG-IP using CVE-2020-5902 (TMUI RCE)Let’s tackle a vulnerability that broke out not only in BIG-IP firewalls but also on social media! When a major issue affecting a security product emerges, it immediately makes the headlines, the paradox of the situation impossible to ignore.Author(s)Cristian CorneaPublished at08 Jul 2020Updated at13 Apr 2023