Daniel Bechenea

Pentest-Tools.com, Security Research Lead

OSCP certified penetration tester and bug bounty hunter with a strong passion for infosec, I enjoy looking for vulnerabilities in systems and exploiting them. I use my technical knowledge and business acumen to help customers understand and prioritize critical security issues.

Log4Shell scanner: detect and exploit Log4j CVE-2021-44228 in your network and web apps

We almost made it to a much-needed holiday break… and then Log4Shell happened.

Author(s)

Daniel Bechenea

Published at: 14 Dec 2021

Detect and exploit Gitlab CE/EE RCE with Pentest-Tools.com (CVE-2021-22205)

“Just patch it!” is the usual advice when a vulnerability hits (and it’s not a zero-day). But it’s never that simple in organizations that have to manage layers upon layers of infrastructure. When you have to deal with a critical CVE like the latest unauthenticated RCE in Gitlab (CVSSv3 10.0), the tangled, messy process of patching bubbles to the surface.

How to do a full website vulnerability assessment with Pentest-Tools.com

As a pentester, I have a good day when my workflow is smooth and uninterrupted. Pushing routine tasks to the background (sweet automation!) helps me stay focused. It frees up my mind to work on interesting findings and attack sequences that not everyone can see. Plus, it feels good to be productive and get stuff done!

Daniel Bechenea

Posts by this author

How to conduct a full network vulnerability assessment

Log4Shell scanner: detect and exploit Log4j CVE-2021-44228 in your network and web apps

Detect and exploit Gitlab CE/EE RCE with Pentest-Tools.com (CVE-2021-22205)

How to detect VMware vCenter RCE with Pentest-Tools.com (CVE-2021-21972)

How to do a full website vulnerability assessment with Pentest-Tools.com