Iulian Tita

Pentest-Tools.com, Security Research Engineer

Security Researcher with a passion for cryptography, web exploitation, binary exploitation, who's always curious to discover new challenges. I am fascinated to look inside algorithms and methods which trigger vulnerabilities. I use my technical expertise to create and improve security systems.

Security Researcher with a passion for cryptography, web exploitation, binary exploitation, who's always curious to discover new challenges. I am fascinated to look inside algorithms and methods which trigger vulnerabilities. I use my technical expertise to create and improve security systems.

Posts by this author

Security research
Next.js security alert - how to attack and fix CVE-2025-29927
A single header bypass can compromise your entire Next.js application. Are you at risk? Find out how to fix CVE-2025-29927.
Author(s)
Iulian Tita
Published at
24 Mar 2025
Updated at
25 Mar 2025
Security research
Buffer Overflows and Authentication Bypasses - exploiting CVE-2025-0282 and CVE-2024-55591
A critical Ivanti flaw lets attackers bypass defenses faster than you can patch. But that's not all. A silent vulnerability lurks in Fortinet, too.
Author(s)
Iulian Tita
Published at
28 Feb 2025
Updated at
28 Feb 2025
Security research
Unpacking LDAPNightmare (CVE-2024-49113 and CVE-2024-49112)
Uncover the secrets of LDAPNightmare - crash domain controllers, exploit AD weaknesses, and sharpen your pentesting skills
Author(s)
David Bors,
Catalin Iovita,
Iulian Tita
Published at
28 Jan 2025
Updated at
28 Jan 2025
Security research
How supply chain attacks work and 7 ways to mitigate them
Your organization is a connected network of vendors, software, and people that keep your business operational. Each of these elements has various degrees of access to sensitive information which a bad actor can use as entry points in supply chain attacks.
Author(s)
Iulian Tita
Published at
20 Feb 2023
Updated at
09 Apr 2024
Security research
How to exploit a Remote Code Execution vulnerability in Laravel (CVE-2021-3129)
I discovered this vulnerability for the first time in the Horizontall machine from Hack The Box, and the conditions in which it’s triggered pushed me to understand it in more detail. CVE-2021-3129 reminds me about a log poisoning vulnerability, but with a different flavor.
Author(s)
Iulian Tita
Published at
03 Mar 2022
Updated at
30 Apr 2024
Security research
How to detect and exploit CVE-2021-26084, the Confluence Server RCE
Thinking like an attacker is the right mindset that can help you better cope with this staggering growth of RCE vulnerabilities. As a pentester, you know it better than anyone. You’re also the best positioned to use your experience and know-how to detect exposed critical assets before malicious actors do. To help you help others, I’ll explore a critical RCE vulnerability in the Atlassian Confluence server across Linux and Windows in this practical guide packed with detection tactics and mitigation methods.
Author(s)
Iulian Tita
Published at
31 Jan 2022
Updated at
24 Mar 2023

Discover our ethical hacking toolkit and all the free tools you can use!

Create free account

Target illustration