Security research

Here’s where our security researchers analyze and share insights about the latest vulnerabilities, providing details on how they work, or how to exploit them.

Security research

Next.js security alert - how to attack and fix CVE-2025-29927

A single header bypass can compromise your entire Next.js application. Are you at risk? Find out how to fix CVE-2025-29927.

Author(s)

Iulian Tita

Published at: 24 Mar 2025

Security research

How to extract TLS secrets from Android apps using Frida and Wireshark

Break Android's TLS fortress! Frida & Wireshark reveal hidden app secrets. Bypass SSL pinning, expose API calls, and master traffic decryption now.

Author(s)

David Bors

Published at: 14 Mar 2025

Security research

Buffer Overflows and Authentication Bypasses - exploiting CVE-2025-0282 and CVE-2024-55591

A critical Ivanti flaw lets attackers bypass defenses faster than you can patch. But that's not all. A silent vulnerability lurks in Fortinet, too.

Author(s)

Iulian Tita

Published at: 28 Feb 2025

Security research

Unpacking LDAPNightmare (CVE-2024-49113 and CVE-2024-49112)

Uncover the secrets of LDAPNightmare - crash domain controllers, exploit AD weaknesses, and sharpen your pentesting skills

Author(s)

Published at: 28 Jan 2025

Security research

What is CVE-2024-6387? Understand RegreSSHion, the OpenSSH vulnerability

CVE-2024-6387, aka regreSSHion, is a new critical vulnerability affecting OpenSSH which remote, unauthenticated attackers can use to execute remote code. But there's more to this CVE than meets the eye

Author(s)

David Bors

Published at: 02 Jul 2024

Security research

How these vulnerabilities pushed offensive security forward

Not all vulnerabilities are alike. Some are true game-changers, uncovering new possibilities, and more layers of complexity to explore. Let’s look at what five of the most notorious vulnerabilities from the past decade taught us - and how they shaped the infosec community.

Author(s)

Kelyan Yesil

Published at: 04 Jun 2024

web app vulnerability scanners benchmark

Security research

Benchmarking our Website Vulnerability Scanner and 5 others

In February 2024, we set out to compare our Website Vulnerability Scanner against some of the established names in Dynamic Web Application Security Testing, both commercial and open-source: Burp Scanner, Acunetix, Qualys, Rapid7 InsightAppSec, and ZAP.

Author(s)

Alexandru Postolache

Published at: 30 May 2024

Network vulnerability scanners benchmark

Security research

Benchmarking our Network Vulnerability Scanner and 6 others

In January 2024, we decided to evaluate the most used network vulnerability scanners - Nessus Professional, Qualys, Rapid7 Nexpose, Nuclei, OpenVAS, and Nmap vulnerability scripts - including our own, which industry peers can validate independently. Here’s why we did it, what results we got, and how you can verify them (there’s a white paper you can download with access to all the results behind this benchmark).

Author(s)

Daniel Bechenea

Published at: 23 May 2024

Security research

CVE-2024-3094 - The XZ Utils Backdoor, a critical SSH vulnerability in Linux

The SSH backdoor would allow remote unauthenticated attackers to achieve remote code execution on the infected systems bypassing the authentication in place. From the information available at the time of writing, the backdoor seems to work only on GNU Linux x86/64 when the SSH server is run as a service by Systemd. Moreover, the library should have been installed by a packet manager. For the exploit to work, one should also expose the SSH server to the Internet so the attacker can interact remotely with it.

Author(s)

David Bors

Published at: 02 Apr 2024

Security research

Securing your Laravel application: A comprehensive guide

As someone who has worked with the Laravel framework for years, I've seen firsthand the importance of taking security seriously. I've seen how simple mistakes lead to disastrous consequences, and I've also seen the benefits of a secure and well-maintained Laravel application.

Author(s)

Published at: 28 Dec 2023

Security research

Roundcube: exfiltrating emails with CVE-2021-44026

Have you ever asked yourself: what is the half-life of a disclosed vulnerability? When should we stop worrying about it?

Author(s)

Published at: 22 Dec 2023

Security research

The Pentest-Tools.com vulnerability research manifesto

We work everyday to develop the tools, detections, and exploits that help ethical hackers fight to improve organizations’ defenses. As you know, the fight is unfair - and rigged: penetration testers and other offensive security practitioners are bound by the terms of engagement, while attackers are free to do anything - and everything.

Author(s)

Andra Zaharia

Published at: 21 Dec 2023

Discover our ethical hacking toolkit and all the free tools you can use!

Create free account