Categories
Security research
Here’s where our security researchers analyze and share insights about the latest vulnerabilities, providing details on how they work, or how to exploit them.
What is CVE-2024-6387? Understand RegreSSHion, the OpenSSH vulnerability
CVE-2024-6387, aka regreSSHion, is a new critical vulnerability affecting OpenSSH which remote, unauthenticated attackers can use to execute remote code. But there's more to this CVE than meets the eye
- Author(s)
- Published at
- Updated at
How these vulnerabilities pushed offensive security forward
Not all vulnerabilities are alike. Some are true game-changers, uncovering new possibilities, and more layers of complexity to explore. Let’s look at what five of the most notorious vulnerabilities from the past decade taught us - and how they shaped the infosec community.
- Author(s)
- Published at
- Updated at
Benchmarking our Website Vulnerability Scanner and 5 others
In February 2024, we set out to compare our Website Vulnerability Scanner against some of the established names in Dynamic Web Application Security Testing, both commercial and open-source: Burp Scanner, Acunetix, Qualys, Rapid7 InsightAppSec, and ZAP.
- Author(s)
- Published at
- Updated at
Benchmarking our Network Vulnerability Scanner and 6 others
In January 2024, we decided to evaluate the most used network vulnerability scanners - Nessus Professional, Qualys, Rapid7 Nexpose, Nuclei, OpenVAS, and Nmap vulnerability scripts - including our own, which industry peers can validate independently. Here’s why we did it, what results we got, and how you can verify them (there’s a white paper you can download with access to all the results behind this benchmark).
- Author(s)
- Published at
- Updated at
CVE-2024-3094 - The XZ Utils Backdoor, a critical SSH vulnerability in Linux
The SSH backdoor would allow remote unauthenticated attackers to achieve remote code execution on the infected systems bypassing the authentication in place. From the information available at the time of writing, the backdoor seems to work only on GNU Linux x86/64 when the SSH server is run as a service by Systemd. Moreover, the library should have been installed by a packet manager. For the exploit to work, one should also expose the SSH server to the Internet so the attacker can interact remotely with it.
- Author(s)
- Published at
- Updated at
Securing your Laravel application: A comprehensive guide
As someone who has worked with the Laravel framework for years, I've seen firsthand the importance of taking security seriously. I've seen how simple mistakes lead to disastrous consequences, and I've also seen the benefits of a secure and well-maintained Laravel application.
- Author(s)
- Published at
- Updated at
The Pentest-Tools.com vulnerability research manifesto
We work everyday to develop the tools, detections, and exploits that help ethical hackers fight to improve organizations’ defenses. As you know, the fight is unfair - and rigged: penetration testers and other offensive security practitioners are bound by the terms of engagement, while attackers are free to do anything - and everything.
- Author(s)
- Published at
- Updated at
From bypass to breach: how to get RCE in Confluence's latest CVEs
I’m gonna help you get the answers you need by demonstrating how to go beyond authentication bypass and achieve RCE using CVE-2023-22515 and CVE-2023-22518. Together we’ll explore their root causes and how to demonstrate the risk involved if an attacker uses these CVEs successfully.
- Author(s)
- Published at
- Updated at
3 initial access tactics to simulate in your penetration tests
In this guide, I’ll talk about these tactics (phishing attacks, RDP attacks, and exploitable vulnerabilities) pentesters can use to simulate realistic attack scenarios and apply them in their ethical hacking engagements. You'll walk away with practical examples and actionable advice on how to effectively replicate these attacks. Plus, you’ll help your customers to create better security awareness inside their organizations.
- Author(s)
- Published at
- Updated at
Breaking down the 5 most common SQL injection attacks
In this ongoing battle, organizations and offensive security pros grapple with many questions: Why do these attacks persist? What are the most prevalent types of SQL injection attacks? And, most importantly, how do we prevent them effectively? You’ll get answers to these burning questions (and more!) in this practical guide.
- Author(s)
- Published at
- Updated at
