Categories • Page 2/5
Security research
Here’s where our security researchers analyze and share insights about the latest vulnerabilities, providing details on how they work, or how to exploit them.
From bypass to breach: how to get RCE in Confluence's latest CVEs
I’m gonna help you get the answers you need by demonstrating how to go beyond authentication bypass and achieve RCE using CVE-2023-22515 and CVE-2023-22518. Together we’ll explore their root causes and how to demonstrate the risk involved if an attacker uses these CVEs successfully.
- Author(s)
- Published at
- Updated at
3 initial access tactics to simulate in your penetration tests
In this guide, I’ll talk about these tactics (phishing attacks, RDP attacks, and exploitable vulnerabilities) pentesters can use to simulate realistic attack scenarios and apply them in their ethical hacking engagements. You'll walk away with practical examples and actionable advice on how to effectively replicate these attacks. Plus, you’ll help your customers to create better security awareness inside their organizations.
- Author(s)
- Published at
- Updated at
Breaking down the 5 most common SQL injection attacks
In this ongoing battle, organizations and offensive security pros grapple with many questions: Why do these attacks persist? What are the most prevalent types of SQL injection attacks? And, most importantly, how do we prevent them effectively? You’ll get answers to these burning questions (and more!) in this practical guide.
- Author(s)
- Published at
- Updated at
Why this 14-year-old heap corruption vulnerability in MS Word is still relevant
A critical vulnerability with Remote Code Execution (RCE) potential in Microsoft Word (CVE-2023-21716) with a CVSS score of 9.8 was among the Zero-Day vulnerabilities that were fixed.
- Author(s)
- Published at
- Updated at
The most exploited vulnerabilities in 2022
Offensive security is a fast-moving space, yet some security vulnerabilities persist for years, causing problem after problem. 2023 being no exception, you can spare yourself from repetitive work by learning to find and mitigate these top 10 CVEs.
- Author(s)
- Published at
- Updated at
Thinking outside the box: 3 creative ways to exploit business logic vulnerabilities in pentests
These flaws are particularly dangerous because attackers exploit behavioral patterns by interacting with apps in different ways than intended. When exploited successfully, they cause serious disruption, including business processes impact and reputational damage.
- Author(s)
- Published at
- Updated at
How supply chain attacks work and 7 ways to mitigate them
Your organization is a connected network of vendors, software, and people that keep your business operational. Each of these elements has various degrees of access to sensitive information which a bad actor can use as entry points in supply chain attacks.
- Author(s)
- Published at
- Updated at
![Read the article titled 100+ essential penetration testing statistics [2023 edition]](/_vercel/image?url=https:%2F%2Fcontent.pentest-tools.com%2Fassets%2F100--pentesting-stats.webp&w=1536&q=100)
100+ essential penetration testing statistics [2023 edition]
If there’s anything we learned from years of working in infosec is this: don’t make assumptions without knowing the context and make decisions based on reliable data. With that in mind, we’ve put together this extensive list of penetration testing statistics and relevant data that shed light on many aspects of the industry.
- Author(s)
- Published at
- Updated at
Phishing a company through a 7-Zip misconfiguration
Reading about phishing can sometimes feel tedious, as many articles simply rehash the same old scenarios and prevention strategies without diving into technical details or offering anything fresh. But don't worry, we've got you covered!
- Author(s)
- Published at
- Updated at
