Search the Pentest-Tools.com Blog

Beyond passive and active - a modern approach to network reconnaissance

This isn't your textbook recon. We're dissecting how modern network analysis blurs 'passive' and 'active,' offering a clearer path to target vulnerabilities.

Author(s)

Sacha Iakovenko

Published at: 27 Mar 2025

Security research

Next.js security alert - how to attack and fix CVE-2025-29927

A single header bypass can compromise your entire Next.js application. Are you at risk? Find out how to fix CVE-2025-29927.

Author(s)

Iulian Tita

Published at: 24 Mar 2025

Security research

How to extract TLS secrets from Android apps using Frida and Wireshark

Break Android's TLS fortress! Frida & Wireshark reveal hidden app secrets. Bypass SSL pinning, expose API calls, and master traffic decryption now.

Author(s)

David Bors

Published at: 14 Mar 2025

Security research

Buffer Overflows and Authentication Bypasses - exploiting CVE-2025-0282 and CVE-2024-55591

A critical Ivanti flaw lets attackers bypass defenses faster than you can patch. But that's not all. A silent vulnerability lurks in Fortinet, too.

Author(s)

Iulian Tita

Published at: 28 Feb 2025

Security research

Unpacking LDAPNightmare (CVE-2024-49113 and CVE-2024-49112)

Uncover the secrets of LDAPNightmare - crash domain controllers, exploit AD weaknesses, and sharpen your pentesting skills

Author(s)

Published at: 28 Jan 2025

Milestones

Year in review: 2024 on Pentest-Tools.com

🚀 2024 was one for the books at Pentest-Tools.com! Here are our customers' favorites and what made our year!

Author(s)

Andra Zaharia

Published at: 24 Dec 2024

Hacking tutorials

Cross-site WebSocket hijacking: understanding and exploiting CSWSH

This is an example of why it's worth taking a look in all the "boring" places (think RFC). They just might help you find the vulnerability you've been searching for!

Author(s)

Sacha Iakovenko

Published at: 30 Oct 2024

Milestones

How and why we built the Kubernetes Vulnerability Scanner

We began developing the Kubernetes Scanner with a focus on black and gray box remote scanning scenarios, as these are the most common among bug bounty hunters, pentesters, and red-teamers. We believe our Kubernetes Vulnerability Scanner is a state of the art improvement for its category of tools, but we don’t plan to stop here. We have a range of improvements in mind, from new detections and exploits to better integrations with other tools that will make this scanner an even more important asset for our customers.

Author(s)

David Bors

Published at: 27 Sep 2024

Community wisdom

70+ hacking books to level up your skills and thinking

What you feed your mind gets reflected in your choices. We curated a list of books that can get focus your energy on your next big challenge, get you out of a rut, or give you the space you need to tinker with your next project.

Author(s)

Published at: 08 Jul 2024

Security research

What is CVE-2024-6387? Understand RegreSSHion, the OpenSSH vulnerability

CVE-2024-6387, aka regreSSHion, is a new critical vulnerability affecting OpenSSH which remote, unauthenticated attackers can use to execute remote code. But there's more to this CVE than meets the eye

Author(s)

David Bors

Published at: 02 Jul 2024

Community wisdom

12 essential ethical hacking newsletters to read

To help you find the signal in the noise, I’ve curated the top 12 ethical hacking newsletters to fuel your personal and career growth. Dig into what makes them special and the top 3 resources we cherry-picked from each.

Author(s)

Ioana Rijnetu

Published at: 06 Jun 2024

Security research

How these vulnerabilities pushed offensive security forward

Not all vulnerabilities are alike. Some are true game-changers, uncovering new possibilities, and more layers of complexity to explore. Let’s look at what five of the most notorious vulnerabilities from the past decade taught us - and how they shaped the infosec community.

Author(s)

Kelyan Yesil

Published at: 04 Jun 2024

Discover our ethical hacking toolkit and all the free tools you can use!

Create free account