Search • Page 5/13

Search the Pentest-Tools.com Blog

Pro tips from 10 ethical hackers for stellar reports

The strongest proof of your work and expertize are the pentest reports you deliver. They capture your investigative skills, razor-sharp critical thinking, and creative hacking abilities. So your reports better be great. Looking to impress your team or clients with outstanding pentest reports? You're in luck! Delve into the collective wisdom of 10 seasoned offensive security professionals who've generously shared their insider tips on mastering the art of pentest reporting.

Author(s)

Ioana Rijnetu

Published at: 05 May 2023

Security research

Why this 14-year-old heap corruption vulnerability in MS Word is still relevant

A critical vulnerability with Remote Code Execution (RCE) potential in Microsoft Word (CVE-2023-21716) with a CVSS score of 9.8 was among the Zero-Day vulnerabilities that were fixed.

Author(s)

Kelyan Yesil

Published at: 18 Apr 2023

Security research

Log4J - why some CVEs (almost) never disappear

Unless you’ve been on a sabbatical for the past year, you probably know how a critical vulnerability known as Log4shell took over the world.

Author(s)

Kelyan Yesil

Published at: 07 Apr 2023

top most exploited vulnerabilities in 2022

Security research

The most exploited vulnerabilities in 2022

Offensive security is a fast-moving space, yet some security vulnerabilities persist for years, causing problem after problem. 2023 being no exception, you can spare yourself from repetitive work by learning to find and mitigate these top 10 CVEs.

Author(s)

Kelyan Yesil

Published at: 16 Mar 2023

Security research

Thinking outside the box: 3 creative ways to exploit business logic vulnerabilities in pentests

These flaws are particularly dangerous because attackers exploit behavioral patterns by interacting with apps in different ways than intended. When exploited successfully, they cause serious disruption, including business processes impact and reputational damage.

Author(s)

Razvan Ionescu

Published at: 02 Mar 2023

Security research

How supply chain attacks work and 7 ways to mitigate them

Your organization is a connected network of vendors, software, and people that keep your business operational. Each of these elements has various degrees of access to sensitive information which a bad actor can use as entry points in supply chain attacks.

Author(s)

Iulian Tita

Published at: 20 Feb 2023

Security research

100+ essential penetration testing statistics [2023 edition]

If there’s anything we learned from years of working in infosec is this: don’t make assumptions without knowing the context and make decisions based on reliable data. With that in mind, we’ve put together this extensive list of penetration testing statistics and relevant data that shed light on many aspects of the industry.

Author(s)

Ioana Rijnetu

Published at: 13 Feb 2023

Security research

Phishing a company through a 7-Zip misconfiguration

Reading about phishing can sometimes feel tedious, as many articles simply rehash the same old scenarios and prevention strategies without diving into technical details or offering anything fresh. But don't worry, we've got you covered!

Author(s)

Kelyan Yesil

Published at: 19 Jan 2023

Security research

How the DMARC email security protocol can take down an entire company

Get familiar with DMARC, a less-known email security protocol that can help businesses prevent phishing campaigns.

Author(s)

Kelyan Yesil

Published at: 13 Dec 2022

Community wisdom

17 Infosec pros talk about the future of penetration testing

As offensive security specialists, we want to understand how pentesting changes over the next decade so we can use our experience and know-how to make better decisions.

Author(s)

Ioana Rijnetu

Published at: 25 Nov 2022

Security research

Everything you need to know about the new OpenSSL vulnerabilities (CVE-2022-3602 & CVE-2022-3786)

Before securing systems, we need to understand what we’re trying to secure and how to do it. Today we are exploring two new vulnerabilities that got the community's attention this month. Most importantly you will learn how to patch them and how impactful they are.

Author(s)

Kelyan Yesil

Published at: 18 Nov 2022

Hacking tutorials

How to conduct a full network vulnerability assessment

The best ethical hackers build and maintain an outstanding workflow and process because it pays off – big time! When you’re always overwhelmed with work, it’s difficult to make time for tweaks and improvements, even if we both know they have compound returns in the long run.