Search • Page 7/9

97 results for "unauthorized access"

How to detect broken authentication with Pentest-Tools.com

OWASP Top 10 is an industry staple for a reason: because it’s incredibly well documented and provides a reliable framework for security specialists striving to prioritize vulns.

Author(s)

Cristian Cornea

Published at: 07 Apr 2021

Hacking tutorials

How to do a full website vulnerability assessment with Pentest-Tools.com

As a pentester, I have a good day when my workflow is smooth and uninterrupted. Pushing routine tasks to the background (sweet automation!) helps me stay focused. It frees up my mind to work on interesting findings and attack sequences that not everyone can see. Plus, it feels good to be productive and get stuff done!

Author(s)

Daniel Bechenea

Published at: 31 Mar 2021

Hacking tutorials

How to detect injection flaws with Pentest-Tools.com

Whether you’re a penetration tester, bug bounty hunter, or security pro, you’re probably familiar with all the OWASP Top 10 vulnerabilities affecting web applications.

Author(s)

Cristian Cornea

Published at: 19 Mar 2021

Platform updates

Work like a pro: 4 automation updates to save time and simplify your workflow

We worked hard this month to roll out new updates and we’re excited to share them with you! These 4 platform features are all about making your workflow smoother, so you can focus on the essential tasks:

Author(s)

Ioana Rijnetu

Published at: 17 Nov 2020

Security research

Why Zerologon is the silent threat in your network

No red flags. No alerts. Full-on compromise. The way cybercriminals are putting together various vulnerabilities within the Microsoft infrastructure, including Zerologon vulnerability (CVE-2020-1472), is more than a trending topic in the infosec community. It’s a massive threat for organizations small and large.

Author(s)

Cristian Cornea

Published at: 21 Oct 2020

Milestones

Why we continue to support young people find their way in infosec

Lifelong learning, constant practice, and the need to share knowledge and ideas with others are the reasons that got us in the infosec community. Because we all try to do our best in the work we do and have a positive impact on our field. And for that, we need to remind ourselves to stay engaged and always practice what we preach.

Author(s)

Ioana Rijnetu

Published at: 15 Oct 2020

Platform updates

[New feature] Discover your Network’s Attack Surface

What if you could automatically… Get an instant overview of your network perimeter exposure? Find open ports that shouldn’t be publicly accessible at a glance? Detect old and forgotten web technologies from a centralized view?

Author(s)

Ioana Rijnetu

Published at: 18 Sep 2020

Platform updates

2FA, email scan notifications & more updates

Here are 5 platform improvements we’ve built into the current update to make Pentest-Tools.com a helpful asset for your pentesting toolstack.

Author(s)

Ioana Rijnetu

Published at: 27 Jul 2020

Security research

How to attack F5 BIG-IP using CVE-2020-5902 (TMUI RCE)

Let’s tackle a vulnerability that broke out not only in BIG-IP firewalls but also on social media! When a major issue affecting a security product emerges, it immediately makes the headlines, the paradox of the situation impossible to ignore.

Author(s)

Cristian Cornea

Published at: 08 Jul 2020

Security research

How to chain SMBleed and SMBGhost to get RCE in Windows 10

Think like an attacker, act like a defender. That’s the pentesters’ mantra, if you ask me. That’s why today we’re diving into one of the most interesting tactics that malicious actors use: vulnerability chaining.

Author(s)

Cristian Cornea

Published at: 07 Jul 2020

Security research

How to exploit the PHAR deserialization vulnerability

At Blackhat US-18, Sam Thomas introduced a new way to exploit PHAR Deserialization Vulnerabilities in PHP. See which stream wrapper this new type of attack abuses and how it works.