![Read the article titled The 17-year-old DNS vulnerability that leads to RCE in Windows](/_vercel/image?url=https:%2F%2Fcontent.pentest-tools.com%2Fassets%2Fcontent%2Fsigred-dns-windows-rce%2Frce-windows-dns-sigred-vulnerability.webp&w=1536&q=100)
Search • Page 9/12
Search the Pentest-Tools.com Blog
![Read the article titled The 17-year-old DNS vulnerability that leads to RCE in Windows](/_vercel/image?url=https:%2F%2Fcontent.pentest-tools.com%2Fassets%2Fcontent%2Fsigred-dns-windows-rce%2Frce-windows-dns-sigred-vulnerability.webp&w=1536&q=100)
![Read the article titled How to attack F5 BIG-IP using CVE-2020-5902 (TMUI RCE)](/_vercel/image?url=https:%2F%2Fcontent.pentest-tools.com%2Fassets%2Fcontent%2Fbig-ip-tmui-rce%2Fbip-ip-tmui-rce-vulnerability.webp&w=1536&q=100)
How to attack F5 BIG-IP using CVE-2020-5902 (TMUI RCE)
Let’s tackle a vulnerability that broke out not only in BIG-IP firewalls but also on social media! When a major issue affecting a security product emerges, it immediately makes the headlines, the paradox of the situation impossible to ignore.
- Author(s)
- Published at
- Updated at
![Read the article titled How to chain SMBleed and SMBGhost to get RCE in Windows 10](/_vercel/image?url=https:%2F%2Fcontent.pentest-tools.com%2Fassets%2Fcontent%2Fsmbleedingghost-exploit%2Fchain-smbleed-smbghost-windows-10-rce.webp&w=1536&q=100)
How to chain SMBleed and SMBGhost to get RCE in Windows 10
Think like an attacker, act like a defender. That’s the pentesters’ mantra, if you ask me. That’s why today we’re diving into one of the most interesting tactics that malicious actors use: vulnerability chaining.
- Author(s)
- Published at
- Updated at
![Read the article titled New filters for Findings, Import targets with descriptions & more updates](/_vercel/image?url=https:%2F%2Fcontent.pentest-tools.com%2Fassets%2Fcontent%2Fnew-filters-findings-more-updates%2Fnew-filters-for-findings-and-more-platform-updates.webp&w=1536&q=100)
![Read the article titled How to exploit the DotNetNuke Cookie Deserialization](/_vercel/image?url=https:%2F%2Fcontent.pentest-tools.com%2Fassets%2Fcontent%2Fexploit-dotnetnuke-cookie-deserialization%2Fexploit-dotnetnuke-cookie-deserialization.webp&w=1536&q=100)
How to exploit the DotNetNuke Cookie Deserialization
We looked at around 300 DotNetNuke deployments in the wild and discovered that one in five installations was vulnerable to CVE-2017-9822. That includes governmental and banking websites. As part of this research, we discovered a Remote Code Execution vulnerability exploitable through DNN Cookie Deserialization in one of the U.S. Department Of Defense’s biggest websites. After having responsibly reported it through HackerOne, the DOD solved the high-severity vulnerability and disclosed the report, with all details now publicly available.
- Author(s)
- Published at
- Updated at
![Read the article titled [New feature] Scan internal networks with the VPN Agent](/_vercel/image?url=https:%2F%2Fcontent.pentest-tools.com%2Fassets%2Fcontent%2Ffeature-scan-internal-networks-vpn-agent%2Fvpn-agent-new-feature-on-pentest-tools.com_..webp&w=1536&q=100)
[New feature] Scan internal networks with the VPN Agent
To enhance the way you scan your internal networks, we added a new way to perform this on Pentest-Tools.com. It is a lot easier and does not require any special configuration. All you need to do is run the VPN Agent and start scanning!
- Author(s)
- Published at
- Updated at
![Read the article titled How to exploit the PHAR deserialization vulnerability](/_vercel/image?url=https:%2F%2Fcontent.pentest-tools.com%2Fassets%2Fcontent%2Fexploit-phar-deserialization-vulnerability%2Fexploit-phar-deserialization-vulnerability.webp&w=1536&q=100)
![Read the article titled Jira integration, Export results as JSON & more platform updates](/_vercel/image?url=https:%2F%2Fcontent.pentest-tools.com%2Fassets%2Fcontent%2Fjira-integration-platform-updates%2Fjira-integration-and-new-platform-updates-available.webp&w=1536&q=100)
![Read the article titled How to detect the Microsoft SMBGhost vulnerability with Pentest-Tools.com](/_vercel/image?url=https:%2F%2Fcontent.pentest-tools.com%2Fassets%2Fcontent%2Fhow-to-detect-microsoft-smbghost-vulnerability%2Fdetect-microsoft-smbghost-pentest-tools.com_-1.webp&w=1536&q=100)
How to detect the Microsoft SMBGhost vulnerability with Pentest-Tools.com
For the past couple of weeks, a critical RCE vulnerability found in Microsoft Server Message Block 3.1.1 (SMBv3) has kept both the Microsoft users and the security community on their toes. To help our customers better detect if their Windows hosts were affected by the critical SMBGhost vulnerability, we developed and added a new, dedicated scanner on Pentest-Tools.com.
- Author(s)
- Published at
- Updated at
![Read the article titled [New scanners] Detect SMBGhost and Ghostcat vulnerabilities with Pentest-Tools.com](/_vercel/image?url=https:%2F%2Fcontent.pentest-tools.com%2Fassets%2Fcontent%2Fscanners-detect-smbghost-ghostcat%2Fsmbghost-and-ghostcat-scanners-pentest-tools.com_.webp&w=1536&q=100)
[New scanners] Detect SMBGhost and Ghostcat vulnerabilities with Pentest-Tools.com
Vulnerability scanners are essential pentesting tools to quickly discover critical security flaws before hackers do. The more specific, the more useful! To help our customers better detect if their systems are impacted by the SMBGhost and GhostCat vulnerabilities, we built and added two new, dedicated scanners on Pentest-Tools.com.
- Author(s)
- Published at
- Updated at
![Read the article titled [New enterprise feature] Add sub-users and share your Pentest-Tools.com plan](/_vercel/image?url=https:%2F%2Fcontent.pentest-tools.com%2Fassets%2Fcontent%2Fenterprise-feature-add-sub-users%2Fadd-sub-users-enterprise-feature-pentest-tools.com-2.webp&w=1536&q=100)
[New enterprise feature] Add sub-users and share your Pentest-Tools.com plan
Working on a security project is always better when your team is involved. That’s why you can now add multiple users to your Pentest-Tools.com account and share the plan with your team members. The new feature allows the account owner (the parent user) to create sub-users and share access to their account.
- Author(s)
- Published at
- Updated at
![Read the article titled How to simulate phishing attacks with the HTTP Request Logger](/_vercel/image?url=https:%2F%2Fcontent.pentest-tools.com%2Fassets%2Fcontent%2Fhow-to-simulate-phishing-attacks-with-http-request-logger.png&w=1536&q=100)
How to simulate phishing attacks with the HTTP Request Logger
As a penetration tester or a Red Team security consultant, you probably deal with lots of challenges when you want to simulate phishing attacks using social engineering techniques. Because our team’s goal is to make your job easier by providing the right tools, we’ve put together a hands-on guide you can use straight away!
- Author(s)
- Published at
- Updated at