How to Exploit the BlueKeep Vulnerability with MetasploitIn this article, we show our approach for exploiting the RDP BlueKeep vulnerability using the recently proposed Metasploit module.Author(s)Razvan Ionescu,Stefan Bratescu,Cristin SirbuPublished at10 Sep 2019Updated at11 Jul 2023
Pentest-Tools.com to participate at Black Hat Europe 2019Pentest-Tools.com will be exhibiting at Black Hat Europe 2019. Join us in December for one of the biggest cybersecurity events and come to meet the Pentest-Tools.com team.Author(s)Ioana RijnetuPublished at28 Aug 2019Updated at05 Jul 2022
Customized white label, website scanner improvements & other platform updatesHere are 7 platform improvements we deployed in the current update to make Pentest-Tools.com a valuable asset for your pentesting toolbox.Author(s)Ioana RijnetuPublished at20 Aug 2019Updated at05 Dec 2023
Delete scans through the API, edit scheduled scans, and more improvementsHere are 5 platform improvements we’ve worked on in the current update to make Pentest-Tools.com a must-have asset for your pentesting toolkit.Author(s)Ioana RijnetuPublished at30 Jul 2019Updated at07 Jul 2022
[New scanners] Find Associated Domains, Password Auditor, and 2 more new toolsVulnerability scanners are essential tools for penetration testers who need to assess the security of their servers, sites, or networks. That’s why we focus on adding new scanners on Pentest-Tools.com to help our customers discover critical security flaws quickly and effectively.Author(s)Ioana RijnetuPublished at25 Jul 2019Updated at18 Jul 2023
BlueKeep, the Microsoft RDP vulnerability - What we know so farBlueKeep is a critical security flaw found in Microsoft Remote Desktop Services that was making the headlines for the past two months. In this article, we explore the key facts about this vulnerability.Author(s)Ioana RijnetuPublished at23 Jul 2019Updated at11 Jul 2023
Exploiting SQL Injection in Magento Using SqlmapIn this article we show a new method of exploiting the critical SQL Injection vulnerability in Magento (CVE-2019-7139), using the well known SQLMap tool.Author(s)Alexandru PostolachePublished at14 Jun 2019Updated at05 Dec 2023
How to do a Basic Website Vulnerability Assessment with Pentest-Tools.comLet’s see how to perform a basic security evaluation of your web application with the tools from Pentest-Tools.com.Author(s)Adrian FurtunaPublished at24 May 2019Updated at09 Jun 2023
Announcing our managed pentesting services for web applicationsChecking for vulnerabilities and how attackers could exploit them provide valuable insights on how you can improve your company’s security posture.Author(s)Ioana RijnetuPublished at23 May 2019Updated at26 Jul 2022
Analysis of a WordPress Remote Code Execution AttackThis article shows our analysis of a known attack (presented in February 2019) against WordPress versions 5.0.0 and lower, awarding an intruder with arbitrary code execution on the webserver. The article covers each exploitation step and HTTP request required for a successful attack.Author(s)Razvan IonescuPublished at21 May 2019Updated at19 Jun 2023
A faster, enhanced version of the Advanced Pentest Reporting featureWriting a pentest report about the results of your vulnerability assessment doesn’t have to be a difficult, time-consuming task.Author(s)Ioana RijnetuPublished at15 Mar 2019Updated at18 Jul 2023
Exploiting OGNL Injection in Apache StrutsLet’s understand how OGNL Injection works in Apache Struts. We’ll exemplify with two critical vulnerabilities in Struts: CVE-2017-5638 (Equifax breach) and CVE-2018-11776.Author(s)Ionuț PopescuPublished at14 Mar 2019Updated at16 Oct 2023