Ethical exploitation

Learn about ethical ways to exploit systems to find and report vulnerabilities and enhance security posture.

Throwing a spark into FuelCMS

FuelCMS v1.5.2 might be an older, largely unmaintained project, but its codebase is still highly combustible. In our latest research sprint, we uncovered seven new vulnerabilities lurking under the hood. Read the full article to see the raw HTTP requests, learn how we bypassed brute-force rate limits, and watch us turn simple template syntax into a full system compromise.

Author(s)

Matei "Mal" Badanoiu (aka CVE Jesus)

Published at: 05 Mar 2026

Security research

cPanel - The valid, the suspect, and the 3rd party (Part 1)

Ever wondered what you can still do with 25-year-old code in a modern hosting environment? PTT-2025-021 was quite the journey! Unpack this (potentially Remote) Code Execution vulnerability we discovered and disclosed, which lets you bypass restricted environments like cPanel's jailshell. In part 1 of 3, we break down how an unsafe Perl "open" function became our ticket to a executing arbitrary system commands - and how the exploit works.

Author(s)

Matei "Mal" Badanoiu (aka CVE Jesus)

Published at: 08 Jan 2026

Security research

Buffer Overflows and Authentication Bypasses - exploiting CVE-2025-0282 and CVE-2024-55591

A critical Ivanti flaw lets attackers bypass defenses faster than you can patch. But that's not all. A silent vulnerability lurks in Fortinet, too.

Author(s)

Iulian Tita

Published at: 28 Feb 2025

Hacking tutorials

Cross-site WebSocket hijacking: understanding and exploiting CSWSH

This is an example of why it's worth taking a look in all the "boring" places (think RFC). They just might help you find the vulnerability you've been searching for!

Author(s)

Sacha Iakovenko

Published at: 30 Oct 2024

Platform updates

Visualize exploit paths with the Sniper network graph

Whether working in offensive or defensive security, we all see it: high-risk, widespread vulnerabilities cause significant disruptions to already struggling security teams.

Author(s)

Andra Zaharia

Published at: 23 Jun 2022

Platform updates

January updates: new pentest robots and stronger integration

“Great for streamlining any security engagement” is the kind of feedback that keeps us working to roll our monthly updates. Here’s what we did last month to honor this commitment.

Author(s)

Ioana Rijnetu

Published at: 18 Feb 2022

Milestones

Behind the scenes – an interview with Adrian Furtuna, our founder and CEO

As cybercrime continues to escalate, businesses are increasingly prioritizing their cybersecurity strategies, often embracing penetration testing to address the most burning threats. Although this established practice is highly effective, there are still many necessary improvements to help scale it to the current needs of the tech ecosystem. CyberNews sat down with Adrian Furtuna, our Founder & CEO, to talk about the ins and outs of penetration testing. Here’s why Adrian believes that no matter how advanced the technology is, some aspects still need a human approach.

Author(s)

Ioana Rijnetu

Published at: 16 Feb 2022

Security research

How to detect and exploit the Oracle WebLogic RCE (CVE-2020-14882 & CVE-2020-14883)

Pentesters love a good RCE, but, as much as we enjoy the thrill of detecting and exploiting it (ethically, of course), the tech ecosystem suffers every time one of these pops up. That’s why fast and effective recon and vulnerability assessment remain the go-to pentesting stages that help companies manage their risks so they can keep doing business and serving their customers. With your knowledge, experience, and advice, they can turn a potential hazard into a process that makes them stronger. Let’s take a closer look at the critical RCE vulnerability discovered in Oracle WebLogic Server and see how you can have a bigger positive impact in your organization and beyond it.

Author(s)

Catalin Iovita

Published at: 02 Feb 2022

Security research

How to detect and exploit CVE-2021-26084, the Confluence Server RCE

Thinking like an attacker is the right mindset that can help you better cope with this staggering growth of RCE vulnerabilities. As a pentester, you know it better than anyone. You’re also the best positioned to use your experience and know-how to detect exposed critical assets before malicious actors do. To help you help others, I’ll explore a critical RCE vulnerability in the Atlassian Confluence server across Linux and Windows in this practical guide packed with detection tactics and mitigation methods.

Author(s)

Iulian Tita

Published at: 31 Jan 2022

Security research

How to exploit the VMware vCenter RCE with Pentest-Tools.com (CVE-2021-21985)

More high-risk vulnerabilities mean more work for you. The good news? You won’t be out of work anytime soon. The bad news? You’ll probably work a lot more than you anticipate. So how do you balance the good and the not-so-great? By having a replicable process for when a high-risk CVE that leads to RCE hits your targets (the likes of CVE-2021-21985).

Author(s)

Stefan Iridon

Published at: 25 Jan 2022

How we detect Log4Shell on Pentest-Tools.com

Security research

How we detect and exploit Log4Shell to help you find targets using vulnerable Log4j versions

We’re breaking down our technique for detecting CVE-2021-44228 (Log4Shell) because we believe our users should understand what’s happening behind the scanners so they can avoid a false sense of security.

Author(s)

Adrian Furtuna

Published at: 17 Dec 2021

Security research

Detect and exploit Gitlab CE/EE RCE with Pentest-Tools.com (CVE-2021-22205)

“Just patch it!” is the usual advice when a vulnerability hits (and it’s not a zero-day). But it’s never that simple in organizations that have to manage layers upon layers of infrastructure. When you have to deal with a critical CVE like the latest unauthenticated RCE in Gitlab (CVSSv3 10.0), the tangled, messy process of patching bubbles to the surface.