ethical hacking

Find actionable tips on how to ethically detect and exploit critical vulnerabilities in apps, systems, or networks.

How to extract TLS secrets from Android apps using Frida and Wireshark

Break Android's TLS fortress! Frida & Wireshark reveal hidden app secrets. Bypass SSL pinning, expose API calls, and master traffic decryption now.

Author(s)

David Bors

Published at: 14 Mar 2025

Security research

Buffer Overflows and Authentication Bypasses - exploiting CVE-2025-0282 and CVE-2024-55591

A critical Ivanti flaw lets attackers bypass defenses faster than you can patch. But that's not all. A silent vulnerability lurks in Fortinet, too.

Author(s)

Iulian Tita

Published at: 28 Feb 2025

Platform updates

Visualize exploit paths with the Sniper network graph

Whether working in offensive or defensive security, we all see it: high-risk, widespread vulnerabilities cause significant disruptions to already struggling security teams.

Author(s)

Andra Zaharia

Published at: 23 Jun 2022

Milestones

Behind the scenes – an interview with Adrian Furtuna, our founder and CEO

As cybercrime continues to escalate, businesses are increasingly prioritizing their cybersecurity strategies, often embracing penetration testing to address the most burning threats. Although this established practice is highly effective, there are still many necessary improvements to help scale it to the current needs of the tech ecosystem. CyberNews sat down with Adrian Furtuna, our Founder & CEO, to talk about the ins and outs of penetration testing. Here’s why Adrian believes that no matter how advanced the technology is, some aspects still need a human approach.

Author(s)

Ioana Rijnetu

Published at: 16 Feb 2022

Security research

How to exploit the VMware vCenter RCE with Pentest-Tools.com (CVE-2021-21985)

More high-risk vulnerabilities mean more work for you. The good news? You won’t be out of work anytime soon. The bad news? You’ll probably work a lot more than you anticipate. So how do you balance the good and the not-so-great? By having a replicable process for when a high-risk CVE that leads to RCE hits your targets (the likes of CVE-2021-21985).

Author(s)

Stefan Iridon

Published at: 25 Jan 2022

How we detect Log4Shell on Pentest-Tools.com

Security research

How we detect and exploit Log4Shell to help you find targets using vulnerable Log4j versions

We’re breaking down our technique for detecting CVE-2021-44228 (Log4Shell) because we believe our users should understand what’s happening behind the scanners so they can avoid a false sense of security.

Author(s)

Adrian Furtuna

Published at: 17 Dec 2021

Read the article titled Behind the Tools: Răzvan Ionescu on the growth mindset, insatiable curiosity, and being comfortable with change in ethical hacking

Milestones

Behind the Tools: Răzvan Ionescu on the growth mindset, insatiable curiosity, and being comfortable with change in ethical hacking

At Pentest-Tools.com, we use our managed pentesting services to learn from our customers and listen to them. Every one of us works hard to understand what users need and why, feeding that knowledge into the platform while we continue to learn and grow as individuals and as a team. That’s why we eat our own dog food and we always practice what we preach.

Author(s)

Ioana Rijnetu

Published at: 03 Sep 2021

Hacking tutorials

How to do a full website vulnerability assessment with Pentest-Tools.com

As a pentester, I have a good day when my workflow is smooth and uninterrupted. Pushing routine tasks to the background (sweet automation!) helps me stay focused. It frees up my mind to work on interesting findings and attack sequences that not everyone can see. Plus, it feels good to be productive and get stuff done!

Author(s)

Daniel Bechenea

Published at: 31 Mar 2021

Platform updates

Work smarter, not harder: 5 updates to enhance automation

It’s been an intense month and we’re excited to share the news! These 5 platform improvements are all about saving you time and energy, so you can focus on your most important tasks.

Author(s)

Ioana Rijnetu

Published at: 26 Oct 2020

Security research

Why Zerologon is the silent threat in your network

No red flags. No alerts. Full-on compromise. The way cybercriminals are putting together various vulnerabilities within the Microsoft infrastructure, including Zerologon vulnerability (CVE-2020-1472), is more than a trending topic in the infosec community. It’s a massive threat for organizations small and large.

Author(s)

Cristian Cornea

Published at: 21 Oct 2020

Discover our ethical hacking toolkit and all the free tools you can use!

Create free account