Ethical hacking & pentesting blog
Come for the PoCs and security research focused on new CVEs and stay for the ethical exploitation guides and how-tos our offensive security specialists create.
Get fresh security research
In your inbox. (No fluff. Actionable stuff only.)
We think we know what it takes to build hacking tools
Why would someone spend a lot of their time making penetration testing tools? Especially when it takes what it takes to maintain them. Today on We think we know, we're peeling back the layers of offensive security with the enigmatic Panagiotis Chartas, also known by his alias - Telemachus - a nod to his Greek heritage and the strategic depth of his expertise.
- Author(s)
- Published at
- Updated at
We think we know our mind is our best hacking tool
From his early days of script kiddie shenanigans to helping shape the landscape of bug bounty programs, Inti's story is a thrilling ride through the highs and lows of offensive security. It also serves as a statement of the transformative power of curiosity and ethical hacking.
- Author(s)
- Published at
- Updated at
Mastering the essentials of API security with examples for OWASP Top 10 for APIs
When you hear about API (Application Programming Interface), do you get anxious because you don’t understand it very well? Do you feel like you can’t keep up with new technology? If you do, you’re not alone! Take a deep breath. Take another. Excellent! I’ll help you overcome your API security FOMO. In this guide, you’ll learn: how APIs work how to exploit the most common API vulnerabilities real-life examples of data breaches caused by API security issues API security best practices, and much more!
- Author(s)
- Published at
- Updated at
We think we know what it feels like when we do a good job
To deliver meaningful results as a pentester you have to be both patient and persistent. You have to love the process and strive for results for your clients. You also have to go in-depth and cultivate a broader understanding of all the pieces of the puzzle. Today’s guest, Willa Riggins, talks about how “every small piece contributes to the larger picture” in pentesting and explains why “it's about understanding the intricacies and appreciating the craftsmanship."
- Author(s)
- Published at
- Updated at
Offensive security pros share how ChatGPT impacts their work
Could 2024 be a pivotal moment for AI in offensive security? We know it challenges us to explore new ways to simplify our work, but how will penetration testers use ChatGPT as a tool for meaningful change? And, most importantly, which new advancements in this space are worth keeping an eye on?
- Author(s)
- Published at
- Updated at
We think we know how to build differentiating skills in offsec
There’s a constant loop of learning, doing, and improving in offensive security. And one way to develop the “muscle” to tackle complex security challenges is through hands-on training. That’s what IppSec, our guest, does with kindness, passion, and in the community’s best interest.
- Author(s)
- Published at
- Updated at
Securing your Laravel application: A comprehensive guide
As someone who has worked with the Laravel framework for years, I've seen firsthand the importance of taking security seriously. I've seen how simple mistakes lead to disastrous consequences, and I've also seen the benefits of a secure and well-maintained Laravel application.
- Author(s)
- Published at
- Updated at
Year in review: 2023 on Pentest-Tools.com
What you're about to see is a blend of worn-out keyboards, stubborn research, gallons of coffee, and a dash of frustration, all catalyzed by listening closely to what you, our customers, really want. Mix all of these and you get more than a product, more than a team that’s growing a company on its own terms.
- Author(s)
- Published at
- Updated at
The Pentest-Tools.com vulnerability research manifesto
We work everyday to develop the tools, detections, and exploits that help ethical hackers fight to improve organizations’ defenses. As you know, the fight is unfair - and rigged: penetration testers and other offensive security practitioners are bound by the terms of engagement, while attackers are free to do anything - and everything.
- Author(s)
- Published at
- Updated at
We think we know hacking is a tool for deeper change
If you have questions that boggle your mind about penetration testing, Jayson is the person to learn from. In the fourth episode of our We think we know podcast, we delve into the world of ethical hacking with the legendary Jayson E. Street.
- Author(s)
- Published at
- Updated at
