Ethical hacking & pentesting blog
Come for the PoCs and security research focused on new CVEs and stay for the ethical exploitation guides and how-tos our offensive security specialists create.
Get fresh security research
In your inbox. (No fluff. Actionable stuff only.)
Securing your Laravel application: A comprehensive guide
As someone who has worked with the Laravel framework for years, I've seen firsthand the importance of taking security seriously. I've seen how simple mistakes lead to disastrous consequences, and I've also seen the benefits of a secure and well-maintained Laravel application.
- Author(s)
- Published at
- Updated at
Year in review: 2023 on Pentest-Tools.com
What you're about to see is a blend of worn-out keyboards, stubborn research, gallons of coffee, and a dash of frustration, all catalyzed by listening closely to what you, our customers, really want. Mix all of these and you get more than a product, more than a team that’s growing a company on its own terms.
- Author(s)
- Published at
- Updated at
The Pentest-Tools.com vulnerability research manifesto
We work everyday to develop the tools, detections, and exploits that help ethical hackers fight to improve organizations’ defenses. As you know, the fight is unfair - and rigged: penetration testers and other offensive security practitioners are bound by the terms of engagement, while attackers are free to do anything - and everything.
- Author(s)
- Published at
- Updated at
We think we know hacking is a tool for deeper change
If you have questions that boggle your mind about penetration testing, Jayson is the person to learn from. In the fourth episode of our We think we know podcast, we delve into the world of ethical hacking with the legendary Jayson E. Street.
- Author(s)
- Published at
- Updated at
We think we know offensive security is an infinite game (and why)
There is no end goal in this industry. You're always going to keep moving forward. This quote from our guest does a great job at capturing the conversation we explore in this podcast: the love for the process, the hunger for knowledge, how to add value for clients, and become a better penetration tester. For the third episode of We think we know, we welcome Tim Connell, an enthusiastic penetration tester and the Director of Cybersecurity Services at Pulsar Security, to explore the most common security testing myths and misconceptions.
- Author(s)
- Published at
- Updated at
We think we know how to give pentest clients what they really need
It’s not just penetration testing, just like today’s guest is not just an offensive security pro. If you’re the ambitious type who’s always up for new challenges, then you’re most likely going to resonate with today’s guest and his approach. Experienced penetration tester and Volkis co-founder, Alexei Doudkine joins us in the second episode of We think we know to debunk pentesting misconceptions.
- Author(s)
- Published at
- Updated at
From bypass to breach: how to get RCE in Confluence's latest CVEs
I’m gonna help you get the answers you need by demonstrating how to go beyond authentication bypass and achieve RCE using CVE-2023-22515 and CVE-2023-22518. Together we’ll explore their root causes and how to demonstrate the risk involved if an attacker uses these CVEs successfully.
- Author(s)
- Published at
- Updated at
We think we know how to explain the value of a penetration test
Welcome to We think we know, the podcast in which we flip the script on what you thought you knew about penetration testing. Navigating a maze of tight deadlines and limited scopes while your expertise sometimes gets squeezed into a compliance checkbox can take a toll. Offensive security work is not about ticking off tasks. Many of us have a deep need for constant growth – and some overdue recognition.
- Author(s)
- Published at
- Updated at
3 initial access tactics to simulate in your penetration tests
In this guide, I’ll talk about these tactics (phishing attacks, RDP attacks, and exploitable vulnerabilities) pentesters can use to simulate realistic attack scenarios and apply them in their ethical hacking engagements. You'll walk away with practical examples and actionable advice on how to effectively replicate these attacks. Plus, you’ll help your customers to create better security awareness inside their organizations.
- Author(s)
- Published at
- Updated at
