Ethical hacking & pentesting blog

Come for the PoCs and security research focused on new CVEs and stay for the ethical exploitation guides and how-tos our offensive security specialists create.

Read the article titled adrian-furtuna-pentest-tools.com-interview.png

Behind the scenes – an interview with Adrian Furtuna, our founder and CEO

The constant rise in cybercrime has surely pushed companies to take their cybersecurity more seriously, and many have turned to penetration testing as a way to combat multiplying threats. Although this established practice is highly effective, there are still many necessary improvements to help scale it to the current needs of the tech ecosystem. CyberNews sat down with Adrian Furtuna, our Founder & CEO, to talk about the ins and outs of penetration testing. Here’s why Adrian believes that no matter how advanced the technology is, some aspects still need a human approach.

Adrian Furtuna

Published at: 16 Feb 2022

9 min read

Read the article titled oracle-web-logic-cve-2020-14882-cve-2020-14883.png

How to detect and exploit the Oracle WebLogic RCE (CVE-2020-14882 & CVE-2020-14883)

Pentesters love a good RCE, but, as much as we enjoy the thrill of detecting and exploiting it (ethically, of course), the tech ecosystem suffers every time one of these pops up. That’s why fast and effective recon and vulnerability assessment remain the go-to pentesting stages that help companies manage their risks so they can keep doing business and serving their customers. With your knowledge, experience, and advice, they can turn a potential hazard into a process that makes them stronger. Let’s take a closer look at the critical RCE vulnerability discovered in Oracle WebLogic Server and see how you can have a bigger positive impact in your organization and beyond it.

Catalin Iovita

Published at: 02 Feb 2022

4 min read

Read the article titled confluence-rce-detect-exploit-cve-2021-26084.png

How to detect and exploit CVE-2021-26084, the Confluence Server RCE

Thinking like an attacker is the right mindset that can help you better cope with this staggering growth of RCE vulnerabilities. As a pentester, you know it better than anyone. You’re also the best positioned to use your experience and know-how to detect exposed critical assets before malicious actors do. To help you help others, I’ll explore a critical RCE vulnerability in the Atlassian Confluence server across Linux and Windows in this practical guide packed with detection tactics and mitigation methods.

Iulian Tita

Published at: 31 Jan 2022

6 min read

Read the article titled how-to-exploit-vmware-vcenter-rce-cve-2021-21985-.png

How to exploit the VMware vCenter RCE with Pentest-Tools.com (CVE-2021-21985)

More high-risk vulnerabilities mean more work for you. The good news? You won’t be out of work anytime soon. The bad news? You’ll probably work a lot more than you anticipate. So how do you balance the good and the not-so-great? By having a replicable process for when a high-risk CVE that leads to RCE hits your targets (the likes of CVE-2021-21985).

Stefan Iridon

Published at: 25 Jan 2022

6 min read

Read the article titled pentest-tools.com-december-2021-platform-updates.png

December updates: 6 new ways to make your workflow smoother

Hope 2022 is off to a great start for you! Supporting your security efforts is what we do, so here’s a fresh batch of platform updates we rolled out at the end of 2021. Why check them out? Because they’ll help you get more work done, faster with the same tools and features you know (and hopefully love!).

Ioana Rijnetu

Published at: 20 Jan 2022

4 min read

2021 highlights on Pentest-Tools.com2021-highlights-on-Pentest-Tools.com.png

Year in review: 2021 on Pentest-Tools.com

Security is the gift that keeps on giving and never have we felt it like we did this year.

Andra Zaharia

Published at: 28 Dec 2021

11 min read

How we detect Log4Shell on Pentest-Tools.comHow-we-detect-Log4Shell-at-pentest-tools.com.png

How we detect and exploit Log4Shell to help you find targets using vulnerable Log4j versions

We’re breaking down our technique for detecting CVE-2021-44228 (Log4Shell) because we believe our users should understand what’s happening behind the scanners so they can avoid a false sense of security.

Adrian Furtuna

Published at: 17 Dec 2021

4 min read

Read the article titled November-2021-updates-on-Pentest-Tools.com.png

November updates for powerful workflows, including detection for Log4Shell

Giving you the tools you need right now to speed up detection and reporting is always our top priority. Especially when your work is essential to effectively prioritize remediation. So, with every monthly update, we strive to do just that.

Ioana Rijnetu

Published at: 16 Dec 2021

4 min read

Read the article titled Detect-Log4Shell-scanner.png

Log4Shell scanner: detect and exploit Log4j CVE-2021-44228 in your network and web apps

We almost made it to a much-needed holiday break… and then Log4Shell happened.

Daniel Bechenea

Published at: 14 Dec 2021

6 min read

Read the article titled detect-zoho-manageengine-adselfservice-plus-rce.png

How to detect the Zoho ManageEngine ADSelfService Plus RCE (CVE-2021-40539)

Overwhelmed by so many high-risk vulnerabilities that emerge? Thousands of them are disclosed every year and 2021 is no exception. Systems are complex, cyber attacks get more sophisticated, and patching is still a challenge for many organizations. As infosec pros, it’s our responsibility to help companies (and individuals) understand the real implications and impact of a critical vulnerability and help them find it before it gets worse.

Catalin Filip

Published at: 13 Dec 2021

6 min read

Read the article titled detect-cve-2021-22205-with-pentest-tools.com_.png

Detect and exploit Gitlab CE/EE RCE with Pentest-Tools.com (CVE-2021-22205)

“Just patch it!” is the usual advice when a vulnerability hits (and it’s not a zero-day). But it’s never that simple in organizations that have to manage layers upon layers of infrastructure. When you have to deal with a critical CVE like the latest unauthenticated RCE in Gitlab (CVSSv3 10.0), the tangled, messy process of patching bubbles to the surface.

Daniel Bechenea

Published at: 05 Nov 2021

7 min read

We’re leveling up! Check out the new website and brand update!

As an ethical hacker, you know there’s always more to a piece of technology than meets the eye.

Andra Zaharia

Published at: 03 Nov 2021

7 min read