Ethical hacking & pentesting blog

Come for the PoCs and security research focused on new CVEs and stay for the ethical exploitation guides and how-tos our offensive security specialists create.

Read the article titled detect-broken-authentication-with-pentest-tools.com_-1.webp

Platform Tutorials

How to detect broken authentication with Pentest-Tools.com

OWASP Top 10 is an industry staple for a reason: because it’s incredibly well documented and provides a reliable framework for security specialists striving to prioritize vulns.

Cristian Cornea

Published at: 07 Apr 2021

9 min read

Read the article titled website-vulnerability-assessment.webp

Platform Tutorials

How to do a full website vulnerability assessment with Pentest-Tools.com

As a pentester, I have a good day when my workflow is smooth and uninterrupted. Pushing routine tasks to the background (sweet automation!) helps me stay focused. It frees up my mind to work on interesting findings and attack sequences that not everyone can see. Plus, it feels good to be productive and get stuff done!

Daniel Bechenea

Published at: 31 Mar 2021

12 min read

Platform Updates

Run laser-focused scans with these 5 platform updates

This month we roll out 5 fresh updates worth trying. Why?

Ioana Rijnetu

Published at: 22 Mar 2021

3 min read

Read the article titled detect-injection-flaws-with-pentest-tools.com_.webp

Platform Tutorials

How to detect injection flaws with Pentest-Tools.com

Whether you’re a penetration tester, bug bounty hunter, or security pro, you’re probably familiar with all the OWASP Top 10 vulnerabilities affecting web applications.

Cristian Cornea

Published at: 19 Mar 2021

11 min read

Read the article titled 4-platform-improvements-added-pentest-tools.com_.webp

Platform Updates

4 platform updates you need to know about

It’s been an intense start to the New Year and we’re excited to share what we worked on! These 4 platform improvements are all about streamlining your workflow, so you can focus on the important tasks.

Ioana Rijnetu

Published at: 21 Feb 2021

2 min read

Read the article titled pentest-robots-feature-launch-at-black-hat-europe-.webp

Events

Pentest Robots - rocket fuel for pentesters, not their replacement

Let me say this from the start: full automation is the wrong approach for scaling penetration testing. The whole “machines will replace humans” view doesn’t sit well with us. It’s too simplistic and it fails to capture the complexity and depth involved in security testing and the larger information security ecosystem. So how come we launched pentest robots - an automation feature - at Black Hat Europe 2020?

Andra Zaharia

Published at: 10 Dec 2020

12 min read

Read the article titled pentest-tools.com-november-product-updates.webp

Platform Updates

Work like a pro: 4 automation updates to save time and simplify your workflow

We worked hard this month to roll out new updates and we’re excited to share them with you! These 4 platform features are all about making your workflow smoother, so you can focus on the essential tasks:

Ioana Rijnetu

Published at: 17 Nov 2020

3 min read

Read the article titled scan-web-applications-that-require-authentication-pentest-tools.com_.webp

Platform Tutorials

How to perform authenticated website scans with Pentest-Tools.com

This article shows how to scan a web application that requires authentication using the Website Vulnerability Scanner tool.

Cristin Sirbu

Published at: 04 Nov 2020

7 min read

Read the article titled microsoft-rce-vulnerability-bad-neighbor-2.webp

Security Research

Discover how dangerous a ‘Bad Neighbor’ can be - TCP/IP Vulnerability (CVE-2020-16898)

Patching is never easy, but doing it imperfectly can come back to bite you. That’s why today we’re unpacking a vulnerability that can resurface when improperly mitigated.

Cristian Cornea

Published at: 03 Nov 2020

8 min read

Platform Updates

Work smarter, not harder: 5 updates to enhance automation

It’s been an intense month and we’re excited to share the news! These 5 platform improvements are all about saving you time and energy, so you can focus on your most important tasks.

Ioana Rijnetu

Published at: 26 Oct 2020

3 min read

Read the article titled zerologon-chaining-vulnerablity.webp

Security Research

Why Zerologon is the silent threat in your network

No red flags. No alerts. Full-on compromise. The way cybercriminals are putting together various vulnerabilities within the Microsoft infrastructure, including Zerologon vulnerability (CVE-2020-1472), is more than a trending topic in the infosec community. It’s a massive threat for organizations small and large.

Cristian Cornea

Published at: 21 Oct 2020

9 min read

Read the article titled pentest-tools.com-at-hackathon-innovation-labs.webp

Events

Why we continue to support young people find their way in infosec

Lifelong learning, constant practice, and the need to share knowledge and ideas with others are the reasons that got us in the infosec community. Because we all try to do our best in the work we do and have a positive impact on our field. And for that, we need to remind ourselves to stay engaged and always practice what we preach.

Ioana Rijnetu

Published at: 15 Oct 2020

6 min read