Ethical hacking & pentesting blog
Come for the PoCs and security research focused on new CVEs and stay for the ethical exploitation guides and how-tos our offensive security specialists create.
Get fresh security research
In your inbox. (No fluff. Actionable stuff only.)
April updates: Get RCE evidence for 6 critical CVEs
After weeks of working on auto-exploitation for this critical CVE (CVSSv3 9.8), we finally have it! As a Pentest-Tools.com customer, you can run Sniper Auto-Exploiter to get conclusive proof that validates targets vulnerable to this high-risk vulnerability, which bad actors have already shown interest in.
- Author(s)
- Published at
- Updated at
How to exploit Zabbix Unsafe Session Storage (CVE-2022-23131)
Due to its increasing popularity and administrative access to most companies’ infrastructure, Zabbix has become a high-profile target for threat actors. So of course a security issue like the Unsafe Session Storage vulnerability attracts motivated cybercriminals. If it’s up to you to find exploitable targets and gather proof for vulnerability validation for your ethical hacking engagements, this guide is for you!
- Author(s)
- Published at
- Updated at
How to manually detect and exploit Spring4Shell (CVE-2022-22965)
Just a few months after the Log4Shell brutally shook our world, when things started to look calm and peaceful again, the Vulnerability Gods have unleashed upon us. Another similarly named vulnerability in a popular Java framework – Spring4Shell – came to light. Is CVE-2022-22965 as dangerous and as widespread as its (slightly) older sibling? Stick with us to find out!
- Author(s)
- Published at
- Updated at
March updates: Spring4Shell: find and confirm exploitable targets and more updates
If you instantly thought of Log4Shell when Spring4Shell emerged just a few days ago, you’re not alone. A coolheaded analysis reveals this CVE is not as severe as last year’s Log4j vulnerability. Nevertheless, it remains a priority in terms of detection and patching. Here’s why.
- Author(s)
- Published at
- Updated at
How to detect and exploit Citrix ADC and Citrix Gateway (CVE-2020-8194)
Citrix systems are very popular, even famous, one could say. They even sponsor Formula 1 teams! But despite their notoriety, they use the FreeBSD OS on their devices and plain PHP for web services, so I got easy access to the code and analyzed it.
- Author(s)
- Published at
- Updated at
How to exploit a Remote Code Execution vulnerability in Laravel (CVE-2021-3129)
I discovered this vulnerability for the first time in the Horizontall machine from Hack The Box, and the conditions in which it’s triggered pushed me to understand it in more detail. CVE-2021-3129 reminds me about a log poisoning vulnerability, but with a different flavor.
- Author(s)
- Published at
- Updated at
How to exploit the HTTP.sys Remote Code Execution vulnerability (CVE-2022-21907)
Pattern recognition is what hundreds of security specialists in our community voted as the skill to cultivate for a rewarding infosec career. While we have some innate pattern recognition abilities, developing them is essential – and that’s a matter of practice. Working in offensive security gives you plenty of opportunities to do this, with new vulnerabilities ripe for close examination. So let’s go ahead and do just that while discovering how this CVE carries echoes from another vulnerability from a while back.
- Author(s)
- Published at
- Updated at
Behind the scenes – an interview with Adrian Furtuna, our founder and CEO
As cybercrime continues to escalate, businesses are increasingly prioritizing their cybersecurity strategies, often embracing penetration testing to address the most burning threats. Although this established practice is highly effective, there are still many necessary improvements to help scale it to the current needs of the tech ecosystem. CyberNews sat down with Adrian Furtuna, our Founder & CEO, to talk about the ins and outs of penetration testing. Here’s why Adrian believes that no matter how advanced the technology is, some aspects still need a human approach.
- Author(s)
- Published at
- Updated at
How to detect and exploit the Oracle WebLogic RCE (CVE-2020-14882 & CVE-2020-14883)
Pentesters love a good RCE, but, as much as we enjoy the thrill of detecting and exploiting it (ethically, of course), the tech ecosystem suffers every time one of these pops up. That’s why fast and effective recon and vulnerability assessment remain the go-to pentesting stages that help companies manage their risks so they can keep doing business and serving their customers. With your knowledge, experience, and advice, they can turn a potential hazard into a process that makes them stronger. Let’s take a closer look at the critical RCE vulnerability discovered in Oracle WebLogic Server and see how you can have a bigger positive impact in your organization and beyond it.
- Author(s)
- Published at
- Updated at
How to detect and exploit CVE-2021-26084, the Confluence Server RCE
Thinking like an attacker is the right mindset that can help you better cope with this staggering growth of RCE vulnerabilities. As a pentester, you know it better than anyone. You’re also the best positioned to use your experience and know-how to detect exposed critical assets before malicious actors do. To help you help others, I’ll explore a critical RCE vulnerability in the Atlassian Confluence server across Linux and Windows in this practical guide packed with detection tactics and mitigation methods.
- Author(s)
- Published at
- Updated at
