Ethical hacking & pentesting blog
Come for the PoCs and security research focused on new CVEs and stay for the ethical exploitation guides and how-tos our offensive security specialists create.
Get fresh security research
In your inbox. (No fluff. Actionable stuff only.)
Pentest Robots - rocket fuel for pentesters, not their replacement
Let me say this from the start: full automation is the wrong approach for scaling penetration testing. The whole “machines will replace humans” view doesn’t sit well with us. It’s too simplistic and it fails to capture the complexity and depth involved in security testing and the larger information security ecosystem. So how come we launched pentest robots - an automation feature - at Black Hat Europe 2020?
- Author(s)
- Published at
- Updated at
Work like a pro: 4 automation updates to save time and simplify your workflow
We worked hard this month to roll out new updates and we’re excited to share them with you! These 4 platform features are all about making your workflow smoother, so you can focus on the essential tasks:
- Author(s)
- Published at
- Updated at
Discover how dangerous a ‘Bad Neighbor’ can be - TCP/IP Vulnerability (CVE-2020-16898)
Patching is never easy, but doing it imperfectly can come back to bite you. That’s why today we’re unpacking a vulnerability that can resurface when improperly mitigated.
- Author(s)
- Published at
- Updated at
Why Zerologon is the silent threat in your network
No red flags. No alerts. Full-on compromise. The way cybercriminals are putting together various vulnerabilities within the Microsoft infrastructure, including Zerologon vulnerability (CVE-2020-1472), is more than a trending topic in the infosec community. It’s a massive threat for organizations small and large.
- Author(s)
- Published at
- Updated at
Why we continue to support young people find their way in infosec
Lifelong learning, constant practice, and the need to share knowledge and ideas with others are the reasons that got us in the infosec community. Because we all try to do our best in the work we do and have a positive impact on our field. And for that, we need to remind ourselves to stay engaged and always practice what we preach.
- Author(s)
- Published at
- Updated at
4 updates for next-level automation in security testing
Here are 4 platform improvements we’ve deployed to make Pentest-Tools.com a must-have for your security testing tool stack: Mark False Positives for future scans, Target description - automatically added to reports, Enable & configure email scan notifications, Login session timeout increased
- Author(s)
- Published at
- Updated at
[New feature] Discover your Network’s Attack Surface
What if you could automatically… Get an instant overview of your network perimeter exposure? Find open ports that shouldn’t be publicly accessible at a glance? Detect old and forgotten web technologies from a centralized view?
- Author(s)
- Published at
- Updated at
Find out why lower-severity vulns are the bigger pain
Sometimes headline-making vulnerabilities aren’t necessarily the ones causing the most burning challenges for companies. What makes a difference during uncertain times is identifying the key focus points needed to support business priorities.
- Author(s)
- Published at
- Updated at