Ethical hacking & pentesting blog

Come for the PoCs and security research focused on new CVEs and stay for the ethical exploitation guides and how-tos our offensive security specialists create.

Read the article titled wordpress-remote-code-execution-attack-pentest-tools.com_.webp

Analysis of a WordPress Remote Code Execution Attack

This article shows our analysis of a known attack (presented in February 2019) against WordPress versions 5.0.0 and lower, awarding an intruder with arbitrary code execution on the webserver. The article covers each exploitation step and HTTP request required for a successful attack.

Razvan Ionescu

Published at: 21 May 2019

9 min read

Common SQL Injection Attacks

SQL Injection attacks are still a threat to current web applications, despite their long history. In this article, we discuss the most common SQL Injection attack techniques with concrete examples from DVWA (Damn Vulnerable Web Application).

Satyam Singh

Published at: 23 Apr 2019

13 min read

Read the article titled updated-pentest-reporting-feature-pentest-tools.com_..webp

A faster, enhanced version of the Advanced Pentest Reporting feature

Writing a pentest report about the results of your vulnerability assessment doesn’t have to be a difficult, time-consuming task.

Ioana Rijnetu

Published at: 15 Mar 2019

2 min read

Read the article titled exploiting-ognl-injection-apache-struts.webp

Exploiting OGNL Injection in Apache Struts

Let’s understand how OGNL Injection works in Apache Struts. We’ll exemplify with two critical vulnerabilities in Struts: CVE-2017-5638 (Equifax breach) and CVE-2018-11776.

Ionuț Popescu

Published at: 14 Mar 2019

24 min read

Read the article titled updated-website-vulnerability-scanner.webp

An enhanced version of our Website Vulnerability Scanner

To check the security of a web application or server, you need an automated scanner to save time spent on manual work. Our Website Vulnerability Scanner does that and much more (including detecting widespread vulnerabilities like Log4Shell)!

Ioana Rijnetu

Published at: 13 Feb 2019

2 min read

Read the article titled how-to-use-nmap-to-scan-1.webp

Inside Nmap, the world’s most famous port scanner

This article is a deep dive into how Nmap works, to understand its internal structure, and to master its functionality.

Satyam Singh

Published at: 08 Jan 2019

9 min read

Read the article titled write-pentest-report-in-5-minutes.webp

Pentest report writing in 5 minutes (Defcamp 2018 talk)

Tired of writing pentest reports? Let’s automate this process and let you get back to hacking! Slides included.

Adrian Furtuna

Published at: 12 Nov 2018

3 min read

Read the article titled http-headers-securing-web-server.webp

Essential HTTP Headers for securing your web server

In this article, we discuss the most important HTTP headers that you should configure on your web server in order to improve its security.

Satyam Singh

Published at: 22 Oct 2018

10 min read

5 Practical Scenarios for XSS Attacks

Let’s explore a couple of practical attack scenarios that can be implemented as PoCs to prove the real risk of Cross-Site Scripting (XSS) vulnerabilities.

Satyam Singh

Published at: 04 Oct 2018

10 min read