Ethical hacking & pentesting blog
Come for the PoCs and security research focused on new CVEs and stay for the ethical exploitation guides and how-tos our offensive security specialists create.
Get fresh security research
In your inbox. (No fluff. Actionable stuff only.)
Why we continue to support young people find their way in infosec
Lifelong learning, constant practice, and the need to share knowledge and ideas with others are the reasons that got us in the infosec community. Because we all try to do our best in the work we do and have a positive impact on our field. And for that, we need to remind ourselves to stay engaged and always practice what we preach.
- Author(s)
- Published at
- Updated at
4 updates for next-level automation in security testing
Here are 4 platform improvements we’ve deployed to make Pentest-Tools.com a must-have for your security testing tool stack: Mark False Positives for future scans, Target description - automatically added to reports, Enable & configure email scan notifications, Login session timeout increased
- Author(s)
- Published at
- Updated at
![Read the article titled [New feature] Discover your Network’s Attack Surface](/_vercel/image?url=https:%2F%2Fcontent.pentest-tools.com%2Fassets%2Fcontent%2Ffeature-discover-network-attack-surface%2Fattack-surface-feature.webp&w=1536&q=50)
[New feature] Discover your Network’s Attack Surface
What if you could automatically… Get an instant overview of your network perimeter exposure? Find open ports that shouldn’t be publicly accessible at a glance? Detect old and forgotten web technologies from a centralized view?
- Author(s)
- Published at
- Updated at
Find out why lower-severity vulns are the bigger pain
Sometimes headline-making vulnerabilities aren’t necessarily the ones causing the most burning challenges for companies. What makes a difference during uncertain times is identifying the key focus points needed to support business priorities.
- Author(s)
- Published at
- Updated at
![Read the article titled [New scanner] Detect vulnerable F5 BIG-IP devices with Pentest-Tools.com](/_vercel/image?url=https:%2F%2Fcontent.pentest-tools.com%2Fassets%2Fcontent%2Fscanner-detect-f5-big-ip%2Fbig-ip-vulnerability-scanner-pentest-tools.com_.webp&w=1536&q=50)
How to attack F5 BIG-IP using CVE-2020-5902 (TMUI RCE)
Let’s tackle a vulnerability that broke out not only in BIG-IP firewalls but also on social media! When a major issue affecting a security product emerges, it immediately makes the headlines, the paradox of the situation impossible to ignore.
- Author(s)
- Published at
- Updated at
How to chain SMBleed and SMBGhost to get RCE in Windows 10
Think like an attacker, act like a defender. That’s the pentesters’ mantra, if you ask me. That’s why today we’re diving into one of the most interesting tactics that malicious actors use: vulnerability chaining.
- Author(s)
- Published at
- Updated at
How to exploit the DotNetNuke Cookie Deserialization
We looked at around 300 DotNetNuke deployments in the wild and discovered that one in five installations was vulnerable to CVE-2017-9822. That includes governmental and banking websites. As part of this research, we discovered a Remote Code Execution vulnerability exploitable through DNN Cookie Deserialization in one of the U.S. Department Of Defense’s biggest websites. After having responsibly reported it through HackerOne, the DOD solved the high-severity vulnerability and disclosed the report, with all details now publicly available.
- Author(s)
- Published at
- Updated at
