Search • Page 6/9

101 results for "unauthorized access"

How to exploit the HTTP.sys Remote Code Execution vulnerability (CVE-2022-21907)

Pattern recognition is what hundreds of security specialists in our community voted as the skill to cultivate for a rewarding infosec career. While we have some innate pattern recognition abilities, developing them is essential – and that’s a matter of practice. Working in offensive security gives you plenty of opportunities to do this, with new vulnerabilities ripe for close examination. So let’s go ahead and do just that while discovering how this CVE carries echoes from another vulnerability from a while back.

Author(s)

Stefan Iridon

Published at: 28 Feb 2022

Milestones

Behind the scenes – an interview with Adrian Furtuna, our founder and CEO

As cybercrime continues to escalate, businesses are increasingly prioritizing their cybersecurity strategies, often embracing penetration testing to address the most burning threats. Although this established practice is highly effective, there are still many necessary improvements to help scale it to the current needs of the tech ecosystem. CyberNews sat down with Adrian Furtuna, our Founder & CEO, to talk about the ins and outs of penetration testing. Here’s why Adrian believes that no matter how advanced the technology is, some aspects still need a human approach.

Author(s)

Ioana Rijnetu

Published at: 16 Feb 2022

Security research

How to detect and exploit the Oracle WebLogic RCE (CVE-2020-14882 & CVE-2020-14883)

Pentesters love a good RCE, but, as much as we enjoy the thrill of detecting and exploiting it (ethically, of course), the tech ecosystem suffers every time one of these pops up. That’s why fast and effective recon and vulnerability assessment remain the go-to pentesting stages that help companies manage their risks so they can keep doing business and serving their customers. With your knowledge, experience, and advice, they can turn a potential hazard into a process that makes them stronger. Let’s take a closer look at the critical RCE vulnerability discovered in Oracle WebLogic Server and see how you can have a bigger positive impact in your organization and beyond it.

Author(s)

Catalin Iovita

Published at: 02 Feb 2022

Security research

How to exploit the VMware vCenter RCE with Pentest-Tools.com (CVE-2021-21985)

More high-risk vulnerabilities mean more work for you. The good news? You won’t be out of work anytime soon. The bad news? You’ll probably work a lot more than you anticipate. So how do you balance the good and the not-so-great? By having a replicable process for when a high-risk CVE that leads to RCE hits your targets (the likes of CVE-2021-21985).

Author(s)

Stefan Iridon

Published at: 25 Jan 2022

Milestones

Year in review: 2021 on Pentest-Tools.com

Security is the gift that keeps on giving and never have we felt it like we did this year.

Author(s)

Andra Zaharia

Published at: 28 Dec 2021

Security research

Log4Shell scanner: detect and exploit Log4j CVE-2021-44228 in your network and web apps

We almost made it to a much-needed holiday break… and then Log4Shell happened.

Author(s)

Daniel Bechenea

Published at: 14 Dec 2021

Security research

How to detect the Zoho ManageEngine ADSelfService Plus RCE (CVE-2021-40539)

Overwhelmed by so many high-risk vulnerabilities that emerge? Thousands of them are disclosed every year and 2021 is no exception. Systems are complex, cyber attacks get more sophisticated, and patching is still a challenge for many organizations. As infosec pros, it’s our responsibility to help companies (and individuals) understand the real implications and impact of a critical vulnerability and help them find it before it gets worse.

Author(s)

Catalin Filip

Published at: 13 Dec 2021

Security research

Detect and exploit Gitlab CE/EE RCE with Pentest-Tools.com (CVE-2021-22205)

“Just patch it!” is the usual advice when a vulnerability hits (and it’s not a zero-day). But it’s never that simple in organizations that have to manage layers upon layers of infrastructure. When you have to deal with a critical CVE like the latest unauthenticated RCE in Gitlab (CVSSv3 10.0), the tangled, messy process of patching bubbles to the surface.

Author(s)

Daniel Bechenea

Published at: 05 Nov 2021

Milestones

We’re leveling up! Check out the new website and brand update!

As an ethical hacker, you know there’s always more to a piece of technology than meets the eye.

Author(s)

Andra Zaharia

Published at: 03 Nov 2021

Hacking tutorials

How to detect CVE-2021-22986 RCE with Pentest-Tools.com

As a pentester, when you see a major critical vulnerability persist for months in unpatched systems (like Log4Shell), you have a responsibility to help others understand its severity and how they can fix it. This is exactly why this article exists.

Author(s)

Cristian Cornea

Published at: 21 Sep 2021

Read the article titled Behind the Tools: Răzvan Ionescu on the growth mindset, insatiable curiosity, and being comfortable with change in ethical hacking

Milestones

Behind the Tools: Răzvan Ionescu on the growth mindset, insatiable curiosity, and being comfortable with change in ethical hacking

At Pentest-Tools.com, we use our managed pentesting services to learn from our customers and listen to them. Every one of us works hard to understand what users need and why, feeding that knowledge into the platform while we continue to learn and grow as individuals and as a team. That’s why we eat our own dog food and we always practice what we preach.

Author(s)

Ioana Rijnetu

Published at: 03 Sep 2021

Platform updates

Detect ProxyShell (pre-auth Microsoft Exchange RCE) with Pentest-Tools.com

On-prem Microsoft Exchange servers have created a lot of work for IT and security specialists in the past months. In March, ProxyLogon left servers vulnerable to Server-Side Request Forgery through CVE-2021-26855, so we launched a dedicated scanner for it. In May, #proxynotfound popped up, so we integrated detection for it into our Network Vulnerability Scanner to make detection and reporting faster.

Author(s)

Andra Zaharia

Published at: 11 Aug 2021

Discover our ethical hacking toolkit and all the free tools you can use!

Create free account