Ethical hacking & pentesting blog

How web cache poisoning works and how to exploit it

Elevate your next pentest by exploiting web cache poisoning. This deep dive uncovers the RFC nuances, common misconfigurations, and unkeyed request components that transform low-severity injections into critical, widespread compromises. Learn practical detection, exploitation (with PoCs!), and advanced mitigation techniques to weaponize your findings.

What the experts say: Machine learning in offensive security

In this third installment, we stop talking and start listening. We asked seasoned offensive security professionals how they actually use machine learning in the field. Their verdict? ML works, when it’s focused. From spotting phishing entry points to flagging suspicious authentication patterns, the value is real. But it’s not magic. Used blindly, it adds noise. Used wisely, it accelerates analysts.

When severity scores mislead - the case against single-metric risk models

Are you still chasing high CVSS scores? Learn how multi-dimensional risk models reveal what attackers really target.

How we cut web fuzzing FPs by 50% using Machine Learning

Beyond passive and active - a modern approach to network reconnaissance

This isn't your textbook recon. We're dissecting how modern network analysis blurs 'passive' and 'active,' offering a clearer path to target vulnerabilities.

Next.js security alert - how to attack and fix CVE-2025-29927

A single header bypass can compromise your entire Next.js application. Are you at risk? Find out how to fix CVE-2025-29927.

How to extract TLS secrets from Android apps using Frida and Wireshark

Break Android's TLS fortress! Frida & Wireshark reveal hidden app secrets. Bypass SSL pinning, expose API calls, and master traffic decryption now.

Buffer Overflows and Authentication Bypasses - exploiting CVE-2025-0282 and CVE-2024-55591

A critical Ivanti flaw lets attackers bypass defenses faster than you can patch. But that's not all. A silent vulnerability lurks in Fortinet, too.

Unpacking LDAPNightmare (CVE-2024-49113 and CVE-2024-49112)

Uncover the secrets of LDAPNightmare - crash domain controllers, exploit AD weaknesses, and sharpen your pentesting skills

Year in review: 2024 on Pentest-Tools.com

🚀 2024 was one for the books at Pentest-Tools.com! Here are our customers' favorites and what made our year!

Cross-site WebSocket hijacking: understanding and exploiting CSWSH

This is an example of why it's worth taking a look in all the "boring" places (think RFC). They just might help you find the vulnerability you've been searching for!

How and why we built the Kubernetes Vulnerability Scanner

We began developing the Kubernetes Scanner with a focus on black and gray box remote scanning scenarios, as these are the most common among bug bounty hunters, pentesters, and red-teamers. We believe our Kubernetes Vulnerability Scanner is a state of the art improvement for its category of tools, but we don’t plan to stop here. We have a range of improvements in mind, from new detections and exploits to better integrations with other tools that will make this scanner an even more important asset for our customers.