Rilasciata Kali Linux 2025.4: Novità e Miglioramenti
#kalilinux è una distribuzione #gnulinux specializzata, sviluppata e mantenuta da Offensive Security, progettata specificamente per ethical hacking, penetration testing e sicurezza informatica. Basata su Debian, Kali Linux è completamente libera e #opensource offrendo un’ampia gamma di strumenti preinstallati per analisi di vulnerabilità, test di rete e forensica digitale.
The signal-to-noise ratio in #Infosec feels like it’s hitting an all-time low. Between marketing hype and the fragmentation of social platforms, keeping up with the threat landscape without burning out is a challenge.
We got tired of the noise, so we polled our own red team and engineers: "What are the newsletters you actually open and read every week?"
We compiled the answers into a curated list. No fluff, no vendor spam—just the resources that help with deep-dive exploit analysis and industry shifts.
Check the list here: https://pentest-tools.com/blog/ethical-hacking-newsletters
What are we missing? If you have a niche RSS feed or newsletter that keeps you sane, drop it in the replies. 👇
#EthicalHacking #OffensiveSecurity #CyberSecurity #RedTeam #Pentesting #Newsletters
🚨 Supply Chain Attack Simulation on Drupal (PoC, not a CVE)
What if a malicious actor hijacked the update server for your favorite CMS?
I built a full lab scenario to demonstrate how it could happen — and how to defend against it.
🔬 Techniques covered:
MITM + rogue CA, fake update feeds, trojanized package → RCE & persistence.
Full doc + PDF PoC.
Full documentation: attack steps, scripts (in PDF), hardening tips
⚠️ Not a Drupal 0-day — this is a controlled, educational simulation for awareness and training.
💡 Why it matters
Supply chain attacks are no longer theoretical.
This demo helps Blue Teams, Red Teams, developers, and trainers strengthen detection, review processes, and update security.
Questions or feedback?
DM me or email me (contact in README).
All in lab, all safe
#cybersecurity #infosec #securityresearch #offensivesecurity #blueteam
#redteam #supplychainsecurity #drupal #websecurity #devsecops
#softwaresecurity #rce #mitm
The cybersecurity certification landscape is a puzzle for professionals and employers alike. In this article - the first of a series - we have tried to rationalize the best choices out there for different types of professionals and career paths.
#cybersecurity #certifications #career #ISC #CompTIA #ISACA #ECCouncil #SANS #GIAC #OffensiveSecurity
https://negativepid.blog/the-cybersecurity-certification-landscape/
https://negativepid.blog/the-cybersecurity-certification-landscape/
AI CAI đang trở thành người dẫn đầu toàn cầu trong các cuộc thi CTF (Capture-the-Flag), vượt qua hàng ngàn đội người. Điều này đặt ra câu hỏi liệu CTF có còn là thước đo vững chắc cho kỹ năng con người trong an ninh mạng không? AI đang thay đổi cách chúng ta đánh giá tài năng bảo mật!
#AI #Cybersecurity #CTF #OffensiveSecurity #MachineLearning #AnNinhMạng #TríTuệNhânTạo
While folks are still recovering from Thanksgiving, our engineering team has been shipping new detection and exploitation modules.
If you're looking to cut noise and prove impact, here is what landed in Pentest-Tools.com this November:
Sniper: 3 new RCE modules (Oracle EBS, React Native Community CLI, WordPress Simple File List).
Network Scanner: Detection for ASP.NET Core request smuggling.
Web Scanner: Smarter SQLi testing logic.
Watch the full rundown here: https://www.youtube.com/watch?v=xQsT_f0jd9E
Full changelog: https://pentest-tools.com/change-log
#cybersecurity #vulnerabilitymanagement #offensivesecurity #infosec #devsecops
Vulnerability assessment tools are everywhere. Accurate results are not.
Scanners produce noise, not proof. This leaves teams chasing false positives and delivering reports that fail to earn confidence.
Our new white paper explores the anatomy of accuracy:
🔹 Proof: Verifiable evidence (screenshots, traces)
🔹 Reproducibility: Consistent results
🔹 Context: Real-world exploitability (EPSS)
🔹 Clarity: Actionable findings
Stop chasing noise. Start validating risk.
Read the full white paper: https://pentest-tools.com/usage/accuracy
A scan today doesn’t protect you from the CVE released tomorrow.
The gap between your quarterly pentests is exactly where attackers thrive. They don’t wait for your schedule, and your defense shouldn't either.
Vulnerability monitoring turns your security from a snapshot into a continuous process.
With Pentest-Tools.com, you can:
🔄 Schedule recurring scans: Daily, weekly, or monthly. Set it and forget it.
🔔 Get notified instantly: Receive alerts via email, Slack, or Webhooks the moment a new risk is detected.
📈 Track your evolution: See how your security posture changes over time.
Stop treating security like a static event.
Start monitoring your attack surface here: https://pentest-tools.com/features/vulnerability-monitoring
#vulnerabilitymanagement #offensivesecurity #infosec #automation
Hoàn thành phòng Offensive Security Intro trên TryHackMe, trải nghiệm hacking website an toàn và tìm hiểu công việc của hacker đạo đức #Hacking #AnToanMang #TryHackMe #HackerĐạoĐức #OffensiveSecurity #CyberSecurity #BảoMậtMạng #LậpTrình #Programming
eepy day today, just gave TCM Security's PNPT exam another crack and is going to result in another failure. I got further, but it's still frustrating as I had a clear attack path that I just wasn't able to effectively exploit. Disappointing...
#tcmsecurity #pnpt #offensivesecurity #pentesting #penetrationtesting #exam
DefCamp 2025, you were so awesome! ⚡️
Another year, another incredible edition in the books. We are so proud to have been part of this event once again and to see the community showing up in full force in Bucharest.
Huge kudos to the organizers for pulling off such a great gathering. It was a blast seeing so many familiar faces and meeting so many new people who share our passion for breaking things (for the right reasons).
A few highlights from our team:
🎤 The talks: It was a big year for our research team on stage!
Our Founder & CEO, Adrian Furtuna, explored how LLMs are changing the game in "VIBE Pentesting" (enhancing the human hacker, not replacing them!).
Our Offensive Security Research Lead, Matei "CVE Jesus" Bădănoiu, took us deep into the "Nightmare Factory," breaking down the process behind the 15 fresh 0-days the team found this year.
📺 Missed them live? Don't worry, we'll be sharing the recordings on our YouTube channel soon, so keep an eye out!
👕 The swag: We knew our new merch was cool, but that line?! Seeing so many of you waiting to grab a Pentest-Tools.com T-shirt was a massive compliment. We hope you wear them while you hunt your next bug.
We’re already looking forward to the next one!
#DefCamp2025 #OffensiveSecurity #InfosecCommunity #Cybersecurity #Pentesting
🚨 Old vuln, fresh damage - attackers hit Oracle EBS again.
Cl0p just listed nearly 30 new victims, from major companies to universities.
They use CVE-2025-61882, a pre-auth RCE in Oracle E-Business Suite (12.2.3 → 12.2.14) with a CVSS ≈ 9.8.
It’s already on CISA’s KEV list and spreading fast.
Here’s what most security teams face:
🚩 Patching doesn’t prove you’re safe.
🚩 Banner scans miss real exposure.
🚩 You need proof of exploitability, not assumptions.
Use Pentest-Tools.com to stay ahead:
✅ Detect Oracle EBS servers exposed to this RCE with the Network Scanner.
✅ Recreate the attack safely in Sniper: Auto-Exploiter to confirm impact.
✅ Verify your fixes and make sure no asset stays vulnerable.
No noise. No guesswork. Just proof.
Old vulns still do new damage - if you let them.
🔎 CVE-2025-61882 specs: https://pentest-tools.com/vulnerabilities-exploits/oracle-e-business-suite-remote-code-execution_28103
🗞️ Read the news: https://www.securityweek.com/nearly-30-alleged-victims-of-oracle-ebs-hack-named-on-cl0p-ransomware-site/
#infosec #cybersecurity #offensivesecurity #ransomware #incidentresponse
We build the tools we wish we had in the field.
At DefCamp 2025, we’re sharing how that mindset shapes our research and results.
Last year’s DefCamp reminded us what this community is all about: real talks, real bugs, and real people who love breaking things for the right reasons. Watch the video below
This year, two of our own are taking the stage:
🎯 VIBE Pentesting - Enhancing the Human Hacker with LLMs
🔹 Adrian Furtuna, Founder & CEO
📍 Thu, Nov 13 | Track 1 – Rosetti
How AI is changing pentesting: real examples of how LLMs boost discovery, validation, exploitation, and reporting.
🎯 Nightmare Factory
🔹 Matei “CVE Jesus” Bădănoiu, Offensive Security Research Lead
📍 Thu, Nov 13 | Track 2 – Bălcescu
A deep dive into our 0-day hunting process - from CVEs in Odoo and Gitea to 15 fresh 0-days found this year (and counting).
💡 Why visit our booth?
Because our tools are built by breakers - for people who want proof, not promises.
👉 Come to watch live demos;
👉 Talk to the makers;
👉 Grab limited-edition swag that turns heads;
👉 We might even recruit you in our team.
Learn more about our presence: pentest-tools.com/events/defcamp-2025
Register for the event: def.camp/tickets
#DefCamp2025 #Cybersecurity #EthicalHacking #OffensiveSecurity
⛓️💥 AI can write your app. But it still can’t think like someone trying to break it.
▶️ Join our live webinar "How attackers think (and why it’s still the best way to test AI products)", to see how vulnerabilities still slip into modern stacks, from logic flaws and insecure integrations to familiar risks hidden in new AI code.
Discover why attacker creativity and contextual reasoning can’t be automated (yet).
Because no matter how advanced the tech, security still comes down to one thing: understanding how things break and thinking like someone who wants to break them.
Save your spot 👉 https://pentest-tools.com/webinars/how-attackers-think
📣 Exclusive exploit for CVE-2025-61882 (Oracle E-Business Suite RCE) - now available in Pentest-Tools.com!
Attackers are actively exploiting this critical vulnerability. The Oracle E-Business Suite RCE allows pre-authentication attackers to run arbitrary code on the servers (12.2.3 through 12.2.14).
We've introduced both detection and non-destructive exploit validation so offensive security teams can:
✅ Scan Oracle E-Business Suite servers with updated Network Scanner checks.
✅ Reproduce the exploit path safely exclusively using Sniper: Auto-Exploiter - to confirm exploitability and gather artifacts.
✅ Validate mitigations post-patch and rule out residual exposure across multiple assets.
🔥 Why it matters:
This vulnerability is a critical, unauthenticated, pre-auth Remote Code Execution in Oracle EBS (versions 12.2.3 → 12.2.14). It has a CVSS of ~9.8 and is actively exploited in the wild.
It allows remote attackers to run arbitrary code and potentially take over the system, often containing high-value ERP, payroll, and financial data.
What to do?
1️⃣ Run the updated Network Scanner
2️⃣ Validate in Sniper
3️⃣ Re-scan to confirm remediation and rule out residual exposure across multiple assets.
🔗 Find all the links you need just here:
⚡ Vulnerability details: https://pentest-tools.com/vulnerabilities-exploits/oracle-e-business-suite-remote-code-execution_28103
🚦 Network Scanner: https://pentest-tools.com/network-vulnerability-scanning/network-security-scanner-online
🎯 Sniper: Auto-Exploiter: https://pentest-tools.com/exploit-helpers/sniper
The cybersecurity certification landscape is a puzzle for professionals and employers alike. In this article - the first of a series - we have tried to rationalize the best choices out there for different types of professionals and career paths.
#cybersecurity #certifications #career #ISC #CompTIA #ISACA #ECCouncil #SANS #GIAC #OffensiveSecurity
https://negativepid.blog/the-cybersecurity-certification-landscape/
https://negativepid.blog/the-cybersecurity-certification-landscape/
We've been cooking up something special for DefCamp 2025... and this teaser is just a taste!
Join us in Bucharest on November 13-14. Swing by to talk with the team. No scripts, no buzzwords, just real demos and straight answers.
We're also taking over the stage for two keynotes. Don't miss:
🎯 VIBE Pentesting - Enhancing the Human Hacker with LLMs with our Founder & CEO, Adrian Furtuna.
🎯 Nightmare Factory, a deep dive into our 0-day hunting adventures, with Offensive Security Research Lead, Matei "CVE Jesus" Badanoiu.
Let's just say we're not afraid to cause a RCE-us. Hehe 😉
Come for the alpha on AI pentesting and 0-day hunting, stay for the unique swag, and maybe even find your next career move. We're also hiring!
See you in Bucharest!
#DefCamp2025 #Cybersecurity #EthicalHacking #OffensiveSecurity
Learn more here: https://pentest-tools.com/events/defcamp-2025
Join our event here:
https://www.linkedin.com/events/7391787527143165952/
🇭🇺 Hungarian security teams can now validate what they find with local support!
Pentest-Tools.com is now also available in Hungary through Maxvalor, a cybersecurity distributor based in Budapest known for bringing proven, practical solutions to their market.
🤝 This partnership means consultants and internal security teams in Hungary can access our product, all while backed by MaxValor’s local expertise.
To introduce the collaboration, Maxvalor is hosting a webinar (in Hungarian) tomorrow for their community, exploring how we help teams detect, validate, and report real vulnerabilities faster.
👉 Learn more and register to the webinar: https://www.linkedin.com/events/7390009358027395073/
#offensivesecurity #hungary #cybersecurity #vulnerabilitymanagement
👻 This Halloween, make sure *you* haunt vulnerabilities - not the other way around. 😈
October updates are here, and they’re a real treat for security teams.
Check out the new powers you can use to keep monsters out:
🕸️ Catch 2 new RCEs before attackers do (Fortra GoAnywhere & SolarWinds).
🎯 Validate #SessionReaper safely with Sniper: Auto-Exploiter.
☁️ Scan private Azure environments securely with our new VPN Agent.
📁 Download multiple reports in one go (no more manual horrors).
📚 See how we help MSPs, consultants & internal teams - and hear it from them if we do a good job (or not).
🍭 Check the changelog for the full basket: https://pentest-tools.com/change-log
#cybersecurity #vulnerabilitymanagement #offensivesecurity #azure
