A scan today doesn’t protect you from the CVE released tomorrow.

The gap between your quarterly pentests is exactly where attackers thrive. They don’t wait for your schedule, and your defense shouldn't either.

Vulnerability monitoring turns your security from a snapshot into a continuous process.

With Pentest-Tools.com, you can:

🔄 Schedule recurring scans: Daily, weekly, or monthly. Set it and forget it.
🔔 Get notified instantly: Receive alerts via email, Slack, or Webhooks the moment a new risk is detected.
📈 Track your evolution: See how your security posture changes over time.

Stop treating security like a static event.

Start monitoring your attack surface here: https://pentest-tools.com/features/vulnerability-monitoring

#vulnerabilitymanagement #offensivesecurity #infosec #automation

Hoàn thành phòng Offensive Security Intro trên TryHackMe, trải nghiệm hacking website an toàn và tìm hiểu công việc của hacker đạo đức #Hacking #AnToanMang #TryHackMe #HackerĐạoĐức #OffensiveSecurity #CyberSecurity #BảoMậtMạng #LậpTrình #Programming

https://www.reddit.com/r/programming/comments/1p5cqdk/i_just_completed_offensive_security_intro_room_on/

eepy day today, just gave TCM Security's PNPT exam another crack and is going to result in another failure. I got further, but it's still frustrating as I had a clear attack path that I just wasn't able to effectively exploit. Disappointing...

#tcmsecurity #pnpt #offensivesecurity #pentesting #penetrationtesting #exam

DefCamp 2025, you were so awesome! ⚡️

Another year, another incredible edition in the books. We are so proud to have been part of this event once again and to see the community showing up in full force in Bucharest.

Huge kudos to the organizers for pulling off such a great gathering. It was a blast seeing so many familiar faces and meeting so many new people who share our passion for breaking things (for the right reasons).

A few highlights from our team:

🎤 The talks: It was a big year for our research team on stage!

Our Founder & CEO, Adrian Furtuna, explored how LLMs are changing the game in "VIBE Pentesting" (enhancing the human hacker, not replacing them!).

Our Offensive Security Research Lead, Matei "CVE Jesus" Bădănoiu, took us deep into the "Nightmare Factory," breaking down the process behind the 15 fresh 0-days the team found this year.

📺 Missed them live? Don't worry, we'll be sharing the recordings on our YouTube channel soon, so keep an eye out!

👕 The swag: We knew our new merch was cool, but that line?! Seeing so many of you waiting to grab a Pentest-Tools.com T-shirt was a massive compliment. We hope you wear them while you hunt your next bug.

We’re already looking forward to the next one!

#DefCamp2025 #OffensiveSecurity #InfosecCommunity #Cybersecurity #Pentesting

🚨 Old vuln, fresh damage - attackers hit Oracle EBS again.

Cl0p just listed nearly 30 new victims, from major companies to universities.
They use CVE-2025-61882, a pre-auth RCE in Oracle E-Business Suite (12.2.3 → 12.2.14) with a CVSS ≈ 9.8.

It’s already on CISA’s KEV list and spreading fast.

Here’s what most security teams face:
🚩 Patching doesn’t prove you’re safe.
🚩 Banner scans miss real exposure.
🚩 You need proof of exploitability, not assumptions.

Use Pentest-Tools.com to stay ahead:
✅ Detect Oracle EBS servers exposed to this RCE with the Network Scanner.
✅ Recreate the attack safely in Sniper: Auto-Exploiter to confirm impact.
✅ Verify your fixes and make sure no asset stays vulnerable.

No noise. No guesswork. Just proof.
Old vulns still do new damage - if you let them.

🔎 CVE-2025-61882 specs: https://pentest-tools.com/vulnerabilities-exploits/oracle-e-business-suite-remote-code-execution_28103
🗞️ Read the news: https://www.securityweek.com/nearly-30-alleged-victims-of-oracle-ebs-hack-named-on-cl0p-ransomware-site/

#infosec #cybersecurity #offensivesecurity #ransomware #incidentresponse

We build the tools we wish we had in the field.
At DefCamp 2025, we’re sharing how that mindset shapes our research and results.

Last year’s DefCamp reminded us what this community is all about: real talks, real bugs, and real people who love breaking things for the right reasons. Watch the video below

This year, two of our own are taking the stage:

🎯 VIBE Pentesting - Enhancing the Human Hacker with LLMs
🔹 Adrian Furtuna, Founder & CEO
📍 Thu, Nov 13 | Track 1 – Rosetti

How AI is changing pentesting: real examples of how LLMs boost discovery, validation, exploitation, and reporting.
🎯 Nightmare Factory
🔹 Matei “CVE Jesus” Bădănoiu, Offensive Security Research Lead
📍 Thu, Nov 13 | Track 2 – Bălcescu
A deep dive into our 0-day hunting process - from CVEs in Odoo and Gitea to 15 fresh 0-days found this year (and counting).

💡 Why visit our booth?
Because our tools are built by breakers - for people who want proof, not promises.
👉 Come to watch live demos;
👉 Talk to the makers;
👉 Grab limited-edition swag that turns heads;
👉 We might even recruit you in our team.

Learn more about our presence: pentest-tools.com/events/defcamp-2025

Register for the event: def.camp/tickets

#DefCamp2025 #Cybersecurity #EthicalHacking #OffensiveSecurity

⛓️‍💥 AI can write your app. But it still can’t think like someone trying to break it.

▶️ Join our live webinar "How attackers think (and why it’s still the best way to test AI products)", to see how vulnerabilities still slip into modern stacks, from logic flaws and insecure integrations to familiar risks hidden in new AI code.

Discover why attacker creativity and contextual reasoning can’t be automated (yet).

Because no matter how advanced the tech, security still comes down to one thing: understanding how things break and thinking like someone who wants to break them.

Save your spot 👉 https://pentest-tools.com/webinars/how-attackers-think

#offensivesecurity #infosec #ethicalhacking

📣 Exclusive exploit for CVE-2025-61882 (Oracle E-Business Suite RCE) - now available in Pentest-Tools.com!

Attackers are actively exploiting this critical vulnerability. The Oracle E-Business Suite RCE allows pre-authentication attackers to run arbitrary code on the servers (12.2.3 through 12.2.14).

We've introduced both detection and non-destructive exploit validation so offensive security teams can:

✅ Scan Oracle E-Business Suite servers with updated Network Scanner checks.
✅ Reproduce the exploit path safely exclusively using Sniper: Auto-Exploiter - to confirm exploitability and gather artifacts.
✅ Validate mitigations post-patch and rule out residual exposure across multiple assets.

🔥 Why it matters:

This vulnerability is a critical, unauthenticated, pre-auth Remote Code Execution in Oracle EBS (versions 12.2.3 → 12.2.14). It has a CVSS of ~9.8 and is actively exploited in the wild.

It allows remote attackers to run arbitrary code and potentially take over the system, often containing high-value ERP, payroll, and financial data.

What to do?
1️⃣ Run the updated Network Scanner
2️⃣ Validate in Sniper
3️⃣ Re-scan to confirm remediation and rule out residual exposure across multiple assets.

🔗 Find all the links you need just here:

⚡ Vulnerability details: https://pentest-tools.com/vulnerabilities-exploits/oracle-e-business-suite-remote-code-execution_28103
🚦 Network Scanner: https://pentest-tools.com/network-vulnerability-scanning/network-security-scanner-online
🎯 Sniper: Auto-Exploiter: https://pentest-tools.com/exploit-helpers/sniper

#ethicalhacking #offensivesecurity #infosec

The cybersecurity certification landscape is a puzzle for professionals and employers alike. In this article - the first of a series - we have tried to rationalize the best choices out there for different types of professionals and career paths.

#cybersecurity #certifications #career #ISC #CompTIA #ISACA #ECCouncil #SANS #GIAC #OffensiveSecurity

https://negativepid.blog/the-cybersecurity-certification-landscape/
https://negativepid.blog/the-cybersecurity-certification-landscape/

We've been cooking up something special for DefCamp 2025... and this teaser is just a taste!

Join us in Bucharest on November 13-14. Swing by to talk with the team. No scripts, no buzzwords, just real demos and straight answers.

We're also taking over the stage for two keynotes. Don't miss:

🎯 VIBE Pentesting - Enhancing the Human Hacker with LLMs with our Founder & CEO, Adrian Furtuna.
🎯 Nightmare Factory, a deep dive into our 0-day hunting adventures, with Offensive Security Research Lead, Matei "CVE Jesus" Badanoiu.

Let's just say we're not afraid to cause a RCE-us. Hehe 😉

Come for the alpha on AI pentesting and 0-day hunting, stay for the unique swag, and maybe even find your next career move. We're also hiring!

See you in Bucharest!
#DefCamp2025 #Cybersecurity #EthicalHacking #OffensiveSecurity

Learn more here: https://pentest-tools.com/events/defcamp-2025
Join our event here:
https://www.linkedin.com/events/7391787527143165952/

🇭🇺 Hungarian security teams can now validate what they find with local support!

Pentest-Tools.com is now also available in Hungary through Maxvalor, a cybersecurity distributor based in Budapest known for bringing proven, practical solutions to their market.

🤝 This partnership means consultants and internal security teams in Hungary can access our product, all while backed by MaxValor’s local expertise.

To introduce the collaboration, Maxvalor is hosting a webinar (in Hungarian) tomorrow for their community, exploring how we help teams detect, validate, and report real vulnerabilities faster.

👉 Learn more and register to the webinar: https://www.linkedin.com/events/7390009358027395073/

#offensivesecurity #hungary #cybersecurity #vulnerabilitymanagement

#KaliLinux, #sibergüvenlik, #etikhacker, #penetrationtesting, #Debian, #Linuxdağıtımı, #Metasploit, #Nmap, #Wireshark, #OffensiveSecurity, #adli bilişim

https://huseyinozbekar.com/kali-linux-nedir-etik-hackerlarin-tercih-ettigi-guvenlik-odakli-isletim-sistemi/

👻 This Halloween, make sure *you* haunt vulnerabilities - not the other way around. 😈

October updates are here, and they’re a real treat for security teams.

Check out the new powers you can use to keep monsters out:
🕸️ Catch 2 new RCEs before attackers do (Fortra GoAnywhere & SolarWinds).
🎯 Validate #SessionReaper safely with Sniper: Auto-Exploiter.
☁️ Scan private Azure environments securely with our new VPN Agent.
📁 Download multiple reports in one go (no more manual horrors).
📚 See how we help MSPs, consultants & internal teams - and hear it from them if we do a good job (or not).

https://youtu.be/F8E5H0oO-pk

🍭 Check the changelog for the full basket: https://pentest-tools.com/change-log

#cybersecurity #vulnerabilitymanagement #offensivesecurity #azure

Proof or it didn’t happen.
That’s the mindset when you’re doing real #offensivesecurity work.

You don’t just scan. You chain. You show impact. You bring receipts.

So tell us, what’s the most valuable scan evidence you rely on to prove risk?

🗣️ Everyone’s talking about AI replacing hackers. That’s not the interesting part. What matters is how it’s changing the way we think, explore, and break things.

At DefCamp 2025, our CEO Adrian Furtuna will explore exactly that with a talk that looks at how large language models are changing offensive security. Instead of replacing human hackers, AI can enhance their intuition and creativity, turning experience into something scalable and collaborative.

Join him for practical examples and probably a few moments that make you rethink what “AI-assisted hacking” really means.

#infosec #cybersecurity #offensivesecurity

⏸️ Ever paused an assessment to ask: “Wait, who has access to that target?” Or found three versions of the same results because everyone ran their own scan?

That’s the kind of coordination drag we’re removing with our collaboration features in Pentest-Tools.com.

Security teams can now:
1️⃣ Work in shared workspaces, seeing the same assets, scans, and results.
2️⃣ Run tests simultaneously without overwriting each other’s work.
3️⃣ Manage access with role-based permissions.

No more passing exports, syncing versions, or waiting on updates.
Everyone moves together and every action stays traceable.

👀 See how it works: https://pentest-tools.com/features/collaboration

#vulnerabilitymanagement #offensivesecurity #infosec

🛬 We’re headed back to Def.Camp for our yearly tradition – and we’re bringing the 🔥!

Whether you’re hunting 0-days, trading war stories, or just there for the T-shirt/sticker haul, make sure to stop by the Pentest-Tools.com booth.

This year, we’re coming in strong with:
🧪 Fresh vulnerability research from our team
💬 Unfiltered convos about the real work of #offensivesecurity
🧢 Exclusive merch (no spoilers, but you’ll want to rep it)

And yes – our pentesters and engineers will be there, sharp as ever and ready to swap ideas, techniques, and bad recon puns.

📍See you at DefCamp 2025 in Bucharest in just a few weeks!
Let’s make attackers try harder – together. 💪

#cybersecurity #infosec #ethicalhacking

📣 Exclusive exploit for CVE-2025-54236 (Magento SessionReaper) - now available in Pentest-Tools.com! 👇 👇 👇

Matei and David from our vulnerability research team found and validated a reliable session/account takeover path in Magento & Adobe Commerce, sooo...

We’ve just added a safe exploitation module into Sniper and paired it with Network Scanner detection - available exclusively to Pentest-Tools.com customers: https://pentest-tools.com/vulnerabilities-exploits/magento-and-adobe-commerce-account-takeover_27942

Unauthenticated. Remote. High impact.

CVE-2025-54236 affects Adobe Commerce / Magento via improper input validation in REST API calls - enabling session and account takeover *without* user interaction.

We’ve introduced both detection and non-destructive exploit validation so offensive security teams can:
✅ Scan vulnerable endpoints with updated Network Scanner checks. https://pentest-tools.com/network-vulnerability-scanning/network-security-scanner-online
✅ Reproduce the exploit path safely *exclusively* using Sniper: Auto-Exploiter - to confirm exploitability and gather artefacts. https://pentest-tools.com/exploit-helpers/sniper
✅ Validate mitigations post-patch and rule out residual exposure across multiple assets.

🔥Why it matters:

SessionReaper is a low-complexity vector which means mass exploitation is > realistic <.

Validation helps you distinguish between potentially vulnerable and actually exploitable - so you can prioritize what really matters.

1️⃣ Run the updated Network Scanner
2️⃣ Trigger one-click validation in Sniper
3️⃣ Re-scan with the Network Scanner to confirm effective patching

#ethicalhacking #offensivesecurity #infosec

🐌 Manual effort slows you down. Here’s how we sped things up this September ⚡

🔹 Sniper: Auto-Exploiter 👉 4 new modules for Fortinet (CVE-2025-25256), SharePoint (CVE-2025-53771 & 49704), FreePBX (CVE-2025-57819), and OpenSSH (CVE-2018-15473)
🔹 Network Scanner 👉 Targeted detection for SonicWall SonicOS (CVE-2024-40766).
🔹 Vanta integration 👉 Automatic vulnerability syncing. 32 mapped tests, daily updates, zero manual uploads.
🔹 Azure internal scans 👉 Run internal vulnerability scans directly in Azure.
🔹 Customer Story 👉 Learn how Chill IT, a security-driven MSP, uses Pentest-Tools.com to qualify clients and strengthen proposals.

👀 Check the video for the full details: https://youtu.be/1kNX9IsQg1o

#cybersecurity #vulnerabilitymanagement #offensivesecurity #vanta #azure

👨‍💻 Want to work at Epieos?
Meet us at Hexacon 2025!

🛡️ Hexacon is a world-class event for enthusiasts of #OffensiveSecurity and #ReverseEngineering.

🤝 We’ll be there to meet exceptional talents, curious, rigorous, and driven by the desire to use their technical #skills, particularly in reverse engineering, to help us develop #OSINT 0days that protect and save human lives.

📍Hexacon in Paris, October 10–11.

📮 And if you can’t attend in person, feel free to send us your #CV for a #ReverseEngineer position or to learn more about our needs at: contact[at]epieos[dot]com.