Tag: penetration-testing
-
OffensiveCon25 Attacking Browsers via WebGPU
Author/Presenter: Lukas Bernhard Our sincere appreciation to OffensiveCon by Binary Gecko, and the Presenters/Authors for publishing their outstanding OffensiveCon 2025 video content. Originating from the conference’s events located at the Hilton Berlin; and via the organizations YouTube channel. Thanks and a Tip O’ The Hat to Verification Labs :: Penetration Testing Specialists :: Trey Blalock…
-
OffensiveCon25 Keynote How Offensive Security Made Me Better at Defense
Author/Presenter: Dino Dai Zovi Our sincere appreciation to OffensiveCon by Binary Gecko, and the Presenters/Authors for publishing their outstanding OffensiveCon 2025 video content. Originating from the conference’s events located at the Hilton Berlin; and via the organizations YouTube channel. Thanks and a Tip O’ The Hat to Verification Labs :: Penetration Testing Specialists :: Trey…
-
OffensiveCon25 Garbage Collection In V8
Authors/Presenters: Richard Abou Chaaya and John Stephenson Our sincere appreciation to OffensiveCon by Binary Gecko, and the Presenters/Authors for publishing their outstanding OffensiveCon 2025 video content. Originating from the conference’s events located at the Hilton Berlin; and via the organizations YouTube channel. Thanks and a Tip O’ The Hat to Verification Labs :: Penetration Testing…
-
OffensiveCon25 Finding and Exploiting 20-Year-Old Bugs in Web Browsers
Authors/Presenters: Ivan Fratric Our sincere appreciation to OffensiveCon by Binary Gecko, and the Presenters/Authors for publishing their outstanding OffensiveCon 2025 video content. Originating from the conference’s events located at the Hilton Berlin; and via the organizations YouTube channel. Thanks and a Tip O’ The Hat to Verification Labs :: Penetration Testing Specialists :: Trey Blalock…
-
OffensiveCon25 Frame By Frame, Kernel Streaming Keeps Giving Vulnerabilities
Authors/Presenters: Angelboy Our sincere appreciation to OffensiveCon by Binary Gecko, and the Presenters/Authors for publishing their outstanding OffensiveCon 2025 video content. Originating from the conference’s events located at the Hilton Berlin; and via the organizations YouTube channel. Thanks and a Tip O’ The Hat to Verification Labs :: Penetration Testing Specialists :: Trey Blalock GCTI,…
-
OffensiveCon25 Chainspotting 2: The Unofficial Sequel to the 2018 Talk >>Chainspotting<<
Author/Presenter: Ken Gannon Our sincere appreciation to OffensiveCon by Binary Gecko, and the Presenters/Authors for publishing their outstanding OffensiveCon 2025 video content. Originating from the conference’s events located at the Hilton Berlin; and via the organizations YouTube channel. Thanks and a Tip O’ The Hat to Verification Labs :: Penetration Testing Specialists :: Trey Blalock…
-
OffensiveCon25 Fighting Cavities: Securing Android Bluetooth By Red Teaming
Author/Presenter: Jeong Wook Oh, Rishika Hooda and Xuan Xing Our sincere appreciation to OffensiveCon by Binary Gecko, and the Presenters/Authors for publishing their outstanding OffensiveCon 2025 video content. Originating from the conference’s events located at the Hilton Berlin; and via the organizations YouTube channel. Thanks and a Tip O’ The Hat to Verification Labs ::…
-
API Security: The Importance of Vulnerability Assessment and Penetration Testing (VAPT)
First seen on resecurity.com Jump to article: www.resecurity.com/blog/article/api-security-the-importance-of-vulnerability-assessment-and-penetration-testing-vapt
-
OffensiveCon25 Hunting For Overlooked Cookies In Windows 11 KTM And Baking Exploits For Them
Authors/Presenters: Cedric Halbronn and Jael Koh Our sincere appreciation to OffensiveCon by Binary Gecko, and the Presenters/Authors for publishing their outstanding OffensiveCon 2025 video content. Originating from the conference’s events located at the Hilton Berlin; and via the organizations YouTube channel. Thanks and a Tip O’ The Hat to Verification Labs :: Penetration Testing Specialists…
-
Product showcase: Smarter pentest reporting and exposure management with PlexTrac
The threat landscape is evolving faster than ever. Staying ahead means going beyond automated scans and check-the-box assessments. It demands continuous, hands-on testing … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/02/product-showcase-plextrac-pentest-reporting/
-
Review: Metasploit, 2nd Edition
Tags: penetration-testingIf you’ve spent any time in penetration testing, chances are you’ve crossed paths with Metasploit. The second edition of Metasploit tries to bring the book in line with how … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/02/review-metasploit-2nd-edition/
-
OffensiveCon25 Pwn20wn Winners Announcement
Author/Presenter: Brian Gore and Dustin Childs Our sincere appreciation to OffensiveCon by Binary Gecko, and the Presenters/Authors for publishing their outstanding OffensiveCon 2025 video content. Originating from the conference’s events located at the Hilton Berlin; and via the organizations YouTube channel. Thanks and a Tip O’ The Hat to Verification Labs :: Penetration Testing Specialists…
-
Getting Exposure Management Right: Insights from 500 CISOs
Pentesting isn’t just about finding flaws, it’s about knowing which ones matter. Pentera’s 2025 State of Pentesting report uncovers which assets attackers target most, where security teams are making progress, and which exposures still fly under the radar. Focus on reducing breach impact, not just breach count. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/getting-exposure-management-right-insights-from-500-cisos/
-
Security startup Horizon3.ai is raising $100M in new round
Horizon3.ai, a cybersecurity startup that provides tools like autonomous penetration testing, is seeking to raise $100 million in a new funding round and has locked down at least $73 million, the company revealed in an SEC filing this week. NEA led the round, according to two people familiar with the deal. One person said that…
-
Interview mit Dr. Jürgen Dürrwang, Head of Pentesting bei ITK Engineering – Pentesting ist geduldiges Handwerk und ein bisschen Kunst
Tags: penetration-testingFirst seen on security-insider.de Jump to article: www.security-insider.de/pentesting-nis2-richtlinien-a-315641a12f2a55a71489889bcf162700/
-
News Alert: Halo Security reaches SOC 2 milestone, validating its security controls and practices
Miami, Fla., May 22, 2025, CyberNewsWire, Halo Security, a leading provider of attack surface management and penetration testing services, today announced it has successfully achieved SOC 2 Type 1 compliance following a comprehensive audit by Insight Assurance. This… (more”¦) First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/news-alert-halo-security-reaches-soc-2-milestone-validating-its-security-controls-and-practices/
-
Atlassian Alerts Users to Multiple Critical Vulnerabilities Affecting Data Center Server
Atlassian has released its May 2025 Security Bulletin addressing eight high-severity vulnerabilities affecting multiple enterprise products in its Data Center and Server offerings. The vulnerabilities, discovered through Atlassian’s Bug Bounty program, penetration testing processes, and third-party library scans, pose significant security risks including denial-of-service (DoS) attacks and privilege escalation. All identified issues have been patched…
-
What is Penetration Testing as a Service (PTaaS)?
As technology progresses, businesses face an ever-growing number of cyber threats, making robust security measures a top priority. Penetration Testing as a Service provides a cutting-edge solution to identify and mitigate vulnerabilities before hackers can exploit them. By enabling frequent and efficient penetration assessments, PTaaS empowers organizations to stay proactive in addressing potential risks. In……
-
The Crowded Battle: Key Insights from the 2025 State of Pentesting Report
In the newly released 2025 State of Pentesting Report, Pentera surveyed 500 CISOs from global enterprises (200 from within the USA) to understand the strategies, tactics, and tools they use to cope with the thousands of security alerts, the persisting breaches and the growing cyber risks they have to handle. The findings reveal a complex…
-
Pen Testing for Compliance Only? It’s Time to Change Your Approach
Imagine this: Your organization completed its annual penetration test in January, earning high marks for security compliance. In February, your development team deployed a routine software update. By April, attackers had already exploited a vulnerability introduced in that February update, gaining access to customer data weeks before being finally detected.This situation isn’t theoretical: it First…
-
Researchers Introduce Mythic Framework Agent to Enhance Pentesting Tool Performance
Penetration testing is still essential for upholding strong security procedures in a time when cybersecurity threats are changing quickly. Recently, a team of security professionals has announced significant advancements in penetration testing tools with the introduction of a new agent for the Mythic framework, aimed at improving detection evasion and operational efficiency. Framework Overview The…
-
Increase Red Team Operations 10X with Adversarial Exposure Validation
Red teams uncover what others miss, but they can’t be everywhere, all the time. Adversarial Exposure Validation combines BAS + Automated Pentesting to extend red team impact, uncover real attack paths, and validate defenses continuously. Learn more from Picus Security on how AEV can help protect your network. First seen on bleepingcomputer.com Jump to article:…
-
Finanzdienstleister: Nachholbedarf bei TLPT
Seit dem 17. Januar 2025 ist DORA (Digital Operational Resilience Act) in Kraft. DORA verpflichtet Finanzinstitute in der EU verpflichtet, regelmäßig Threat-Led Penetration Testing (TLPT) durchzuführen. Experte Dennis Weyel von Horizon3.ai hat mir seine Einschätzung dazu zukommen lassen und meint: … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/05/13/finanzdienstleister-nachholbedarf-bei-tlpt/
-
Metasploit Update Adds Erlang/OTP SSH Exploit and OPNSense Scanner
The open-source penetration testing toolkit Metasploit has unveiled a major update, introducing four new modules, including a highly anticipated exploit targeting Erlang/OTP SSH servers and a scanner for OPNSense firewalls. The release also enhances diagnostic tools and addresses critical bugs, solidifying its role as a cornerstone for security professionals, as per a report by Rapid7.…
-
What Should You Consider When Choosing an AI Penetration Testing Company?
AI is truly making its way into every aspect of business operations, and rightly so. When we proactively test systems and applications to uncover weaknesses before attackers do, we’re carrying out penetration testing, often called “ethical hacking.” By staging these controlled attacks that mimic real-world threats, we expose gaps in processes and controls. AI penetration…
-
CVE funding crisis offers chance for vulnerability remediation rethink
Tags: access, ai, awareness, best-practice, cisa, cve, cvss, cybersecurity, data, exploit, Hardware, healthcare, intelligence, iot, kev, least-privilege, metric, mfa, microsoft, network, open-source, penetration-testing, risk, software, threat, tool, training, update, vulnerability, vulnerability-managementAutomatic for the people: AI technologies could act as a temporary bridge for vulnerability triage, but not a replacement for a stable CVE system, according to experts consulted by CSO.”Automation and AI-based tools can also enable real-time discovery of new vulnerabilities without over-relying on standard CVE timelines,” said Haris Pylarinos, founder and chief executive of…
-
Critical flaw in AI agent dev tool Langflow under active exploitation
/api/v1/validate/code had missing authentication checks and passed code to the Python exec function. However, it didn’t run exec directly on functions, but on function definitions, which make functions available for execution but don’t execute their code.Because of this, the Horizon3.ai researchers had to come up with an alternative exploitation method leveraging a Python feature called…