Change log for Pentest-Tools.com Consult our changelog to see exactly how our platform is constantly changing, what we're adding to it to make it better and how we're updating vulnerabilities.

Every tool call needs your explicit approval.
Also shipped: AI-enhanced auth in the Website Scanner, tests grouped by port in results, 5 new Sniper exploits, two new API endpoints for scan tests, and refreshed docs.
Full breakdown: pentest-tools.com/change-log
#offensivesecurity #infosec

Online vulnerability scanners - Pentest-Tools.com

Tool sprawl in vulnerability assessment isn't a tool problem. It's a handoff problem.
Web scan. Network scan. API scan. Three exports. Manual cross-referencing. Report assembly that has nothing to do with actual security work.

#offensivesecurity #infosec

3 of 7 steps detected. 4 missed.

Guard walks the kill chain in your environment, then measures what your defenses actually saw. The gap analysis isn't theoretical.

#cybersecurity #offensivesecurity #CISO #MITRE #redteam

Another talk for BSides Luxembourg!

💥🔥 𝗧𝗛𝗘 𝗪𝗛𝗜𝗦𝗧𝗟𝗘𝗦 𝗚𝗢 𝗪𝗢𝗢 𝗪𝗢𝗢: 𝗦𝗜𝗘𝗠 𝗔𝗟𝗘𝗥𝗧𝗦, 𝗧𝗛𝗥𝗘𝗔𝗧 𝗗𝗘𝗧𝗘𝗖𝗧𝗜𝗢𝗡 𝗔𝗡𝗗 𝗧𝗨𝗡𝗜𝗡𝗚 𝗨𝗡𝗡𝗘𝗖𝗘𝗦𝗦𝗔𝗥𝗬 𝗡𝗢𝗜𝗦𝗘 - 𝗠𝗘𝗟𝗜𝗡𝗔 𝗣𝗛𝗜𝗟𝗟𝗜𝗣𝗦 ( @tx_princess ) 🕵️‍♀️⚔️

Security teams don’t miss alerts because they’re careless, they miss them because their […]

[Original post on infosec.exchange]

Default credentials still cause more breaches than zero-days. Most teams don't test for them at scale.

Brutus does. 22 protocols. One binary. Open source.

github.com/praetorian-i...

#TheGuardPlatform #Praetorian #OffensiveSecurity

Offensive security research hub Discover original 0-days, detailed advisories, and stories behind the offensive security research team at Pentest-Tools.com. Explore latest findings.

Matei "Mal" Bădănoiu and Raul Bledea found the gap. Full PoC can be found in our Offensive Security Research Hub: pentest-tools.com/research

#offensivesecurity #vulnerabilityresearch #infosec #RCE

The cybersecurity certification landscape - Negative PID Certifications have become the professional currency of cybersecurity. Whether you’re a penetration tester, incident responder, compliance analyst, or

The cybersecurity certification landscape
negativepid.blog/the...

#defensiveSecurity #threatHunting #forensics #offensiveSecurity #ethicalHacking #cybersecurityCareers #cybersecurityCerts #certifications #Cybersecurity #ITcareers #onlineSecurity #negativepid

How we use AI in Pentest-Tools.com

Skeptical of AI in #offensivesecurity tools? Good. You should be.

The last thing you need is for AI to:
❌ Generate synthetic or "hallucinated" vulnerabilities
❌ Bypass authorization boundaries, or
❌ Autonomously control scanning engines

Breaking into offensive security - Negative PID Offensive security roles attract people who enjoy thinking creatively, solving puzzles, and understanding systems from the inside out. Whether you want to

Breaking into offensive security

negativepid.blog/bre...

#OffSec #offensiveSecurity #ethicalHacking #redTeam #Cybersecurity #cyberattacks #cyberThreats #onlineSecurity #negativepid

How attackers think Join our webinar to learn how human pentesters uncover AI app flaws that tools miss, and how to balance automation with real attacker insight.

The venue was a nice touch too - the Computer History Museum in Ljubljana. Very hackerish energy for a security talk.

Curious how Razvan works in practice? Watch him run a full pentest workflow here: pentest-tools.com/webinars/how...

#offensivesecurity #infosec #cybersecurity #BSides

Razvan Ionescu, our Head of #OffensiveSecurity Services recently gave a heartfelt talk at #BSidesLjubljana. 🇸🇮

He shared the steps, mindset, and what actually worked for him in becoming the penetration tester he is today.

🔓 CVE-2025-33073 revives NTLM reflection attacks. Any domain user can hit SYSTEM on unpatched hosts without SMB signing.

Chain with unconstrained delegation → full domain compromise.

www.praetorian.com/blog/cve-202...

#offensivesecurity #activedirectory #theguardplatform #praetorian

Breaking into offensive security - Negative PID Offensive security roles attract people who enjoy thinking creatively, solving puzzles, and understanding systems from the inside out. Whether you want to

Breaking into offensive security

negativepid.blog/bre...

#OffSec #offensiveSecurity #ethicalHacking #redTeam #Cybersecurity #cyberattacks #cyberThreats #onlineSecurity #negativepid

UNbreakable România – Concurs Național de Securitate Cibernetică pentru Studenți și Liceeni

That’s how strong security communities grow: through practice, support, and a room for new people to welcome and nurture them.
Good luck to all finalists and bootcamp participants! Make the best of it! 👊
Learn more about UNbreakable România: unbreakable.ro
#offensivesecurity #infosec

Just Announced for BSides Luxembourg 2026!
𝗧𝗛𝗘 𝗦𝗣𝗬 𝗪𝗛𝗢 𝗟𝗢𝗚𝗚𝗘𝗗 𝗠𝗘 - 𝗪𝗛𝗘𝗡 𝗬𝗢𝗨𝗥 𝗫𝗗𝗥 𝗝𝗢𝗜𝗡𝗦 𝗧𝗛𝗘 𝗔𝗧𝗧𝗔𝗖𝗞𝗘𝗥𝗦 - Melina Phillips(@tx_princess )

Melina Phillips https://www.linkedin.com/in/melinaphillips-cissp/ is an Offensive Security Engineer with over 10 years of […]

[Original post on infosec.exchange]

This isn’t theory. This is real phishing ops. 💻 Learn how real att&ckers craft campaigns, bypass filters, and expl0it human behavior.

🚨 Limited time offer: $49 only: cyberwarfare.live/product/offe...

#Phishing #COPO #OffensiveSecurity #CyberWarFareLabs

Offensive security research hub Discover original 0-days, detailed advisories, and stories behind the offensive security research team at Pentest-Tools.com. Explore latest findings.

Chain it with PTT-2025-026 and you're looking at a 9.8 Critical unauthenticated RCE. One array to rule them all! 💍

Full PoC here: pentest-tools.com/research

#offensivesecurity #vulnerabilityresearch #infosec #accounttakeover

The demo makes one thing very clear: AI can speed up offensive security work, but it can also speed up bad decisions if you skip guardrails.

Need more reasons to keep the human in the loop?

Watch the full talk here: www.youtube.com/watch?v=x3z8...

#offensivesecurity #pentesting #llm #defcamp

Carter Ross from our team walks through what we've actually built, what we've learned, and why most detection stacks weren't designed for this reality.

It's worth the read! ➡️ buff.ly/Q6zYuSQ

#Praetorian #OffensiveSecurity #TheGuardPlatform

Open security and OffSec projects - Negative PID Security research is one of the areas where open source has had the deepest and most complex impact. Tools built openly are used to defend critical

Open security and OffSec projects

negativepid.blog/ope...

#OpenSource #OffSec #OffensiveSecurity #Cybersecurity #onlineSecurity #Internet #tech #IT #science #STEM #computing #AI #innovation #negativepid

Offensive security research hub Discover original 0-days, detailed advisories, and stories behind the offensive security research team at Pentest-Tools.com. Explore latest findings.

Our colleagues Matei "Mal" Bădănoiu and Raul Bledea did the digging. Full PoC and exploit is added here: pentest-tools.com/research

#offensivesecurity #vulnerabilityresearch #infosec

HttpOnly blocks document.cookie — but endpoints reflecting cookies in the response body bypass it entirely. 🔒

Our team chained XSS + GhostScript injection for full RCE. No zero-days.

📖 www.praetorian.com/blog/httponl...

#OffensiveSecurity #AppSec #TheGuardPlatform #Praetorian

Autonomous Offensive Security Firm XBOW Raises $120M at $1B+ Valuation Autonomous offensive security company XBOW raised $120 million in a Series C round to scale its AI-driven platform that discovers and validates software vulnerabilities autonomously. The funding, led by DFJ Growth and Northzone and valuing XBOW at over $1 billion, will accelerate product innovation, international expansion, and efforts to keep defenders...

XBOW secures $120M in Series C at a $1B+ valuation to boost its AI-driven platform that autonomously identifies and validates software vulnerabilities. Funding led by DFJ Growth and Northzone. #OffensiveSecurity #AIPlatform #USA

This Startup’s AI Beat 99% Of Humans In Six Elite Hacking Competitions www.forbes.com/sites... #cybersecurity #AI #AIHacking #OffensiveSecurity #AIAgent #AgenticAI #Tenzai #CTF

Open security and OffSec projects - Negative PID Security research is one of the areas where open source has had the deepest and most complex impact. Tools built openly are used to defend critical

Open security and OffSec projects

negativepid.blog/ope...

#OpenSource #OffSec #OffensiveSecurity #Cybersecurity #onlineSecurity #Internet #tech #IT #science #STEM #computing #AI #innovation #negativepid

Project V - Building the Ultimate Offline AI Testing Rig with Kali 2025.4 & Ollama llama 3 Geek time, so unless you have been in a sandbox this week or not been paying attention the team at Kali Linux dropped 2025.4, you know the landscape is shifting. With the complete transition to Waylan...

Unless you have been in a sandbox this week or not been paying attention the team behind Kali Linux dropped version 2025.4 with Ollama Llama 3 and Openwebui support, quick build guide with tests and cool results here! #BrainBytes #OffensiveSecurity #ProjectV
www.brainbytes.info/post/project...

Interested in the dark witchcraft of Windows Kernel Exploitation? Check out our training courses:
www.exploitpack.com/collections/...

#cybersecurity #exploitdevelopment #vulnerabilityresearch #windowskernel #exploitdev #reverseengineering #offensivesecurity #infosec #cyberattack #training

Exciting job opportunity! Replit is hiring an Offensive Security Engineer. This full-time, hybrid role is based in Foster City, CA with a salary range of $188,000 to $313,000 per year. #OffensiveSecurity #JobOffer

It also explains how Pentest-Tools.com validates findings across web, network, API, and cloud so teams spend less time re-checking and more time fixing.

Because more is NOT better. Get more arguments for internal debates from here: pentest-tools.com/usage/accuracy

#infosec #offensivesecurity

Many thanks to Matei Badanoiu, Raul Bledea and Eusebiu Boghici for their contributions.

#offensivesecurity #vulnerabilityresearch #pentesting #infosec

Out of curiosity: how often do you still run into 10+ year-old libraries during engagements?