Daniel Bechenea

Posts by this author

• 

  Security research

  Benchmarking our Network Vulnerability Scanner and 6 others

  In January 2024, we decided to evaluate the most used network vulnerability scanners - Nessus Professional, Qualys, Rapid7 Nexpose, Nuclei, OpenVAS, and Nmap vulnerability scripts - including our own, which industry peers can validate independently.  Here’s why we did it, what results we got, and how you can verify them (there’s a white paper you can download with access to all the results behind this benchmark).

  

  Author(s)

  • Daniel Bechenea

  Published at

  23 May 2024

  Updated at

  11 Jun 2024

• 

  Hacking tutorials

  How to conduct a full network vulnerability assessment

  The best ethical hackers build and maintain an outstanding workflow and process because it pays off – big time! When you’re always overwhelmed with work, it’s difficult to make time for tweaks and improvements, even if we both know they have compound returns in the long run.

  

  Author(s)

  • Daniel Bechenea

  Published at

  24 Aug 2022

  Updated at

  24 May 2024

• 

  Security research

  Log4Shell scanner: detect and exploit Log4j CVE-2021-44228 in your network and web apps

  We almost made it to a much-needed holiday break… and then Log4Shell happened.

  

  Author(s)

  • Daniel Bechenea

  Published at

  14 Dec 2021

  Updated at

  13 Apr 2023

• 

  Security research

  Detect and exploit Gitlab CE/EE RCE with Pentest-Tools.com (CVE-2021-22205)

  “Just patch it!” is the usual advice when a vulnerability hits (and it’s not a zero-day). But it’s never that simple in organizations that have to manage layers upon layers of infrastructure. When you have to deal with a critical CVE like the latest unauthenticated RCE in Gitlab (CVSSv3 10.0), the tangled, messy process of patching bubbles to the surface.

  

  Author(s)

  • Daniel Bechenea

  Published at

  05 Nov 2021

  Updated at

  12 Jul 2023

• 

  Security research

  How to detect VMware vCenter RCE with Pentest-Tools.com (CVE-2021-21972)

  The current, multi-layer setup big organizations run on is a challenge to manage and we both know that (it’s an understatement). And when a vulnerability like CVE-2021-21972 pops up, it reveals how messy the process of patching and mitigation can be.

  

  Author(s)

  • Daniel Bechenea

  Published at

  19 Apr 2021

  Updated at

  24 Mar 2023

• 

  Hacking tutorials

  How to do a full website vulnerability assessment with Pentest-Tools.com

  As a pentester, I have a good day when my workflow is smooth and uninterrupted. Pushing routine tasks to the background (sweet automation!) helps me stay focused. It frees up my mind to work on interesting findings and attack sequences that not everyone can see. Plus, it feels good to be productive and get stuff done!

  

  Author(s)

  • Daniel Bechenea

  Published at

  31 Mar 2021

  Updated at

  29 Apr 2024