Pentest-Tools.com's Avatar

Pentest-Tools.com

@pentest-tools.com.bsky.social

From vulnerability scans to proof, Pentest-Tools.com gives 2,000+ security teams in 119 countries the speed, accuracy, and coverage to confidently validate and mitigate risks across their infrastructure (network, cloud, web apps, APIs).

63 Followers  |  78 Following  |  325 Posts  |  Joined: 31.12.2024  |  2.3421

Latest posts by pentest-tools.com on Bluesky

πŸ‘• The swag: We knew our new merch was cool, but that line?! Seeing so many of you waiting to grab a Pentest-Tools.com T-shirt was a massive compliment. We hope you wear them while you hunt your next bug.

20.11.2025 14:29 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

πŸ“Ί Missed them live? Don't worry, we'll be sharing the recordings on our YouTube channel soon, so keep an eye out!

20.11.2025 14:29 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

Our Offensive Security Research Lead, Matei "CVE Jesus" Bădănoiu, took us deep into the "Nightmare Factory," breaking down the process behind the 15 fresh 0-days the team found this year.

20.11.2025 14:28 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

🎀 The talks: It was a big year for our research team on stage!

Our Founder & CEO, Adrian Furtună, explored how LLMs are changing the game in "VIBE Pentesting" (enhancing the human hacker, not replacing them!).

20.11.2025 14:28 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

Huge kudos to the organizers for pulling off such a great gathering. It was a blast seeing so many familiar faces and meeting so many new people who share our passion for breaking things (for the right reasons).

A few highlights from our team:

20.11.2025 14:27 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Pentest-Tools.com team @ DefCamp 2025

Pentest-Tools.com team @ DefCamp 2025

DefCamp 2025, you were so awesome! ⚑️

Another year, another incredible edition in the books. We are so proud to have been part of this event once again and to see the community showing up in full force in Bucharest.
#DefCamp2025 #OffensiveSecurity #InfosecCommunity #Cybersecurity #Pentesting

20.11.2025 14:27 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

You’ll also get an actionable follow-up asset to help you apply these ideas in your own testing and client work.

Because even when AI changes how we build, the best way to secure what we create is still to think like someone trying to break it.

18.11.2025 13:49 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

In this webinar, you’ll learn:
πŸ’‘ Why logic flaws and insecure assumptions still drive critical risks in AI-heavy stacks
βš™οΈ Where human reasoning fills the gaps scanners and code reviewers miss
πŸ“˜ How to use attacker workflows alongside AI tools to test faster and smarter

18.11.2025 13:49 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Preview
How attackers think Join our webinar to learn how human pentesters uncover AI app flaws that tools miss, and how to balance automation with real attacker insight.

πŸ—“οΈ Webinar registration link: pentest-tools.com/webinars/how...

18.11.2025 13:48 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Razvan Ionescu - How attackers think (and why it's still the best way to test AI products)

Razvan Ionescu - How attackers think (and why it's still the best way to test AI products)

Last chance to register to the webinar - How attackers think (and why it's still the best way to test AI products)

Attackers don’t care what built your app. They care how it breaks.

18.11.2025 13:47 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

No noise. No guesswork. Just proof.
Old vulns still do new damage - if you let them.

πŸ”Ž CVE-2025-61882 specs: pentest-tools.com/vulnerabilit...
πŸ—žοΈ Read the news: www.securityweek.com/nearly-30-al...

17.11.2025 13:56 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Use Pentest-Tools.com to stay ahead:
βœ… Detect Oracle EBS servers exposed to this RCE with the Network Scanner.
βœ… Recreate the attack safely in Sniper: Auto-Exploiter to confirm impact.
βœ… Verify your fixes and make sure no asset stays vulnerable.

17.11.2025 13:55 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

It’s already on CISA’s KEV list and spreading fast.

Here’s what most security teams face:
🚩 Patching doesn’t prove you’re safe.
🚩 Banner scans miss real exposure.
🚩 You need proof of exploitability, not assumptions.

17.11.2025 13:55 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

Cl0p just listed nearly 30 new victims, from major companies to universities.
They use CVE-2025-61882, a pre-auth RCE in Oracle E-Business Suite (12.2.3 β†’ 12.2.14) with a CVSS β‰ˆ 9.8.

17.11.2025 13:55 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
CVE-2025-61882

CVE-2025-61882

🚨 Old vuln, fresh damage - attackers hit Oracle EBS again.

#infosec #cybersecurity #offensivesecurity #ransomware #incidentresponse

17.11.2025 13:55 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Preview
How attackers think Join our webinar to learn how human pentesters uncover AI app flaws that tools miss, and how to balance automation with real attacker insight.

πŸ“… Join Razvan live on November 19! Sign up below ⬇️

πŸ—“οΈ Webinar: How attackers think (and why it’s still the best way to test AI products)
πŸ”— Fill in the form to book your spot: pentest-tools.com/webinars/how...

12.11.2025 13:06 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

In our next webinar, he’ll share why the pentester mindset hasn’t changed, even as AI reshapes the surface of security, and how to apply that mindset to modern testing workflows.

12.11.2025 13:06 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

πŸͺͺ He’s also GSE-certified (#298)! One of the few professionals worldwide to earn this advanced credential. It’s proof of deep, practical expertise built through real-world exploitation, analysis, and problem-solving.

12.11.2025 13:05 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

As Head of Offensive Security Services at Pentest-Tools.com, Razvan leads high-impact pentests that turn complex vulnerabilities into clear, actionable guidance teams can actually use.

12.11.2025 13:05 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

✍️ Before AI could write code, Razvan-Costin IONESCU was already breaking it.

#vulnerabilityassessment #informationsecurity #cybersecurity #pentesting

12.11.2025 13:05 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Preview
Authenticated web app scanning Run authenticated web app scans to uncover hidden flaws behind logins. ML-assisted authentication ensures reliable and deep vulnerability coverage.

βœ… Simulate real logins (headers, tokens, or credentials)
βœ… Test session handling and authenticated flows
βœ… Detect vulnerabilities in the pages users actually access

Wanna know how we do it?
🧰 See how it works: pentest-tools.com/features/aut...

11.11.2025 12:16 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

If your web app assessments don’t follow real user journeys, you’re missing what actually matters.

Authenticated scanning is a particular area of focus for us because we want to make sure you can:

2/3

11.11.2025 12:16 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

πŸ” The riskiest vulnerabilities live behind the login - and most scanners don’t go there. Howeverrrrr...

Attackers don’t stop at the login screen.

πŸ΄β€β˜ οΈ They target what’s behind it: broken access controls, IDORs, insecure password policies, and privilege escalation paths.

1/3

11.11.2025 12:16 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

Learn more about our presence: pentest-tools.com/events/defca...

Register for the event: def.camp/tickets

10.11.2025 14:50 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

πŸ’‘ Why visit our booth?
Because our tools are built by breakers - for people who want proof, not promises.
πŸ‘‰ Come to watch live demos;
πŸ‘‰ Talk to the makers;
πŸ‘‰ Grab limited-edition swag that turns heads;
πŸ‘‰ We might even recruit you in our team.

10.11.2025 14:49 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

🎯 Nightmare Factory
πŸ”Ή Matei β€œCVE Jesus” BΔƒdΔƒnoiu, Offensive Security Research Lead
πŸ“ Thu, Nov 13 | Track 2 – BΔƒlcescu
A deep dive into our 0-day hunting process - from CVEs in Odoo and Gitea to 15 fresh 0-days found this year (and counting).

10.11.2025 14:49 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

This year, two of our own are taking the stage:

🎯 VIBE Pentesting - Enhancing the Human Hacker with LLMs
πŸ”Ή Adrian Furtuna, Founder & CEO
πŸ“ Thu, Nov 13 | Track 1 – Rosetti
How AI is changing pentesting: real examples of how LLMs boost discovery, validation, exploitation, and reporting.

10.11.2025 14:49 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

We build the tools we wish we had in the field.

Last year’s DefCamp reminded us what this community is all about: real talks, real bugs, and real people who love breaking things for the right reasons. www.youtube.com/watch?v=QcVF...

10.11.2025 14:48 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Preview
How attackers think Join our webinar to learn how human pentesters uncover AI app flaws that tools miss, and how to balance automation with real attacker insight.

Save your spot πŸ‘‰ pentest-tools.com/webinars/how...

Discover why attacker creativity and contextual reasoning can’t be automated (yet).

Because no matter how advanced the tech, security still comes down to one thing: understanding how things break and thinking like someone who wants to break them.

07.11.2025 14:26 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Pentest-Tools.com webinar

Pentest-Tools.com webinar

⛓️‍πŸ’₯ AI can write your app. But it still can’t think like someone trying to break it.

▢️ Join our live webinar "How attackers think (and why it’s still the best way to test AI products)", to see how vulnerabilities still slip into modern stacks, from logic flaws to familiar risks hidden in new AI code

07.11.2025 14:26 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

@pentest-tools.com is following 19 prominent accounts