Yuval Lazar, Technical Product Manager & Senior Security Researcher at Pentera
5 articles by this writer

135 is the new 445

If it was possible to nominate a command-line utility for an award, PsExec would definitively win the most useful category. This tool allows adminis...

CVE-2022-22948: Sensitive information disclosure in VMware vCenter

  New zero-day vulnerability joins a chain of recently discovered vulnerabilities capable of operating an end-to-end attack on ESXi. Org...

The short path from DHCP spoofing to EternalBlue

DHCP may be famous for being an essential Windows networking protocol, but it is also infamous, or at least it should be, for falling victim to cybe...

DHCP spoofing 101 

DHCP is an essential Windows networking protocol and a favorite among network admins. Let’s go over the basics of DHCP allocation and review common ...

vScalation (CVE-2021-22015): Local privilege escalation in VMware vCenter

Executive summary Pentera’s research team ‘Pentera Labs’ discovered a vulnerability in VMware’s vCenter Server program. The affected VMware s...