Pentera Logo Pentera Logo White
resources
Jul 2026
AI Double Agent: Claude Just Got a New Voice
How we went from a compromised Claude account to remote code execution on a victim’s...
Read now
“Pentera helps us prioritize what truly matters and gives us confidence we are covering our global environment continuously.”
“Seeing a domain admin account cracked in production changed how we view internal exposure.”
“Pentera helped us advance our red team and continuously improve penetration testing.”
“Pentera makes it easier to focus on what is truly exploitable instead of chasing long vulnerability lists.”
“In a complex, large-scale environment, Pentera delivers the speed and visibility security teams need.”
“Pentera amplified our team’s performance and delivered measurable value to upper management.”
"Pentera allows us to tailor testing to each service, reduce time and costs, and shift our focus from simply finding vulnerabilities to actively helping our teams fix them.”

Rubén Alonso | Head of Secure
Development Unit, Telefonica

“I don’t think we’d be able to advance our red team without Pentera. If you’re looking to improve penetration testing, I would definitely recommend it.”

Owen Fuller | Cybersecurity Engineering
Manager, Casey’s

Blog
Same Field, Same Players, But the Game Has Changed
Learn more
Blog
Five Eyes warned AI will upend cybersecurity in months. The same afternoon, OpenAI showed why.
Learn more
1/3
Assessing Your Attack Surface from an Attacker’s Perspective
Pentera Team
18 Dec 2022
Managing the external attack surface is no longer just about counting internet-facing assets - it is about understanding which ones are most attractive to attackers. Size increases exposure, but attractiveness determines where adversaries are most likely to focus first. Organizations need continuous visibility and validation to reduce both.
Read more
Techniques for Bypassing Air-Gapped Networks
Pentera Team
08 Dec 2022
Air-gapped networks are not immune to attack when internal services like DNS can still be abused as covert communication channels. The risk is not just connectivity, but the hidden trust paths that allow data exfiltration and command-and-control to operate unnoticed. Strong DNS isolation, monitoring, and continuous validation are essential to...
Read more
Limitations of CVE Management as a Primary Strategy
Pentera Team
11 Nov 2022
Security teams cannot patch their way out of risk when most vulnerabilities will never be meaningfully exploited. What matters is understanding which weaknesses attackers can actually turn into an attack path, whether through a CVE, leaked credentials, or simple misconfigurations. A hacker-centric approach helps organizations focus remediation where it will...
Read more
Enhancing QA with Shift-Left Testing
Pentera Team
06 Nov 2022
“Quality improves fastest when testing starts at the beginning, not the end, of development. Bringing QA into design, handoff, and validation stages helps teams catch defects earlier, reduce rework, and keep releases closer to production-ready at all times. A true shift-left approach strengthens both product stability and delivery speed.
Read more
Steps to Mitigate Credential Exposure Risks
Pentera Team
24 Oct 2022
Leaked credentials remain one of the fastest paths to compromise because attackers only need one valid identity to get started. The challenge is not just finding exposed credentials, but validating which ones can actually be used against your environment. Organizations reduce that risk by continuously identifying, testing, and remediating credential...
Read more
WiFi, the untested attack surface
Pentera Team
13 Oct 2022
Wi-Fi networks are often treated as secondary attack surfaces, but they can expose critical systems, credentials, and management interfaces just as easily as wired environments. When those segments go untested, attackers can abuse them to reach high-impact assets that security teams may not be watching closely. Continuous validation helps uncover...
Read more
The Ultimate Security Validation Checklist for CISOs
Pentera Team
19 Sep 2022
Security does not pause when teams go on vacation, which is why visibility, review discipline, and clear follow-up actions matter so much. A strong security checklist helps organizations catch changes, validate critical controls, and reduce the chance that an issue goes unnoticed while key people are away. The goal is...
Read more
Protecting Data from XSS Vulnerabilities in Azure
Uriel Gabay
22 Aug 2022
Cloud services can introduce hidden trust assumptions that attackers are quick to exploit when access controls and browser protections are not enforced correctly. In this case, a weakness in how requests were handled created an opportunity for cross-site scripting in a highly trusted cloud context. It is a strong reminder...
Read more
Importance of External Attack Surface Management
Pentera Team
14 Jul 2022
EASM has become essential because organizations cannot protect external exposure they cannot continuously see. But visibility alone is not enough - security teams also need to validate which exposed assets and weaknesses are actually exploitable. That combination is what turns attack surface management into meaningful risk reduction.
Read more
Understanding the Security Aspects of Linux eBPF
Pentera Team
22 Jun 2022
eBPF is a powerful kernel feature, but small validation flaws can turn it into a direct path to privilege escalation. When unprivileged users can abuse eBPF, a minor bug can quickly become full system compromise. That is why hardening eBPF access, patching kernels promptly, and continuously validating Linux attack paths...
Read more
Mitigating VMware vCenter Information Disclosure
Yuval Lazar
29 Mar 2022
When a vulnerability affects vCenter, the risk extends far beyond one appliance because it can become a control point for the broader virtualized environment. In cases like this, the real danger is the ability to chain information disclosure, privilege escalation, and administrative access into a full ESXi takeover. That is...
Read more
4 Steps to Knowing Your Exploitable Attack Surface
Pentera Team
17 Mar 2022
The real challenge is not the number of vulnerabilities, but knowing which ones attackers can actually turn into a breach. Managing the exploitable attack surface requires taking the adversary’s perspective, validating real attack paths, and focusing remediation on the exposures with the greatest business impact. That is how organizations cut...
Read more