Meet Pentera Labs

Segregating internal networks is a known practice for protecting an organization’s ‘crown jewels’.
These high-value assets are critical for maintaining business continuity and are therefore, in most
cases, separated from the ‘users’ network, which has access to the Internet.

New zero-day vulnerability joins a chain of recently discovered vulnerabilities capable of operating an end-to-end attack on ESXi. Organizations should evaluate risk and apply vCenter client patches immediately.

An ethical hacking journey to flatten network segmentation and increase the attack surface by leveraging SoftEther VPN, an open-source project.

DHCP may be famous for being an essential Windows networking protocol, but it is also infamous, or at least it should be, for falling victim to  cyber attacks and leading adversaries to dangerous achievements.

Orchestrated Windows System Call Invocation without detection.

A behind-the-scenes look at Pentera’s research team’s discovery and exploitation of a zero-day vulnerability in VMware’s vCenter Server program.

Reading this paper will allow you to understand the eBPF mechanism and how a fairly small bug can lead to the compromise of the entire system.

Learn how Pentera’s research team discovered a web XSS vulnerability in Azure Functions and determined its exploitability. The vulnerability has since been patched by Microsoft.

See how a Pentera security researcher uncovered a new way to use RPC exploits on another port without using SMB.