Platform

Pentera Platform

A single platform for everything security validation and remediation

Pentera Labs Research

Advanced research of the latest attack techniques

Connect exposure validation with your security ecosystem

Safety & Compliance

Controlled execution with audit proof

Products

Internal network security validation

Pentera Surface

External network security validation

Cloud identity and hybrid environment security validation

Pentera Resolve

Automated remediation orchestration

Research

Elite cyber threat researcher team

Learning

Cybersecurity glossary

Security validation terminology and definitions

Customers

Customer stories

Read how some of the world's most forward-thinking companies validate their security

Video testimonials

See what people who use Pentera have to say about it

“Pentera helps us prioritize what truly matters and gives us confidence we are covering our global environment continuously.”

“Seeing a domain admin account cracked in production changed how we view internal exposure.”

“Pentera helped us advance our red team and continuously improve penetration testing.”

“Pentera makes it easier to focus on what is truly exploitable instead of chasing long vulnerability lists.”

“In a complex, large-scale environment, Pentera delivers the speed and visibility security teams need.”

“Pentera amplified our team’s performance and delivered measurable value to upper management.”

Resources

Resources Center

Company

Learn who are we and what’s our mission

Open roles across engineering, research, and go-to-market

Security, privacy, compliance, and certifications

Write to us and we’ll get back to you

Partners

Become a Partner

Become a Pentera partner

Partner Program

Learn how we support our partners across the globe

Access the partner portal

News & Press

Company announcements and press releases

Meet us at RSAC Talk to an Expert

ON-DEMAND WEBINAR

Pentera Labs Webinar: VMware vCenter CVE-2022-22948

Webinars

Apr 13, 2022

A vulnerability chain in VMware vCenter shows how information disclosure combined with privilege escalation can lead to full ESXi compromise. The session demonstrates why exploit paths—not just CVSS scores—must guide remediation priorities.

This webinar presents detailed research into a vulnerability chain discovered in VMware vCenter that could ultimately lead to full ESXi takeover. The session explains VMware’s architecture, where ESXi acts as the hypervisor hosting virtual machines and vCenter Server manages the environment centrally. The researchers uncovered that an out-of-the-box vCenter installation exposed a file containing cleartext database credentials, which provided visibility into ESXi inventory data and revealed an internal ESXi management account along with its encrypted password.

Although the password was encrypted, a separate privilege escalation vulnerability allowed retrieval of the encryption key, enabling decryption of the ESXi management credentials. This chain could grant full administrative control over ESXi, potentially enabling ransomware deployment, data exfiltration, or manipulation of security controls. The session emphasizes prioritizing vulnerabilities based on exploit chains and business impact rather than severity scores alone, and concludes with disclosure details, mitigation guidance, and lessons for risk-based validation.