TOPICS / Penetration Testing
Penetration Testing
Reconnaissance, enumeration, and ethical exploitation.
Penetration testing validates defenses by safely emulating real attackers — from external recon and enumeration to exploitation and reporting. Good recon is half the battle.
These tools speed up the discovery phase; pair them with the ATT&CK matrix to map findings to adversary techniques.
Free tools
Practice
Latest coverage
- Ghostwriter Deploys Prometheus Phishing Lures Against Ukraine Government Entities
- Screening Serpens: Iranian APT Fuses AppDomainManager Hijacking with New RATs in 2026 Espionage Campaign
- CVE-2026-9082: Critical Drupal SQL Injection Under Attack on Thousands of Sites
- CVE-2026-20182: Cisco Catalyst SD-WAN CVSS 10.0 Auth Bypass Actively Exploited
- Kali365 PhaaS Kit Bypasses Microsoft 365 MFA via Device Code Phishing — FBI Warning
- Megalodon: Supply Chain Attack Backdoors 5,561 GitHub Repos in Six Hours via CI/CD Workflow Injection
- Stolen Gemini API Keys and AI Fraud: How 'Quantum Patriot' Drained Crypto Wallets via Fake QAnon Content
- Stack String Obfuscation in C: The Technique That Blinds AV, YARA, and Static Scanners
Key terms
Reference databases