Vonahi Security's Blog
  • Vonahi Security Home
  • Blog
  • Weekly Threat Reports

penetration testing

A collection of 16 posts

Grey Box PenTesting: The Overlooked Layer in Network Security
penetration testing

Grey Box PenTesting: The Overlooked Layer in Network Security

Discover how Grey Box Penetration Testing exposes real-world security risks from stolen credentials. Learn how automated solutions like vPenTest help organizations detect privilege escalation, weak permissions, and insider threats—before attackers do.

  • Alton Johnson
    Alton Johnson
5 min read
The 8 Types of Penetration Testing: When You Need Them and How Often to Test
penetration testing

The 8 Types of Penetration Testing: When You Need Them and How Often to Test

Penetration testing is a digital stress test where ethical hackers simulate cyberattacks to uncover vulnerabilities. Learn about 8 types of tests, when to use them, and how often to schedule them to protect your business. Simplify the process and make informed security decisions.

  • Alton Johnson
    Alton Johnson
9 min read
Internal vs. External Network Penetration Testing: What IT Professionals Need to Know
network security

Internal vs. External Network Penetration Testing: What IT Professionals Need to Know

Stay secure with regular network penetration testing. Learn about internal vs. external tests and how vPenTest makes frequent testing easy and affordable.

  • Alton Johnson
    Alton Johnson
6 min read
NIS2 is Here: Frequent Penetration Testing is the New Standard
penetration testing

NIS2 is Here: Frequent Penetration Testing is the New Standard

Learn how the NIS2 Directive emphasizes regular penetration testing to strengthen cybersecurity, identify vulnerabilities, and ensure compliance across Europe.

  • Alton Johnson
    Alton Johnson
5 min read
The Golden Age of Automated Pentesting for MSPs
penetration testing

The Golden Age of Automated Pentesting for MSPs

The cyber threat landscape is constantly shifting, making it harder for MSPs to deliver top-notch security services while growing revenue. But thanks to advances in automation, MSPs now have the tools to offer

  • Alton Johnson
    Alton Johnson
3 min read
Network Pentesting – Your Cybersecurity Secret Weapon
penetration testing

Network Pentesting – Your Cybersecurity Secret Weapon

In today’s challenging economy, no company can afford to fall victim to cybersecurity trouble like a cyberattack or data breach. Companies can invest in a wide array of cybersecurity solutions to help

  • Alton Johnson
    Alton Johnson
5 min read
vPenTest Received 9 Badges in Fall 2023 from G2
announcements

vPenTest Received 9 Badges in Fall 2023 from G2

See why vPenTest was awarded 9 G2 Badges in their Fall 2013 Report for penetration testing and system security.

  • Alton Johnson
    Alton Johnson
3 min read
SrClient DLL Hijacking: a Windows Server 2012 0-day that won't be patched
privilege escalation

SrClient DLL Hijacking: a Windows Server 2012 0-day that won't be patched

This blog discusses a DLL hijacking vulnerability affecting all versions of Windows Server 2012 (but not Server 2012 R2). This 0-day vulnerability can be exploited for privilege escalation by any regular user and does not require a system reboot, yet it will not be patched by Microsoft.

  • Erik Wynter
    Erik Wynter
11 min read
What’s in a (re)name: RCE Hunting in CMSs via Unrestricted File Upload
research

What’s in a (re)name: RCE Hunting in CMSs via Unrestricted File Upload

Earlier this year, our threat researcher found three easily exploitable vulnerabilities in CMS apps, including two that could result in remote code execution (RCE). This article combines write-ups for these vulnerabilities.

  • Erik Wynter
    Erik Wynter
11 min read
When the PATH to SYSTEM is wide open: Philips SmartControl DLL hijacking (CVE-2020-7360)
research

When the PATH to SYSTEM is wide open: Philips SmartControl DLL hijacking (CVE-2020-7360)

Earlier this year our threat researcher found a DLL hijacking flaw affecting Philips SmartControl (CVE-2020-7360). Our latest blog post combines a write-up of this vulnerability with a general introduction to DLL hijacking for infosec students.

  • Erik Wynter
    Erik Wynter
14 min read
Avoiding SMB Rate Limits During Authentication Attacks
penetration testing

Avoiding SMB Rate Limits During Authentication Attacks

Here's a quick workaround for when you get rate limited during a password attack against the SMB service.

  • Alton Johnson
    Alton Johnson
5 min read
Automated Penetration Testing: 5 Benefits for CISOs
ciso

Automated Penetration Testing: 5 Benefits for CISOs

Automation is a potential game-changer for offensive security in 2020. Let's explore some of the benefits for CISOs.

  • Erik Wynter
    Erik Wynter
5 min read
Penetration testing... on a new level
penetration testing

Penetration testing... on a new level

vPenTest simplifies the process of identifying new threats within your environment on an on-going basis without the traditional challenges and concerns.

  • Alton Johnson
    Alton Johnson
3 min read
Post-Exploitation with Leprechaun
post-exploitation

Post-Exploitation with Leprechaun

Finding valuable data during post-exploitation can be a challenge. Leprechaun helps solve this problem.

  • Alton Johnson
    Alton Johnson
5 min read
Taking Over IPv6 Networks
penetration testing

Taking Over IPv6 Networks

Let's take a deeper look at how rogue DHCPv6 servers can lead to a successful attack against IPv6 networks.

  • Alton Johnson
    Alton Johnson
7 min read
Preparing for Your First Physical Penetration Test
physical security

Preparing for Your First Physical Penetration Test

Conducting a physical penetration test for the first time can be an intimidating process. Read more on how to properly prepare.

  • Alton Johnson
    Alton Johnson
3 min read
Vonahi Security's Blog © 2025
Latest Posts Facebook Twitter LinkedIn GitHub