the exploit blog logo

The Exploit: Penetration Testing Insights From The Frontlines

Discover the Art of Penetration Testing

  • Defense in Depth Against Linux Kernel Privilege Escalation
    , , , , ,

    Defense in Depth Against Linux Kernel Privilege Escalation: A Practical Guide for Container Workloads

     By Ryan Chaplin With current local privilege escalation exploits like Copy Fail and Dirty Frag active in the wild, harden your defenses to halt attacks even before patching. May 26, 2026
  • Cool Tools: NetExec (NXC) Fundamentals
    , , , ,

    Cool Tools: NetExec (NXC) Fundamentals

     By Scottie Cole Now that CrackMapExec is no more, how is a pentester to rapidly test credentials, enumerate assets, spray passwords, and more? Learn the basics of NetExec here. May 19, 2026
  • Critical Buffer Overflow Vulnerability in Palo Alto Networks PAN-OS Software
    , , ,

    Critical Buffer Overflow Vulnerability in Palo Alto Networks PAN-OS Software

     By Andrew Trexler CVE-2026-0300 is a critical buffer overflow vulnerability in Palo Alto’s PAN-OS software. Discover if you are affected and what to do now. May 13, 2026
  • Copy Fail - Local Linux Privilege Escalation in 4 lines
    , , , ,

    Copy Fail – Local Linux Privilege Escalation in 4 lines

     By Jason Taylor CVE-2026-31431, dubbed Copy Fail, allows privilege escalation to root on Linux distros missing the latest kernel patches. Learn what to do in this blog. May 8, 2026
  • Bypassing ChatGPT’s Open-Source Model Security Restrictions for Agentic Hacking
    , ,

    Bypassing ChatGPT’s Open-Source Model Security Restrictions for Agentic Hacking

     By Ryan Chaplin Ryan Chaplin wondered what it would take to bypass ChatGPT’s open-source model security restrictions to allow AI to hack his website. See how he did it here. May 5, 2026
  • No Malware Required
    , , ,

    No Malware Required

     By Brian Tant The March 2026 attack on Stryker Corporation was not Malware and did not make Ransomware demands. Instead it used compromised credentials to disrupt business. May 1, 2026
  • Cool Tools Series: SCP
    ,

    Cool Tools Series: SCP

     By Nathan Anderson Raxis Lead Penetration Tester Nathan Anderson continues our Cool Tool Series with SCP for data exfiltration on internal network pentests and red teams. April 21, 2026
  • The Face on Your Screen Might Not Be Real
    , , ,

    Deepfakes: The Face on Your Screen Might Not Be Real

     By Scottie Cole Phishing and other social engineering techniques have crossed a threshold with deepfake attacks. Scottie Cole discusses how to protect your organization. April 17, 2026
  • Smart Slider 3 Pro WordPress/Joomla Plugin Supply Chain Compromise
    , , ,

    Smart Slider 3 Pro WordPress/Joomla Plugin Supply Chain Compromise

     By Jason Taylor Last week’s supply chain attack caused many users of the WordPress and Joomla plugin Smart Slider 3 Pro to inadvertently patch to a malicious version. April 15, 2026
  • Two Critical Telnet Flaws in 2026 Allow Unauthenticated Root Access
    , ,

    Two Critical Telnet Flaws in 2026 Allow Unauthenticated Root Access

     By Ryan Chaplin Lead Penetration Ryan Chaplin explains how to protect your network against CVE-2026-24061 and CVE-2026-32746, two critical Telnet flaws released this year. April 10, 2026

Search The Exploit Blog

Blog Categories

Stay up to date with the latest in penetration testing

Name(Required)
Newsletter(Required)
Do you wish to join our newsletter? We send out emails once a month that cover the latest in cybersecurity news. We do not sell your information to other parties.