At Pentest® we carry out artisan intrusion tests: we use tools developed by the pentesters themselves during the execution of the service. A service whose purpose is to be as practical as possible and not a mere formality to comply with some protocol. For this, the tests are carried out with the maximum realism, exploiting vulnerabilities whenever possible and focusing the attacks to reach the most interesting assets of the client.
Our experience is genuine, based on decades of hacking (since the mid 90's)
The impact of the security research of Pentest® consultants not only goes back far back in time, but is also global in scope and affects the main manufacturers in the market.
News
Oct
24
2024
Pentest® presented its cyber security capabilities in a private conference for NATO
Mar
23
2025
Here, our CEO outlines why this approach is not a valuable investment, as we consistently bypass 100% of EDR solutions—just as real attackers do. Instead, we will focus our efforts on analyzing other attack surfaces.
Jan
17
2025
Pentest® has weaponized a new Linux Kernel DoS that causes RCU_sched to stall and will be available to customers for testing purposes
Oct
01
2024
Exploiting GMail SSL to Present the Original Certificate Chain in a Man-in-the-Middle Attack
Web Site Welcomes Hackers
“Two Spanish security experts are inviting computer buffs to participate in a competition to deface a Web site on a production server”... Read MoreA Spanish company founds holes in Check Point's Firewall
“The Spanish research company PenTest announced last week that it had found security holes in the firewall software of the information security company Check Point”... Read MoreIOS HTTP Server Command Injection Vulnerability
“Remote vulnerability in the IOS HTTP server allows full compromise”... Read More$1m hacking challenge' product is flawed
“AlphaShield's "unhackable" consumer security device isn't unhackable, Spanish white hat hackers claim”... Read MoreRoot Command Injection in Azure Virtual Machines CRM:0461058838
“Root Command Injection in Azure Virtual Machines”... Read MoreCheck Point plays down FireWall-1 bug reports
“Spanish security firm Pentest discovered multiple buffer overflow vulnerabilities during the course of a comprehensive security evaluation of the most secure version of the Check Point FireWall-1/VPN-1 security software”... Read MoreMicrosoft Internet Information Services (IIS) 6.0, vulnerable to ILLC attack
“Microsoft Internet Information Services (IIS) 6.0, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response.”... Read MoreELECTRONIC BANKING, June 2006, nº97
“REPORTS Electronic Banking: new attack vectors (Page 11)”... Read MoreCisco and Checkpoint facing firewall vulnerabilities
“Using the vulnerability found by Hugo Vázquez Caramés from Grupo ADD, it seems to be possible to have the firewall beiing not responding anymore to certain remote services among wich the famous SecuRemote.”... Read MoreApache HTTP Server 2.0.44 vulnerable to ILLC attack
“The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response.”... Read MoreiPlanet Log Analyzer Logfile HTML Injection Vulnerability
“Through exploitation of this issue, it will be possible to falsify log information and execute arbitrary script code in the web client of the user viewing the logs.”... Read MoreArgus Systems Channel Partners
“Pentest pioneers in Spain in MLS (Multi Level Security) systems and the first to be certified in the system used by the US DoD.”... Read MoreA Security Bug in iPlanet leaves Terra users vulnerable
“The SUN Microsystems iPlanet Messaging mail server is used by millions of users around the world, and in Spain by Terra.es (Terra Networks) among others.”... Read MoreJCaptcha Sound File CAPTCHA Security Bypass Vulnerability
“JCaptcha is prone to a security-bypass vulnerability.”... Read MoreHoles found in SonicWall god box
“Multiple vulnerabilities have been found in SonicWall’s Network Security Appliance (NSA) 4500”... Read MoreVeriSign security seal could be forged
“Hugo Vázquez, from Infohacking, has discovered that the VeriSign security seal that guarantees the authenticity of a page could be manipulated through HTML injection.”... Read MoreA DoS breaks Bluetooth
“A team of experts belonging to the Catalan Infohacking crew has made publicly available a program considered capable of breaking any connection between Bluetooth devices”... Read MoreDemystifying Qubes OS Security
“AN OLD SCHOOL HACKING PRAGMATIC ANALYSIS”... Read MoreAnonymity and traceability in cyberspace
“Technical report is based on a dissertation submitted August 2005 by the author for the degree of Doctor of Philosophy to the University of Cambridge, Darwin College”... Read MoreCross-site scripting (XSS) vulnerability in WebLogExpert
“Cross-site scripting (XSS) vulnerability in WebLogExpert allows remote attackers to inject arbitrary web script or HTML via a crafted client domain name.”... Read MoreUSN-145-1: wget vulnerabilities
“Hugo Vázquez Caramés discovered a race condition when writing output files. After wget determined the output file name, but before the file was actually opened (the time window is determined by the delay of the first received data packet)”... Read MoreiPlanet Log Viewing Utility Concealed Log Entry Vulnerability
“A vulnerability has been reported for iPlanet 6.0 which may conceal malicious log entries”... Read MoreCheck Point FireWall-1 SDSUtil buffer overflow
“Check Point FireWall-1 is vulnerable to a stack-based buffer overflow”... Read MoreXSS in OWA allows obtaining user credentials
“A vulnerability discovered in OWA (Outlook Web Access) that can be used by a remote attacker to obtain user credentials”... Read MoreesCERT certifies a Pentest report on attacks on online banking
“Evidence of certification by esCERT of our report on new attacks on electronic banking (bypass of coordinate cards with virtual keyboards)”... Read MoreMultiple buffer overflows discovered in Check Point Firewall-1
“Spanish security firm Pentest has discovered 10 buffer overflows affecting different applications in Check Point’s flagship FireWall-1 security software.”... Read MoreSun ONE (aka iPlanet) Web Server 4.1 and 6.0 vulnerable to ILLC attack
“Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files, and conduct cross-site scripting (XSS) attacks.”... Read MoreHow Hackers Think
“This is a bit technical, but it's a good window into the hacker mentality. This guy walks step by step through the process of figuring out how to exploit a Cisco vulnerability.”... Read MoreSpanish Intelligence 2017 Collaborating Companies
“List of collaborating companies of the National Cryptological Center, June 2017.”... Read MoreEmerging XSS Vulnerabilities in html Log Viewers
“Firewall, IDS and E-Mail XSS - Implications beyond Webservers ”... Read MoreEl Proxy-cache de Telefónica permite robar datos de usuarios
“A vulnerability in the 'Inktomi Traffic-Server' software has been recently discovered by two Spanish researchers, Hugo Vazquez Carames and Toni Cortes Martinez”... Read MoreElectronic Banking: new attack vectors
“This report, prepared by Hugo Vázquez Caramés, from Pentest, presents a profile of the results obtained in the study of the security mechanisms used by banks.”... Read MoreHacking against the clock
“Computer security is a relatively recent specialty of Telematics. In 1988 Robert T. Morris released a worm that almost completely paralyzed the Internet.”... Read MoreHoles in Firewall-1
“Spanish security researchers have discovered several vulnerabilities in the 'Firewall-1' security solution by software vendor Checkpoint, and are now questioning its Common Criteria EAL4+ certification. Pentest penetration testers discovered various bugs in the form”... Read MoreCheckPoint Secure Platform Hack
“An uncensored real-time how was exploited a vulnerability in a kernel hardened EAL4+ certified firewall”... Read MoreSpanish Intelligence 2010 Collaborating Companies
“List of collaborating companies of the National Cryptological Center, March 2010.”... Read MoreNot only a XSS
“FIST Conference March 2004 Not only a XSS© Toni Cortes Martinez & Hugo Vazquez Carames Infohacking Research Barcelona, 7 May 2004”... Read MoreInfohacking.com welcomes hackers
“Security experts issue challenge to deface Web site on production server running Windows 2000”... Read MoreGet a quote in 24h
Contact
Centro Criptológico Nacional
PenTest Magazine
PitBull Trusted OS
Contact us
admin@pentest.es
C\Uruguay, Parcela 13, Pol. Ind. Oeste
Alcantarilla – 30820 (Murcia), SPAIN
Tlf. : (+34) 868 952 259
*Informative note: all the data that you provide us will be treated with total confidentiality and adopting the necessary security measures in compliance with current legislation.