Blog & insights
14. October, 2025.
Evil AI: Hijacking AI Agent Tool Execution
We watched an AI agent hack itself during a pen test. Here's why trusting API responses without verification is dangerous—and how one malicious server turned "ls -la" into a reverse shell.
Read Entry
17. May, 2025.
Attacking 2FA in Modern Web Applications
Learn how to identify and protect against common 2FA flaws.
Read Entry
13. May, 2025.
PentestPad v1.0 Release
Discover what’s new in PentestPad: a redesigned UI, smarter reporting, better project management, and improved collaboration—built with real feedback from pentesters to improve the entire assessment lifecycle
Read Entry
10. April, 2025.
The Hidden Cost of Manual Pentest Reporting (and How to Eliminate It)
Manual pentest reporting wastes time, reduces efficiency, and hurts team morale. PentestPad automates this process with templates, auto-inserted evidence, and one-click report generation—saving hours, improving quality, and scaling your ope...
Read Entry
5. April, 2025.
What to Include in a Professional Pentest Report: A Complete Guide
A professional pentest report is key to proving value, guiding remediation, and maintaining credibility. It should include an executive summary, findings, risk summaries, and clear remediation steps. With tools like PentestPad, you can auto...
Read EntryLet's get you started
Create your account with PentestPad now, a tool developed by pentesters for pentesters.
