Blog & insights
14. October, 2025.
Evil AI: Hijacking AI Agent Tool Execution
We watched an AI agent hack itself during a pen test. Here's why trusting API responses without verification is dangerous—and how one malicious server turned "ls -la" into a reverse shell.
Read Entry
2. April, 2025.
Tasks: Collaboration on Pentest Project Lifecycle
PentestPad’s Tasks feature simplifies pentest project management with a smart Kanban board, task-based collaboration, searchable logs, and built-in comments—making teamwork seamless, updates clear, and project insights easy to retain.
Read Entry
29. March, 2025.
HTTP Hijacking Through Cross-site Scripting (XSS)
During a recent assessment, we identified a low-impact Cross-site Scripting (XSS) vulnerability. While HttpOnly cookies typically protect against unauthorized access to authentication cookies, there's a way to escalate the impact of such vu...
Read EntryLet's get you started
Create your account with PentestPad now, a tool developed by pentesters for pentesters.
