About Me
Hello! My name is Daniel, and currently I work full-time as a Product Security Manager at Pentest-Tools.com, based in Bucharest, Romania.
I specialize in auditing network infrastructures and web applications for vulnerabilities, delivering comprehensive vulnerability assessments and penetration test reports. My goal is to help organizations enhance their security posture against external threats and reduce the risk posed by attackers.
I am OSCP certified and CRTP certified .
I am one of the cybersecurity auditors approved by the National Cyber Security Directorate (DNSC).
I hold both a bachelor's and a master's degree in computer engineering from the University Politehnica of Bucharest.
Here are some of the technologies and concepts I work with:
- Offensive Security
- Network assessment
- Web application assessment
- Penetration Testing
- Red-Teaming
- Burpsuite
Where I’ve Worked
Product Security Manager @ Pentest-Tools
Aug 2021 - Present
- Leading a team of eight developers to successfully create and maintain our reconnaissance, network, and exploit products. Our efforts are dedicated to delivering high-performance, stable software capable of detecting and exploiting vulnerabilities in various software products.
- Committed to developing accessible, human-centered products for our clients.
Articles
Benchmarking our Network Vulnerability Scanner and 6 others
In January 2024, we undertook an evaluation of the most widely used network vulnerability scanners—Nessus Professional, Qualys, Rapid7 Nexpose, Nuclei, OpenVAS, and Nmap vulnerability scripts—including our own, allowing for independent validation by industry peers.
How to conduct a full network vulnerability assessment
In this blog article, I delve into my network vulnerability assessment process, outlining five practical scenarios to help you navigate the process methodically and efficiently.
Log4Shell scanner: detect and exploit Log4j CVE-2021-44228 in your network and web apps
On December 9, 2021, an active attack exploiting CVE-2021-44228 was detected. A proof of concept soon followed, revealing just how alarmingly easy it is to exploit this vulnerability. This article covers the fundamentals of this critical security flaw.
Detect and exploit Gitlab CE/EE RCE with Pentest-Tools.com (CVE-2021-22205)
On April 7, 2021, vakkz reported a Remote Code Execution vulnerability on Hackerone, involving Gitlab. The flaw occurred when a user uploaded a malformed image, which Gitlab's Workhorse then sent to Exiftool to filter based on whitelisted tags. Why is this such a significant issue? Let's dive into the details.
How to detect VMware vCenter RCE with Pentest-Tools.com (CVE-2021-21972)
On February 23, 2021, VMWare released patch VMSA-2021-0002 for CVE-2021-21972. Their security advisory also mentioned another vulnerability in the VMWare ESXi hypervisor. This blog article will unpack the details of this CVE, starting with a quick timeline.
How to do a full website vulnerability assessment with Pentest-Tools.com
This step-by-step guide highlights the essentials of using our tools and features to streamline and accelerate your workflow when assessing websites.
Other Noteworthy Projects
Sniper – Automatic Exploiter
Involved in product developing an automated vulnerability exploitation tool that helps validate the real impact of critical, widespread CVEs.
Vulnerability & Exploit Database
Involved in product developing a vulnerability & exploit database to list the vulnerabilities that can be detected with Pentest-Tools.com and the exploits that are currently available in the platform.
Pentest-Ground
Involved in developing a free playground featuring intentionally vulnerable web applications and network services.
OpenSSH Scanner for CVE-2024-6387 (RegreSSHion)
Involved in creating the content for the tool available on Pentest-Tools.com.
CVE-2024-24919 Scanner - Check Point VPN Vulnerability
Involved in creating the content for the tool available on Pentest-Tools.com.
CVE-2024-1709 Scanner - ScreenConnect
Involved in creating the content for the tool available on Pentest-Tools.com.
Videos
Inside our Network Vulnerability Scanner. Discover its 4 engines
In this video, I demonstrate the engine capabilities of the Network Vulnerability Scanner from Pentest-Tools.com.
Use Handlers to harvest juicy details in pentests
In this video, I explain how each type of handler works to get you the juiciest details that demonstrate and advance your ethical hacking skills.
Services
Vulnerability Assessment
- Vulnerability Assessment: I conduct a thorough vulnerability assessment, identifying security weaknesses in your systems. By analyzing your infrastructure and applications, I uncover potential risks and provide a detailed report with prioritized recommendations to help you strengthen your defenses.
- Managed Vulnerability Assessment: I offer a Managed Vulnerability Assessment service, where I periodically evaluate your systems for security weaknesses. As a dedicated professional, I personally conduct regular assessments to identify vulnerabilities, providing you with detailed reports and recommendations to enhance your security posture.
What’s Next?
Get In Touch
Get in touch with me to learn more about my range of services, tailored to help secure your digital assets. Whether you need penetration testing, vulnerability assessments, or security consulting, I'm here to provide expert solutions and support.
Contact me