Hi, my name is
Daniel Bechenea.
I help organizations find and fix security weaknesses before attackers do.
I'm a Product Security Manager who builds reconnaissance, vulnerability, and offensive security tools. Currently, I'm focused on making professional-grade security testing accessible at Pentest-Tools.com.
About Me
Hello! I'm Daniel, a Product Security Manager at Pentest-Tools.com based in Bucharest, Romania.
I audit network infrastructures and web applications for vulnerabilities, delivering actionable penetration test reports. My goal is to help organizations strengthen their defenses and reduce the risk of compromise.
I hold the OSCP and CRTP certifications.
I'm also an approved cybersecurity auditor under Romania's National Cyber Security Directorate (DNSC).
I hold both a bachelor's and a master's degree in computer engineering from the University Politehnica of Bucharest.
Here are some areas and tools I work with:
- Offensive Security
- Network Assessment
- Web App Testing
- Penetration Testing
- Red Teaming
- Burp Suite
Where I've Worked
Product Security Manager @ Pentest-Tools
Aug 2021 - Present
- Lead a team of 8 engineers building reconnaissance, vulnerability scanning, and exploit tools used by thousands of security professionals
- Define product roadmap and prioritize features based on customer needs and emerging threat landscape
- Architect and ship key products including the Vulnerability & Exploit Database and Pentest-Ground training platform
- Drive a human-centered design approach, making professional security testing accessible to a wider audience
Articles
Benchmarking our Network Vulnerability Scanner and 6 others
In January 2024, we undertook an evaluation of the most widely used network vulnerability scanners—Nessus Professional, Qualys, Rapid7 Nexpose, Nuclei, OpenVAS, and Nmap vulnerability scripts—including our own, allowing for independent validation by industry peers.
How to conduct a full network vulnerability assessment
In this blog article, I delve into my network vulnerability assessment process, outlining five practical scenarios to help you navigate the process methodically and efficiently.
Log4Shell scanner: detect and exploit Log4j CVE-2021-44228 in your network and web apps
On December 9, 2021, an active attack exploiting CVE-2021-44228 was detected. A proof of concept soon followed, revealing just how alarmingly easy it is to exploit this vulnerability. This article covers the fundamentals of this critical security flaw.
Detect and exploit Gitlab CE/EE RCE with Pentest-Tools.com (CVE-2021-22205)
On April 7, 2021, vakkz reported a Remote Code Execution vulnerability on Hackerone, involving Gitlab. The flaw occurred when a user uploaded a malformed image, which Gitlab's Workhorse then sent to Exiftool to filter based on whitelisted tags. Why is this such a significant issue? Let's dive into the details.
How to detect VMware vCenter RCE with Pentest-Tools.com (CVE-2021-21972)
On February 23, 2021, VMWare released patch VMSA-2021-0002 for CVE-2021-21972. Their security advisory also mentioned another vulnerability in the VMWare ESXi hypervisor. This blog article will unpack the details of this CVE, starting with a quick timeline.
How to do a full website vulnerability assessment with Pentest-Tools.com
This step-by-step guide highlights the essentials of using our tools and features to streamline and accelerate your workflow when assessing websites.
Other Noteworthy Projects
view the archiveCVE-2024-24919 Scanner - Check Point VPN Vulnerability
Involved in creating the content for the tool available on Pentest-Tools.com.
Vulnerability & Exploit Database
Involved in product developing a vulnerability & exploit database to list the vulnerabilities that can be detected with Pentest-Tools.com and the exploits that are currently available in the platform.
Sniper – Automatic Exploiter
Involved in product developing an automated vulnerability exploitation tool that helps validate the real impact of critical, widespread CVEs.
OpenSSH Scanner for CVE-2024-6387 (RegreSSHion)
Involved in creating the content for the tool available on Pentest-Tools.com.
Pentest-Ground
Involved in developing a free playground featuring intentionally vulnerable web applications and network services.
CVE-2024-1709 Scanner - ScreenConnect
Involved in creating the content for the tool available on Pentest-Tools.com.
Videos
Inside our Network Vulnerability Scanner. Discover its 4 engines
In this video, I demonstrate the engine capabilities of the Network Vulnerability Scanner from Pentest-Tools.com.
Use Handlers to harvest juicy details in pentests
In this video, I explain how each type of handler works to get you the juiciest details that demonstrate and advance your ethical hacking skills.
Services
Penetration Testing
- Web Application Penetration Testing: I perform thorough assessments of your web application, identifying security weaknesses and exploitable vulnerabilities. My approach involves manually testing each component, simulating real-world attacks. You’ll receive a detailed report with validated findings, exploitation techniques, and practical recommendations to strengthen your app’s security.
- Network Penetration Testing: I conduct a thorough Network Penetration Test, simulating real-world attack scenarios to identify vulnerabilities within your network. By exploring potential entry points and escalating access, I provide you with a detailed report outlining the weaknesses I find, along with practical recommendations for improving your network security.
What's Next?
Get In Touch
Whether you need a penetration test, a vulnerability assessment, or security consulting, I'd love to hear from you.
Contact me