Interview With Adrian Furtuna – Pentest-Tools.com
We recently sat down with Adrian Furtuna, Founder of Pentest-Tools.com, and he told us that he started his company because he wanted to be able to automate pen testing so he could concentrate on the engagement aspect of his relationships with his customers.
Private Internet Access: What motivated you to start your company?
Adrian Furtuna: About seven years ago, I was working as a full-time penetration tester for one of the big four companies. Since I was doing a lot of manual work, I thought that much of this could be automated, so, as a pen tester, I could focus on more interesting work. In penetration testing, some parts of the work can be automated, but others can’t. I thought that I could have a much better use of my time focusing on the parts of the engagement that cannot be automated and leave the other parts to some tools to do the work for me. So this was the main reason why I started the Pentest-Tools, which right now has the main objective to make the life of a penetration tester much more simple and more effective.
PIA: What do you love about working in cybersecurity?
AF: I like working in cybersecurity because every day has a new challenge. Every day, there are new vulnerabilities and new attacks. It’s a very dynamic field. And it’s also very challenging and interesting. In cybersecurity, you cannot get bored if you love the domain.
PIA: Tell me a what your company does.
AF: Pentest-Tools.com creates an online platform for penetration testers that helps them perform pen tests much easier and more effectively than the traditional manual way of doing it. In the platform, we have multiple tools that are split into categories for reconnaissance, web vulnerability scanning, network vulnerability scanning, and exploitation.
Recently, we developed a new tool in the exploitation section that we are very proud of, Sniper, which automatically exploits the newest and most critical vulnerabilities that are affecting widely-used software. You can see this tool as an automated Metasploit. It’s very useful to see which targets are vulnerable in a quick glance. Then it automatically exploits them in order to see the risk of the vulnerability for your customer so they can immediately act on it or to postpone the fix if it’s not that critical as typical vulnerability scanners say that it is.
Besides the tools, we have numerous functionalities in the platform also for making the work of pen testing more effective. We have a module that allows you to create reports, automation features, and easy-to-use scheduling options. You can continuously monitor a set of assets. We have a full-fledged platform that can be used to perform an end-to-end penetration test.
PIA: Why do individuals and companies need a good VPN?
AF: A good VPN should provide these two elements. You use a VPN to encrypt your communication and to avoid eavesdropping through man in the middle attacks.
PIA: What do you think are the worst cyberthreats out there today?
AF: Everybody is talking about ransomware. But we should also consider the human behavior that enables these attacks.
PIA: How is the pandemic changing cybersecurity for the future?
AF: There has been a shift in the working aspects of the employees. Employees mostly work from home, so the security of the network and the systems have shifted from corporate security to home security. System administrators now need to worry about making sure employees have very strong endpoint solutions for protection and also to increase the security awareness of their employees so that they do not get easily attacked. If they do, the employees that are working from home will become the entry point to the network and attackers could access the enterprise network.