Cross-Site Scripting (XSS): Cookie Theft – Advanced Payloads
We reached into our vaults to bring you the final video in our cross-site scripting (XSS) series. Learn about cookie theft, website defacement, and CSRF attacks.
Discover the Art of Penetration Testing
The Exploit is Raxis’ cybersecurity blog where penetration testers and red team experts share real-world insights, attack techniques, and strategies to strengthen defenses against evolving threats. We feature expert advice, detailed breakdowns of exploits, and practical guidance to help organizations understand and respond to today’s most pressing security challenges.
Data Theft Exploit Part 1: DNS Exfiltration Setup
Raxis Lead Penetration Tester Jason Taylor’s in-depth tutorial explains setting up a server for DNS exfiltration. Check back next month to run the attack.
Autonomous Supply-Chain Worm Compromises Postman, PostHog, Zapier, and 26k Others
Operating fully autonomously, this new supply-chain malware has compromised Postman, PostHog, Zapier and 26k others. Learn what your organization should do now.
The Role of AI in Penetration Testing
Bonnie Smyre shows how Raxis’ AI-augmented pentesting gives their expert pentesters more time for complex chained attacks and discovery of business-logic flaws.
CrowdStrike Fires Insider Who Shared Screens Externally
Though hacker groups claimed to have access to internal systems, CrowdStrike announced they fired an insider who shared external screens with the attackers.
Raxis Chief Penetration Testing Officer Brian Tant Featured on WSB-TV Atlanta
When WSB-TV Atlanta reached out to for help warning about a scam targeting Atlanta residents in DeKalb County, Raxis CPTO Brian Tant jumped to help.
OWASP Top 10 for 2025: What’s New in Web Application Security
The OWASP Top 10 2025 for web applications release candidate was released last week. Take a look at which categories have moved as well as one new category.
Wireless Encryption: WPA3 and the Gotchas Every Company Should Know About
Brian Tant takes a look at WPA3. While offering much deeper security than WPA2, it is still vulnerable to transition Mode and side-channel attacks.
AI-Augmented Series: LLM-Aided Enumeration for Dormant WordPress Account Discovery
Ryan Chaplin leads off our Augmented-AI series with a scenario from a recent pentest using AI to write a script to discover an account to gain system access.
The @ctrl/tinycolor NPM Attack: The Brutal Anatomy of a Cascading Supply Chain Breach
Over 40 major packages were exploited in this malware campaign. Learn what happened and what your organization should do if you have been affected.
Blog Categories
- AI
- Careers
- Choosing a Penetration Testing Company
- Exploits
- How To
- In The News
- Injection Attacks
- Just For Fun
- Meet Our Team
- Mobile Apps
- Networks
- Password Cracking
- Patching
- Penetration Testing
- Phishing
- PTaaS
- Raxis In The Community
- Red Team
- Security Recommendations
- Social Engineering
- Tips For Everyone
- Web Apps
- What People Are Saying
- Wireless