Atlanta is our home town
Raxis is a small, highly focused team of security engineers whom are mostly based out of the Atlanta, GA area. Several of us are originally from the area and have spent our entire careers here, working for companies like Home Depot, General Electric, AT&T, and several local startups.
Back in 2011 we set out to create a security company that helps organizations discover and eliminate security risks that they didn't know they had. Since then we've grown substantially and now provide a variety of breach related information security services to customers all across the country. In addition, several very large penetration testing firms outsource a substantial amount of work to Raxis when they need coverage in the southeastern US or need additional expertise.
Do you know how a hacker could breach your defenses?
We all see it almost everyday in the news - hackers are breaching organizations of all types, from governments to the private sector. Ransomware is disabling businesses from performing transactions, data theft is putting organizations at risk of fines and lost trust, and theft of services and funds is destroying the bottom line. Let us show you how we can find where your actual security risk is and give you a clear roadmap on how to reduce security risks and stay safe from malicious attackers..
Download our Penetration Testing Service Brief (PDF) for more information.
Penetration Testing Services
ExternalExternal manual penetration testing performs actual hacking attacks against your internet presence to the highest level of detail, including every application and port.
InternalInternal manual penetration testing attacks your internal defenses as a rogue employee, contractor, or other third party.
Web ApplicationRaxis provides extreme focus on hacking your web application to determine if there are coding errors that could cause privilege escalation of a data breach.
WirelessRaxis will attempt to breach your wireless network controls, including the setup of a cloned access point to obtain user password hashes.
APIRaxis performs extensive manual testing of web service calls using real-world hacking techniques to ensure input controls are operating as they should.
MobileUsing the developer API, rooted devices, and MitM proxies, Raxis attempts to extract critical data from your mobile application.
How Does Raxis Perform a Penetration Test?
Pivoting and Chained Attacks
Raxis applies the same hacking concepts, custom tools, and professional grade software used by the adversarial hackers located across the globe. By using the same formula, Raxis is able to achieve similar results as to what would be found by an actual unethical hacking group. Once the first system falls, we continue by breaching multiple machines through a series of pivots and subsequently gaining access to critical data for exfiltration. The process of chaining multiple attacks together is important to convey the full potential impact to business leadership and help drive resolution of the security vulnerabilities.
"Raxis obtained Domain Admin, cracked most of the hashes in our domain, and even transferred funds in our banking application. Unbelievable."— CISO, Undisclosed Financial Institution
It's Likely That You're Vulnerable
While it is not possible to guarantee we will breach your network, Raxis has an 85% success rate for internal penetration testing. In addition, Raxis still has the same 85% success rate when combining the External Penetration test with Social Engineering.
GPU Accelerated Password Cracking
Our pentesters are often are able to retrieve password hashes by breaching Active Directory or exploiting a vulnerability in a web server database. If we can crack these password hashes, often we can leverage the actual passwords to further our penetration test by allowing additional pivoting to other systems. Raxis has several dedicated password cracking systems with mulitple nVidia GPU processors to run the popular Hashcat tool. We'll provide a detailed analysis of the password complexity used within your organization if this becomes an opportunity for us to add to your scope.
Every PenTest is Different
While we follow a proven pentesting methodology to maintain quality and meet compliance standards, Raxis doesn't follow a script that is repeated for every customer. Raxis believes that a scripted format weakens the results significantly since every customer is different and it removes the chance for creativity in the attack. Instead, we'll spend the first phase learning how your systems operate and work together. Once everything is mapped out, we'll form a custom attack based on the weaknesses that we believe may exist.
Transporter Remote Access
Raxis Transporter provides an easy to deploy "virtual wire" network connection to our manual penetration testers, vulnerability assessors, and R3 incident response team.
On-Site Penetration Testing
Sometimes it's necessary to be on-site to get access to internal networks or examine a breach first hand. No problem, our consultants will fly to you.
A Smarter Way to Stay Secure
Learn how hacking can help find and fix security gaps you never knew about.