Raxis Research Team

The Raxis Research Team is dedicated to staying ahead of the threat landscape. Our experts dig into emerging exploits, uncover hidden vulnerabilities, and develop resources that power our penetration testing engagements. By combining curiosity with technical precision, the team equips Raxis testers with cutting-edge intelligence to simulate real-world attacks and strengthen client defenses.

the exploit blog logo
The Exploit: Penetration Testing Insights From The Frontlines

The Exploit articles written by Raxis Research Team

  • 2021 OWASP Top 10

    2021 OWASP Top 10 Focus: Injection Attacks for Penetration Testing

     By Raxis Research Team The latest draft of the OWASP Top 10 has been released. Though injection is #3, Raxis’ Matt Dun explains why that doesn’t mean the threat is any less severe. September 24, 2021
  • Nagios XI Stored Cross-Site Scripting (XSS): CVE-2021-38156
    , ,

    Nagios XI Stored Cross-Site Scripting (XSS): CVE-2021-38156

     By Raxis Research Team Nagios is open-source network and system monitoring software. Raxis’ Matt Dunn has discovered a cross-site scripting vulnerability that could leave users open to attack. September 17, 2021
  • Cookie Jar

    Keep Your Cookies in the Cookie Jar: HttpOnly and Secure Flags

     By Raxis Research Team How can cookies be used against you? And how do you keep that from happening? Raxis’ Matt Dunn explains. September 3, 2021
  • PRTG Network Monitor Stored Cross-Site Scripting Vulnerability (CVE-2021-29643)
    , ,

    PRTG Network Monitor Stored Cross-Site Scripting Vulnerability (CVE-2021-29643)

     By Raxis Research Team Raxis lead penetration tester Matt Dunn uncovers a new vulnerability in the PRTG Network Monitor (CVE-2021-29643). Read more here. August 20, 2021
  • Matt Dunn Mathur

    Matt Mathur, Lead Penetration Tester

     By Raxis Research Team Meet Raxis lead penetration tester Matt Mathur, a cybersecurity professional with a passion for learning and for giving back. August 6, 2021
  • JavaScript Execution to Display User's Cookie in an Alert Box
    ,

    ManageEngine Applications Manager Stored Cross-Site Scripting Vulnerability (CVE-2021-31813)

     By Raxis Research Team Raxis’ Matt Dunn has discovered another ManangeEngine cross-site scripting (XSS) vulnerability, this time in the Applications Manager product (CVE-2021-31813). June 25, 2021