the exploit blog logo

The Exploit: Penetration Testing Insights From The Frontlines

Discover the Art of Penetration Testing

  • Copy Fail - Local Linux Privilege Escalation in 4 lines
    , , , ,

    Copy Fail – Local Linux Privilege Escalation in 4 lines

     By Jason Taylor CVE-2026-31431, dubbed Copy Fail, allows privilege escalation to root on Linux distros missing the latest kernel patches. Learn what to do in this blog. May 8, 2026
  • Bypassing ChatGPT’s Open-Source Model Security Restrictions for Agentic Hacking
    , ,

    Bypassing ChatGPT’s Open-Source Model Security Restrictions for Agentic Hacking

     By Ryan Chaplin Ryan Chaplin wondered what it would take to bypass ChatGPT’s open-source model security restrictions to allow AI to hack his website. See how he did it here. May 5, 2026
  • No Malware Required
    , , ,

    No Malware Required

     By Brian Tant The March 2026 attack on Stryker Corporation was not Malware and did not make Ransomware demands. Instead it used compromised credentials to disrupt business. May 1, 2026
  • Cool Tools Series: SCP
    ,

    Cool Tools Series: SCP

     By Nathan Anderson Raxis Lead Penetration Tester Nathan Anderson continues our Cool Tool Series with SCP for data exfiltration on internal network pentests and red teams. April 21, 2026
  • The Face on Your Screen Might Not Be Real
    , , ,

    Deepfakes: The Face on Your Screen Might Not Be Real

     By Scottie Cole Phishing and other social engineering techniques have crossed a threshold with deepfake attacks. Scottie Cole discusses how to protect your organization. April 17, 2026
  • Smart Slider 3 Pro WordPress/Joomla Plugin Supply Chain Compromise
    , , ,

    Smart Slider 3 Pro WordPress/Joomla Plugin Supply Chain Compromise

     By Jason Taylor Last week’s supply chain attack caused many users of the WordPress and Joomla plugin Smart Slider 3 Pro to inadvertently patch to a malicious version. April 15, 2026
  • Two Critical Telnet Flaws in 2026 Allow Unauthenticated Root Access
    , ,

    Two Critical Telnet Flaws in 2026 Allow Unauthenticated Root Access

     By Ryan Chaplin Lead Penetration Ryan Chaplin explains how to protect your network against CVE-2026-24061 and CVE-2026-32746, two critical Telnet flaws released this year. April 10, 2026
  • Cool Tools Series: Reptyr
    , ,

    Cool Tools Series: Reptyr

     By Jason Taylor Jason Taylor brings highlights reptyr in our Cool Tools series, showing how to take a long-running process, like an Nmap scan, and move it to a new screen. April 7, 2026
  • Raxis at RSAC 2026
    , ,

    Raxis at RSAC 2026: A Week Well Spent in San Francisco

     By Mark Puckett The Raxis team reflects on RSAC 2026 from organizations looking to secure their systems with pentesting to PTaaS and partners looking to secure their customers. April 1, 2026
  • Five Things to Always Do After Getting Domain Admin
    , , ,

    Five Things to Always Do After Getting Domain Admin

     By Andrew Trexler So you got DA on your red team or internal network penetration test. Here are the five things that Principal Penetration Tester Andrew Trexler does next. March 24, 2026

Search The Exploit Blog

Blog Categories

Stay up to date with the latest in penetration testing

Name(Required)
Newsletter(Required)
Do you wish to join our newsletter? We send out emails once a month that cover the latest in cybersecurity news. We do not sell your information to other parties.