The Exploit Blog | Penetration Testing & Cybersecurity Insights by Raxis

Discover the Art of Penetration Testing

The Exploit is Raxis’ cybersecurity blog where our penetration testers and red team experts share real-world insights, attack techniques, and strategies to strengthen defenses against evolving threats. We feature expert advice, detailed breakdowns of exploits, and practical guidance to help organizations understand and respond to today’s most pressing security challenges.

AI | Exploits | Penetration Testing | Web Apps

AI-Augmented Series: AI Scripting for Brute-Forcing on a Web App Pentest

By Andrew Trexler

Posted in AI, Exploits, Penetration Testing, Web Apps

On a recent web app pentest, Andrew Trexler used AI to find client-side code that stopped his brute-force attack then used AI again to thwart that code.

How To | Password Cracking | Penetration Testing | Wireless

Wireless Series: The Aircrack-ng Suite for All Your Wireless Pentesting Needs

By Scottie Cole

Posted in How To, Password Cracking, Penetration Testing, Wireless

Principal Penetration Tester Scottie Cole continues our wireless series with the Aircrack-ng Suite, a set of tools for wireless pentest discovery and exploits.

Exploits | In The News | Security Recommendations

Reynolds Ransomware BYOVD Eludes EDR Tools

By Nathan Anderson

Posted in Exploits, In The News, Security Recommendations

Reynolds poses a new type of threat by including a Bring Your Own Vulnerable Driver (BYOVD) in the ransomware bundle, making it harder for EDR tools to catch.

AI | Exploits | In The News | Patching | Security Recommendations

BeyondTrust RCE Vulnerability Exploited: Critical 9.9 CVSS Flaw Under Active Attack

By Ryan Chaplin

Posted in AI, Exploits, In The News, Patching, Security Recommendations

While BeyondTrust patched cloud-hosted Remote Support customers earlier this month, on-premises deployments of BeyondTrust must manually patch to remediate.

How To | Injection Attacks | Security Recommendations | Web Apps

Bypassing a WAF and a CSP with Google Tag Manager: An Attacker’s Perspective and Remediation Advice

By Ryan Chaplin

Posted in How To, Injection Attacks, Security Recommendations, Web Apps

Ryan Chaplin takes an in-depth look at how attackers can use unsafe directives to bypass CSP, notably in Google Tag Manager, and how to remediate the issue.

Search The Exploit

Stay up to date with the latest in penetration testing

Name(Required)

First Last

Email(Required)

Newsletter(Required)

Do you wish to join our newsletter? We send out emails once a month that cover the latest in cybersecurity news. We do not sell your information to other parties.

Yes! Please send me Popped Culture, the Raxis Newsletter.

Cybersecurity Insights From The Frontlines

Discover the Art of Penetration Testing

AI-Augmented Series: AI Scripting for Brute-Forcing on a Web App Pentest

Wireless Series: The Aircrack-ng Suite for All Your Wireless Pentesting Needs

Reynolds Ransomware BYOVD Eludes EDR Tools

BeyondTrust RCE Vulnerability Exploited: Critical 9.9 CVSS Flaw Under Active Attack

Bypassing a WAF and a CSP with Google Tag Manager: An Attacker’s Perspective and Remediation Advice

Search The Exploit

Stay up to date with the latest in penetration testing

Blog Categories

Company Information

Resources

Penetration Tests