the exploit blog logo

The Exploit: Penetration Testing Insights From The Frontlines

Discover the Art of Penetration Testing

  • Sponsored Malware: When the Bad Guys Pay for Views
    ,

    Sponsored Malware: When the Bad Guys Pay for Views

     By Jason Taylor When a Raxis pentester Jason Taylor found a suspicious sponsored search result, he broke down the code it would have run and discovered it was malware. March 13, 2026
  • The Hidden Risks in Your Password: What You Type Matters More Than You Think
    , ,

    The Hidden Risks in Your Password: What You Type Matters More Than You Think

     By Brad Herring Raxis has discovered and cracked our fair share of password hashes. Some that we have discovered may surprise you… and their bosses. Learn what not to do. March 10, 2026
  • AI-Augmented Series: AI Scripting for Brute-Forcing on a Web App Pentest
    , , ,

    AI-Augmented Series: AI Scripting for Brute-Forcing on a Web App Pentest

     By Andrew Trexler On a recent web app pentest, Andrew Trexler used AI to find client-side code that stopped his brute-force attack then used AI again to thwart that code. March 4, 2026
  • Wireless Series: Aircrack-ng
    , , ,

    Wireless Series: The Aircrack-ng Suite for All Your Wireless Pentesting Needs

     By Scottie Cole Principal Penetration Tester Scottie Cole continues our wireless series with the Aircrack-ng Suite, a set of tools for wireless pentest discovery and exploits. February 24, 2026
  • Reynolds Ransomware BYOVD Eludes EDR Tools
    , ,

    Reynolds Ransomware BYOVD Eludes EDR Tools

     By Nathan Anderson Reynolds poses a new type of threat by including a Bring Your Own Vulnerable Driver (BYOVD) in the ransomware bundle, making it harder for EDR tools to catch. February 20, 2026
  • BeyondTrust RCE Vulnerability Exploited: Critical 9.9 CVSS Flaw Under Active Attack
    , , , ,

    BeyondTrust RCE Vulnerability Exploited: Critical 9.9 CVSS Flaw Under Active Attack

     By Ryan Chaplin While BeyondTrust patched cloud-hosted Remote Support customers earlier this month, on-premises deployments of BeyondTrust must manually patch to remediate. February 17, 2026
  • Bypassing a WAF and a CSP with Google Tag Manager: An Attacker’s Perspective and Remediation Advice
    , , ,

    Bypassing a WAF and a CSP with Google Tag Manager: An Attacker’s Perspective and Remediation Advice

     By Ryan Chaplin Ryan Chaplin takes an in-depth look at how attackers can use unsafe directives to bypass CSP, notably in Google Tag Manager, and how to remediate the issue. February 10, 2026
  • CVE-2025-59886 Eaton Exploit Code Published
    , , ,

    CVE-2025-59886 Eaton Exploit Code Published

     By Jason Taylor With exploit code available for the vulnerabilities in Eaton’s xComfort Ethernet Communication Interface, Jason Taylor recommends replacing or isolating. February 5, 2026
  • Publicly Accessible Database Discovered Hosting 149 Million Credentials
    , ,

    Publicly Accessible Database Discovered Hosting 149 Million Credentials

     By Andrew Trexler Andrew Trexler looks at a recently discovered public database of stolen usernames and passwords and what you can do now to protect your access and information. February 2, 2026
  • PSE & Red Team Series: Social Engineering
    , ,

    PSE & Red Team Series: Social Engineering

     By Nathan Anderson Lead Penetration Tester Nathan Anderson is back with more PSE and red team tips, including tailgating, impersonating, and pretexts to gain onsite access. January 27, 2026

Search The Exploit Blog

Blog Categories

Stay up to date with the latest in penetration testing

Name(Required)
Newsletter(Required)
Do you wish to join our newsletter? We send out emails once a month that cover the latest in cybersecurity news. We do not sell your information to other parties.