Skip to content
Raxis
  • Home
  • Services
      Core Services
    • Raxis Red Team
    • AI Augmented Penetration Testing
    • Penetration Testing as a Service (PTaaS)
    • Elite Cybersecurity Services
    • Raxis listed as a Sample Vendor for Penetration Testing as a Service in two Gartner® Hype Cycle™, 2024 reports
      • Penetration Testing
    • Penetration Testing Services
    • Web Application Penetration Testing
    • API Security
    • Salesforce Applications
    • Internal Networks, Cloud, and VPC
    • External Networks and Internet
    • Wireless Networks
    • Mobile Applications
      • CyberSecurity Services
    • Compliance: PCI, HIPAA, GLBA, and more
    • Attack Surface Management
    • Breach and Attack Simulation
    • Cybersecurity Code Review
    • Cybersecurity Red Team
    • Phishing and Spear Phishing
    • Social Engineering
  • Industries
      Critical Infrastructure
    • Energy
    • Communications
    • Transportation
    • Water
      • Compliance Driven
    • Credit Card Industry (PCI)
    • Education
    • Finance and Banking
    • GLBA Safeguards Rule
    • Government Agencies
    • Healthcare (HIPAA)
    • Manufacturing
    • SOC 2
      • Technology
    • Technology and Software Development
    • Blockchain and Cryptocurrency
    • Media and Entertainment
    • Social Media
  • Resources
      Company Information
    • About Raxis
    • Careers
    • Meet Our Team
    • Signup for Raxis News
      • Resources
    • The Exploit Blog
    • Become a Raxis Partner
    • Certifications
    • Raxis One
    • Transporter Remote Pentesting
      • About Ethical Hacking
    • An Inside Look at a Raxis Red Team
    • Red, Blue, and Purple Teams
    • Penetration Test Glossary
    • What is a Penetration Test?
    • What is Web Application Penetration Testing?
  • The Exploit Blog
  • About Us
Contact Raxis Login
Raxis
Contact RaxisIcon Link to Contact Raxis
  • Home
  • Services
      Core Services
    • Raxis Red Team
    • AI Augmented Penetration Testing
    • Penetration Testing as a Service (PTaaS)
    • Elite Cybersecurity Services
    • Raxis listed as a Sample Vendor for Penetration Testing as a Service in two Gartner® Hype Cycle™, 2024 reports
      • Penetration Testing
    • Penetration Testing Services
    • Web Application Penetration Testing
    • API Security
    • Salesforce Applications
    • Internal Networks, Cloud, and VPC
    • External Networks and Internet
    • Wireless Networks
    • Mobile Applications
      • CyberSecurity Services
    • Compliance: PCI, HIPAA, GLBA, and more
    • Attack Surface Management
    • Breach and Attack Simulation
    • Cybersecurity Code Review
    • Cybersecurity Red Team
    • Phishing and Spear Phishing
    • Social Engineering
  • Industries
      Critical Infrastructure
    • Energy
    • Communications
    • Transportation
    • Water
      • Compliance Driven
    • Credit Card Industry (PCI)
    • Education
    • Finance and Banking
    • GLBA Safeguards Rule
    • Government Agencies
    • Healthcare (HIPAA)
    • Manufacturing
    • SOC 2
      • Technology
    • Technology and Software Development
    • Blockchain and Cryptocurrency
    • Media and Entertainment
    • Social Media
  • Resources
      Company Information
    • About Raxis
    • Careers
    • Meet Our Team
    • Signup for Raxis News
      • Resources
    • The Exploit Blog
    • Become a Raxis Partner
    • Certifications
    • Raxis One
    • Transporter Remote Pentesting
      • About Ethical Hacking
    • An Inside Look at a Raxis Red Team
    • Red, Blue, and Purple Teams
    • Penetration Test Glossary
    • What is a Penetration Test?
    • What is Web Application Penetration Testing?
  • The Exploit Blog
  • About Us
  • Log4 Exploit Walkthrough
    Exploits | How To

    Log4j: How to Exploit and Test this Critical Vulnerability on Penetration Tests

    ByMark Puckett November 18, 2022June 16, 2025

    Raxis demonstrates how to obtain a remote shell on a target system during penetration tests using a Log4j open-source exploit available to all. (CVE-2021-44228)

    Read More Log4j: How to Exploit and Test this Critical Vulnerability on Penetration TestsContinue

  • OPENSSL v3.0.x: Critical Threat Alert
    Exploits

    RAXIS THREAT ALERT: VULNERABILITY IN OPENSSL v3.0.x

    ByBrad Herring October 31, 2022

    In the cyberworld, news of a critical vulnerability affecting OpenSSL versions 3.0 – 3.0.6 will likely be the scariest part of Halloween ’22.

    Read More RAXIS THREAT ALERT: VULNERABILITY IN OPENSSL v3.0.xContinue

  • CVE-2022-35739: PRTG Network Monitor Cascading Style Sheets (CSS) Injection
    Exploits

    CVE-2022-35739: PRTG Network Monitor Cascading Style Sheets (CSS) Injection

    ByRaxis Research Team October 21, 2022July 28, 2025

    This CSS vulnerability, discovered by Raxis’ Matt Mathur, lies in a device’s properties and how they are verified and displayed within PRTG Network Monitor.

    Read More CVE-2022-35739: PRTG Network Monitor Cascading Style Sheets (CSS) InjectionContinue

  • You See a Wireless Mouse. We see an easy way in.
    Security Recommendations

    What to Expect with a Raxis Wireless Penetration Test

    ByScottie Cole September 6, 2022

    Wireless attacks are typically low-risk, high-reward opportunities that don’t often require direct interaction. See more about a wireless penetration test.

    Read More What to Expect with a Raxis Wireless Penetration TestContinue

  • Starlink
    In The News

    5 Things You Should (and Shouldn’t) Take Away from the Starlink Hack

    ByScottie Cole August 16, 2022July 28, 2025

    The hack of SpaceX’s Starlink shouldn’t distract security pros from the terrestrial threats that are much more likely and far more common.

    Read More 5 Things You Should (and Shouldn’t) Take Away from the Starlink HackContinue

  • CVE-2022-26653 & CVE-2022-26777: ManageEngine Remote Access Plus Guest User Insecure Direct Object References
    Exploits

    CVE-2022-26653 & CVE-2022-26777: ManageEngine Remote Access Plus Guest User Insecure Direct Object References

    ByRaxis Research Team July 21, 2022July 28, 2025

    Raxis lead penetration tester Matt Dunn uncovers two more ManageEngine vulnerabilities (CVE-2022-26653 & CVE-2022-26777).

    Read More CVE-2022-26653 & CVE-2022-26777: ManageEngine Remote Access Plus Guest User Insecure Direct Object ReferencesContinue

  • CVE-2022-25373: ManageEngine Support Center Plus Stored Cross-Site Scripting (XSS)
    Exploits

    CVE-2022-25373: ManageEngine Support Center Plus Stored Cross-Site Scripting (XSS)

    ByRaxis Research Team July 6, 2022July 28, 2025

    Matt Dunn discovers another ManageEngine Cross-Site Scripting vulnerability, this one in the Support Center Plus application.

    Read More CVE-2022-25373: ManageEngine Support Center Plus Stored Cross-Site Scripting (XSS)Continue

  • Raxis Earns Five-Star Rating
    What People Are Saying

    Raxis Earns Five-Star Rating

    ByBrad Herring June 23, 2022July 28, 2025

    Five stars from Clutch? We got ‘em! Read the details about why our penetration testing and cybersecurity customers say we rock.

    Read More Raxis Earns Five-Star RatingContinue

  • Members of the Pensacola Catholic High School “Crubotics” team with their ROV.
    Raxis In The Community

    Raxis Supports Pensacola ROV Team

    ByRaxis Research Team June 16, 2022July 31, 2025

    Raxis is proud to sponsor the Pensacola Catholic High School “Crubotics” robotics team. Its members will compete in June 2022’s World Championships in Long Beach, California. The event is part the MATE ROV competioton

    Read More Raxis Supports Pensacola ROV TeamContinue

  • CVE-2022-25245: ManageEngine Asset Explorer Information Leakage
    Exploits

    CVE-2022-25245: ManageEngine Asset Explorer Information Leakage

    ByRaxis Research Team June 7, 2022September 5, 2025

    Raxis lead penetration tester Matt Dunn discovers an information leakage vulnerability in ManageEngine’s Asset Explorer CVE-2022-25245

    Read More CVE-2022-25245: ManageEngine Asset Explorer Information LeakageContinue

  • Exploiting Dirty Pipe (CVE-2022-0847)
    Exploits | How To

    Exploiting Dirty Pipe (CVE-2022-0847)

    ByAndrew Trexler May 26, 2022September 5, 2025

    The Dirty Pipe vulnerability (CVE-2022-0847) allows any user to write to read-only files, including files that are owned by root, allowing privilege escalation.

    Read More Exploiting Dirty Pipe (CVE-2022-0847)Continue

  • CVE-2022-24681: ManageEngine AD SelfService Plus Stored Cross-Site Scripting (XSS)
    Exploits

    CVE-2022-24681: ManageEngine AD SelfService Plus Stored Cross-Site Scripting (XSS)

    ByRaxis Research Team May 17, 2022July 28, 2025

    Raxis’ Matt Dunn continues his prolific discovery of new CSS CVEs. This one affects ManageEngine AD SelfService Plus Stored Cross-Site Scripting.

    Read More CVE-2022-24681: ManageEngine AD SelfService Plus Stored Cross-Site Scripting (XSS)Continue

Page navigation

1 2 3 Next PageNext

2870 Peachtree Road
Suite #915-8924
Atlanta, GA 30305 USA

Contact us online

About Raxis

  • About Raxis
  • Careers
  • Terms and Conditions
  • Privacy Policy
  • Partners, Apply Here

Resources

  • The Exploit
  • Transporter Remote Penetration Testing
  • Penetration Test Glossary
  • What is a Penetration Test?
Facebook X Instagram Linkedin YouTube