Andrew Trexler

Andrew graduated from the University of Pittsburgh with a degree in Information Science where he focused on networking and security. He continued his education by obtaining the Offensive Security Certified Professional (OSCP) and the eLearnSecurity Junior Penetration Tester (eJPT) certifications. When not participating in capture the flag events, Andrew works as a pyrotechnic operator setting up and shooting firework shows in the Pittsburgh area.

Andrew can be reached by contacting us.

Publicly Accessible Database Discovered Hosting 149 Million Credentials

By Andrew Trexler

Posted in In The News, Password Cracking, Security Recommendations

Andrew Trexler looks at a recently discovered public database of stolen usernames and passwords and what you can do now to protect your access and information.

Cool Tools Series: Kerbrute

By Andrew Trexler

Posted in Exploits, Networks, Penetration Testing, Red Team

Raxis Principal Penetration Tester Andrew Trexler walks through the many uses of Kerbrute from user enumeration to brute-forcing and password spraying.

Dev’s Fast Reporting of Phish Reduced Impact on Blockchain Malware Attacks

By Andrew Trexler

Posted in In The News, Phishing

A recent successful phish allowed attackers to run malware targeting cryptocurrency transactions on various blockchains, but fast reporting limited the damage.

How AI Makes Phishing Easy & What to Watch For

By Andrew Trexler

Posted in AI, Phishing, , Tips For Everyone

Principal Penetration Tester Andrew Trexler got curious how easy it might be to customize a phish to a specific website using AI. The answer? Very easy.

AD Series: Using Evil-WinRM to Get NTDS Manually in Penetration Tests

By Andrew Trexler

Posted in Exploits, How To

Principal Penetration Tester Andrew Trexler’s Active Directory series is back, showing how to use Evil-WinRM to copy NTDS.dit manually in penetration tests.

Cool Tools Series: How Vim Powers Penetration Testing

By Andrew Trexler

Posted in How To, Penetration Testing

Principal Penetration Tester, Andrew Trexler, dives into Vim, a powerful command line tool for text files, and shows useful commands for penetration testing.

Cool Tools Series: Masscan for Penetration Testing

By Andrew Trexler

Posted in How To, Penetration Testing

Continuing our Cool Tools Series, Lead Penetration Tester Andrew Trexler shows how to use masscan for discovery scanning on large networks in penetration tests.

Cool Tools Series: Nuclei for Penetration Tests

By Andrew Trexler

Posted in Exploits, How To, Networks, Penetration Testing

Raxis’ Andrew Trexler shows how useful Nuclei is for network and application penetration tests, discovering vulnerabilities such as default passwords and more.

SQLi Series: SQL Timing Attacks for Penetration Testing

By Andrew Trexler

Posted in Exploits, How To, Injection Attacks

Andrew Trexler’s SQLi Series is back, demonstrating SQL Timing Attacks using MySQL’s sleep function in Blind SQL Injection attacks for penetration testing.

SQLi Series: An Introduction to SQL Injection for Penetration Testing

By Andrew Trexler

Posted in Exploits, How To, Injection Attacks

Raxis’ Andrew Trexler explains what SQL Injection (SQLi) is and how to perform a simple exploit against a web app login page in penetration tests.

AD Series: Resource Based Constrained Delegation (RBCD) for Penetration Testing

By Andrew Trexler

Posted in Exploits, How To

Exploit msDS-AllowedToActOnBehalfOfOtherIdentitity to gain administrative access in a Resource Based Constrained Delegation (RBCD) attack on penetration tests.

Cybersecurity Insights From The Frontlines

Andrew Trexler

Publicly Accessible Database Discovered Hosting 149 Million Credentials

Cool Tools Series: Kerbrute

Dev’s Fast Reporting of Phish Reduced Impact on Blockchain Malware Attacks

AD Series: Using Evil-WinRM to Get NTDS Manually in Penetration Tests

Cool Tools Series: How Vim Powers Penetration Testing

Cool Tools Series: Masscan for Penetration Testing

Cool Tools Series: Nuclei for Penetration Tests

SQLi Series: SQL Timing Attacks for Penetration Testing

SQLi Series: An Introduction to SQL Injection for Penetration Testing

AD Series: Resource Based Constrained Delegation (RBCD) for Penetration Testing

About Raxis

Resources