Raxis Blog Posts By Author

Andrew Trexler

Andrew graduated from the University of Pittsburgh with a degree in Information Science where he focused on networking and security. He continued his education by obtaining the Offensive Security Certified Professional (OSCP) and the eLearnSecurity Junior Penetration Tester (eJPT) certifications. When not participating in capture the flag events, Andrew works as a pyrotechnic operator setting up and shooting firework shows in the Pittsburgh area.
  • How AI Makes Phishing Easy & What to Watch For
    How AI Makes Phishing Easy & What to Watch For
    Principal Penetration Tester Andrew Trexler got curious how easy it might be to customize a phish to a specific website using AI. The answer? Very easy.
    Read More
  • AD Series: Using Evil-WinRM to Get NTDS Manually
    AD Series: Using Evil-WinRM to Get NTDS Manually in Penetration Tests
    Principal Penetration Tester Andrew Trexler’s Active Directory series is back, showing how to use Evil-WinRM to copy NTDS.dit manually in penetration tests.
    Read More
  • Cool Tools Series: Vim
    Cool Tools Series: How Vim POwers Penetration Testing
    Principal Penetration Tester, Andrew Trexler, dives into Vim, a powerful command line tool for text files, and shows useful commands for penetration testing.
    Read More
  • Cool Tools Series: Masscan
    Cool Tools Series: Masscan for Penetration Testing
    Continuing our Cool Tools Series, Lead Penetration Tester Andrew Trexler shows how to use masscan for discovery scanning on large networks in penetration tests.
    Read More
  • Cool Tools Series: Nuclei
    Cool Tools Series: Nuclei for Penetration Tests
    Raxis’ Andrew Trexler shows how useful Nuclei is for network and application penetration tests, discovering vulnerabilities such as default passwords and more.
    Read More
  • SQL Injection Attack
    SQLi Series: SQL Timing Attacks for Penetration Testing
    Andrew Trexler’s SQLi Series is back, demonstrating SQL Timing Attacks using MySQL’s sleep function in Blind SQL Injection attacks for penetration testing.
    Read More
  • SQL Injection
    SQLi Series: An Introduction to SQL Injection for Penetration Testing
    Raxis’ Andrew Trexler explains what SQL Injection (SQLi) is and how to perform a simple exploit against a web app login page in penetration tests.
    Read More
  • AD Series: Resource Based Constrained Delegation (RBCD) Exploits
    AD Series: Resource Based Constrained Delegation (RBCD) for Penetration Testing
    Exploit msDS-AllowedToActOnBehalfOfOtherIdentitity to gain administrative access in a Resource Based Constrained Delegation (RBCD) attack on penetration tests.
    Read More
  • AD Series: Active Directory Certificate Services (ADCS) Exploits Using NTLMRelayx.py
    AD Series: Active Directory Certificate Services (ADCS) Exploits Using NTLMRelayx.py for Penetration Tests
    Andrew Trexler ran into issues with certipy when testing on port 443 and found that NTLMRelayx.py worked better in for those ADCS Exploits on penetration tests.
    Read More
  • Active Directory Certificate Services (ADCS) Misconfiguration Exploits
    AD Series: Active Directory Certificate Services (ADCS) Misconfiguration Exploits for Penetration Tests
    Andrew Trexler adds to his Active Directory series with a tutorial of Active Directory Certificate Services (ADCS) misconfiguration exploits for penetration tests.
    Read More
  • Broadcast Attacks - Responder
    AD Series: How to Perform Broadcast Attacks Using NTLMRelayx, MiTM6 and Responder for Penetration Tests
    Andrew Trexler continues his AD Series with an in-depth tutorial on broadcast Attacks using NTLMRelayx, MiTM6 and Responder for penetration tests.
    Read More
  • How to Create an Active Directory Test Environment
    How to Create an AD Test Environment to Use for Penetration Testing
    Andrew Trexler walks us through creating a simple AD test environment to test new hacks before trying them on a penetration test.
    Read More

Raxis Attack

Continuous, expert-led PTaaS combined with advanced automation to uncover and address hidden vulnerabilities, ensuring your business stays ahead of evolving cyber threats while maintaining regulatory compliance.

Learn More

Raxis Protect

Continuous vulnerability scanning, real-time asset management, and expert guidance to proactively identify and address security gaps across your entire digital ecosystem, ensuring 24/7 protection against evolving cyber threats.

Learn More

Raxis Strike

Tailored, expert-led penetration testing that uncovers hidden vulnerabilities using real-world hacker techniques, providing actionable insights to strengthen your defenses and protect against sophisticated cyber threats.

Learn More

Partner With Raxis

Partnering with Raxis empowers your business with elite penetration testing services, competitive reseller pricing, and recurring revenue opportunities, all backed by a proven track record of excellence and a commitment to staying ahead of evolving cybersecurity threats.

Learn More