Raxis Research Team

The Raxis Research Team is dedicated to staying ahead of the threat landscape. Our experts dig into emerging exploits, uncover hidden vulnerabilities, and develop resources that power our penetration testing engagements. By combining curiosity with technical precision, the team equips Raxis testers with cutting-edge intelligence to simulate real-world attacks and strengthen client defenses.

The author can be reached by contacting us.

The Role of AI in Penetration Testing

By Bonnie Smyre

Posted in AI, Penetration Testing, PTaaS, Security Recommendations

Bonnie Smyre shows how Raxis’ AI-augmented pentesting gives their expert pentesters more time for complex chained attacks and discovery of business-logic flaws.

Raxis Chief Penetration Testing Officer Brian Tant Featured on WSB-TV Atlanta

By Mark Puckett

Posted in In The News, Raxis In The Community, Security Recommendations, Tips For Everyone

When WSB-TV Atlanta reached out to for help warning about a scam targeting Atlanta residents in DeKalb County, Raxis CPTO Brian Tant jumped to help.

OWASP Top 10 for 2025: What’s New in Web Application Security

By Raxis Research Team

Posted in In The News, Web Apps

The OWASP Top 10 2025 for web applications release candidate was released last week. Take a look at which categories have moved as well as one new category.

Wireless Encryption: WPA3 and the Gotchas Every Company Should Know About

By Brian Tant

Posted in Penetration Testing, Security Recommendations, Wireless

Brian Tant takes a look at WPA3. While offering much deeper security than WPA2, it is still vulnerable to transition Mode and side-channel attacks.

AI-Augmented Series: LLM-Aided Enumeration for Dormant WordPress Account Discovery

By Ryan Chaplin

Posted in AI

Ryan Chaplin leads off our Augmented-AI series with a scenario from a recent pentest using AI to write a script to discover an account to gain system access.

The @ctrl/tinycolor NPM Attack: The Brutal Anatomy of a Cascading Supply Chain Breach

By Brian Tant

Posted in AI, In The News

Over 40 major packages were exploited in this malware campaign. Learn what happened and what your organization should do if you have been affected.

Why We Don’t Change Risk Ratings on Pentest Findings (Even When You Ask Nicely)

By Tim Semchenko

Posted in Penetration Testing, Security Recommendations

Raxis’ Tim Semchenko explains why we can’t lower risk ratings for your penetration test findings just because you ask and why that’s a good thing.

PSE & Red Team Series: Badge Cloning

By Nathan Anderson

Posted in How To, Red Team,

Lead Penetration Tester Nathan Anderson is back with more PSE and red team advice, this time looking into three tools he uses to clone badges and gain access.

Windows Kills Common Offline/Account-less Install Method

By Ryan Chaplin

Posted in In The News, Networks

Microsoft Windows recently announced the removal of local-only installs on Windows 11. Raxis’ Ryan Chaplin looks at concerns and possible options.

Salesforce Compromise: What You Need to Know

By Jason Taylor

Posted in Exploits, In The News, Phishing, Security Recommendations

The FBI has released information to help organizations that are affected by recent attacks against Salesforce. Raxis’ Jason Taylor sums up next steps here.

SpamGPT: Protecting Your Company From Large-Scale Phishing

By Nathan Anderson

Posted in In The News, Phishing,

SpamGPT, a complex phishing and social engineering suite has made the news recently. Learn what it is and how organizations can protect their employees.

Raxis Cybersecurity Insights From The Frontlines