Skip to content
Raxis

Raxis

  • About Raxis
  • AI Augmented Penetration Testing – Faster Insights | Raxis
  • AI vs. Human Penetration Testing
  • API Penetration Testing Services
  • Apply To Work At Raxis
Raxis
Raxis
  • Metasploit Module: Azure AD Login Scanner
    How To | Security Recommendations

    New Metasploit Module for Penetration Testing: Azure AD Login Scanner

    ByRaxis Research Team November 23, 2021June 16, 2025

    Raxis’ Matt Dunn has published another Metasploit module, this one describing a vulnerability in Azure’s Active Directory Seamless Single Sign-on. Learn more here.

    Read More New Metasploit Module for Penetration Testing: Azure AD Login ScannerContinue

  • Cross-Site Scripting: Filter Evasion & Sideloading Payloads
    Exploits | How To

    Cross-Site Scripting (XSS): Filter Evasion and Sideloading

    ByRaxis Research Team November 12, 2021June 3, 2025

    In this second in a series, learn how to perform Cross-Site Scripting (XSS) attacks such as filter evasion and sideloading content.

    Read More Cross-Site Scripting (XSS): Filter Evasion and SideloadingContinue

  • Introduction to Cross-Site Scripting
    How To | Security Recommendations

    Introduction to Cross-Site Scripting

    ByRaxis Research Team October 29, 2021

    This video covers the basics of cross-site scripting, including reflected, stored, and DOM-based XSS as well as remediation to protect against these attacks.

    Read More Introduction to Cross-Site ScriptingContinue

  • 2021 OWASP Top 10
    Exploits

    OWASP Top 10: Broken Access Control

    ByRaxis Research Team October 8, 2021

    In this blog post, Raxis lead penetration tester Mark Fabian discusses broken access control and why it’s the most prevalent issue among the OWASP Top 10.

    Read More OWASP Top 10: Broken Access ControlContinue

  • 2021 OWASP Top 10
    Exploits

    2021 OWASP Top 10 Focus: Injection Attacks for Penetration Testing

    ByRaxis Research Team September 24, 2021June 16, 2025

    The latest draft of the OWASP Top 10 has been released. Though injection is #3, Raxis’ Matt Dun explains why that doesn’t mean the threat is any less severe.

    Read More 2021 OWASP Top 10 Focus: Injection Attacks for Penetration TestingContinue

  • Nagios XI Stored Cross-Site Scripting (XSS): CVE-2021-38156
    Patching | Security Recommendations

    Nagios XI Stored Cross-Site Scripting (XSS): CVE-2021-38156

    ByRaxis Research Team September 17, 2021

    Nagios is open-source network and system monitoring software. Raxis’ Matt Dunn has discovered a cross-site scripting vulnerability that could leave users open to attack.

    Read More Nagios XI Stored Cross-Site Scripting (XSS): CVE-2021-38156Continue

  • Cookie Jar
    Security Recommendations

    Keep Your Cookies in the Cookie Jar: HttpOnly and Secure Flags

    ByRaxis Research Team September 3, 2021June 3, 2025

    How can cookies be used against you? And how do you keep that from happening? Raxis’ Matt Dunn explains.

    Read More Keep Your Cookies in the Cookie Jar: HttpOnly and Secure FlagsContinue

  • PRTG Network Monitor Stored Cross-Site Scripting Vulnerability (CVE-2021-29643)
    Patching | Security Recommendations

    PRTG Network Monitor Stored Cross-Site Scripting Vulnerability (CVE-2021-29643)

    ByRaxis Research Team August 20, 2021July 28, 2025

    Raxis lead penetration tester Matt Dunn uncovers a new vulnerability in the PRTG Network Monitor (CVE-2021-29643). Read more here.

    Read More PRTG Network Monitor Stored Cross-Site Scripting Vulnerability (CVE-2021-29643)Continue

  • Matt Dunn Mathur
    Meet Our Team

    Matt Mathur, Lead Penetration Tester

    ByRaxis Research Team August 6, 2021June 3, 2025

    Meet Raxis lead penetration tester Matt Mathur, a cybersecurity professional with a passion for learning and for giving back.

    Read More Matt Mathur, Lead Penetration TesterContinue

  • JavaScript Execution to Display User's Cookie in an Alert Box
    Security Recommendations

    ManageEngine Applications Manager Stored Cross-Site Scripting Vulnerability (CVE-2021-31813)

    ByRaxis Research Team June 25, 2021July 28, 2025

    Raxis’ Matt Dunn has discovered another ManangeEngine cross-site scripting (XSS) vulnerability, this time in the Applications Manager product (CVE-2021-31813).

    Read More ManageEngine Applications Manager Stored Cross-Site Scripting Vulnerability (CVE-2021-31813)Continue

  • Unescaped JavaScript Tags
    Exploits

    ManageEngine Key Manager Plus Cross-Site Scripting Vulnerability (CVE-2021-28382)

    ByRaxis Research Team June 11, 2021July 28, 2025

    Raxis’ Lead Penetration Tester Matt Dunn discovers another cross-site scripting vulnerability in Zoho’s MangeEngine Key Manager Plus (CVE-2021-28382).

    Read More ManageEngine Key Manager Plus Cross-Site Scripting Vulnerability (CVE-2021-28382)Continue

  • Cross-Site Scripting Vulnerability in ManageEngine AD Self Service Plus (CVE-2021-27956)
    Exploits

    Cross-Site Scripting Vulnerability in ManageEngine AD Self Service Plus (CVE-2021-27956)

    ByRaxis Research Team May 20, 2021July 26, 2025

    Raxis lead penetration tester Matt Dunn has uncovered a new cross-site scripting vulnerability in Manage Engine AD Self Service Plus (CVE-2021-27956). Find out more here.

    Read More Cross-Site Scripting Vulnerability in ManageEngine AD Self Service Plus (CVE-2021-27956)Continue

Page navigation

Previous PagePrevious 1 2 3 4 Next PageNext

2870 Peachtree Road
Suite #915-8924
Atlanta, GA 30305 USA

Contact us online

About Raxis

  • About Raxis
  • Careers
  • Terms and Conditions
  • Privacy Policy
  • Partners, Apply Here

Resources

  • The Exploit
  • Transporter Remote Pentest
  • Penetration Test Glossary
  • What is a Penetration Test?
Facebook X Instagram Linkedin YouTube
  • About Raxis
  • AI Augmented Penetration Testing – Faster Insights | Raxis
  • AI vs. Human Penetration Testing
  • API Penetration Testing Services
  • Apply To Work At Raxis