Ryan Chaplin

Ryan, OSCP, has performed penetration testing services for clients across a variety of industries from hospitals to non-profits to S&P 500 companies. He has been awarded for his work from numerous companies including NASA JPL. Prior to working in Offensive Security his work focused on the intersection of Software Development, Digital Marketing, and Security. He also enjoys playing basketball, reading, the arts, and watching way too much Netflix.

the exploit blog logo
The Exploit: Penetration Testing Insights From The Frontlines

The Exploit articles written by Ryan Chaplin

  • BeyondTrust RCE Vulnerability Exploited: Critical 9.9 CVSS Flaw Under Active Attack
    , , , ,

    BeyondTrust RCE Vulnerability Exploited: Critical 9.9 CVSS Flaw Under Active Attack

     By Ryan Chaplin While BeyondTrust patched cloud-hosted Remote Support customers earlier this month, on-premises deployments of BeyondTrust must manually patch to remediate. February 17, 2026
  • Bypassing a WAF and a CSP with Google Tag Manager: An Attacker’s Perspective and Remediation Advice
    , , ,

    Bypassing a WAF and a CSP with Google Tag Manager: An Attacker’s Perspective and Remediation Advice

     By Ryan Chaplin Ryan Chaplin takes an in-depth look at how attackers can use unsafe directives to bypass CSP, notably in Google Tag Manager, and how to remediate the issue. February 10, 2026
  • Autonomous Supply-Chain Worm Compromises Postman, PostHog, Zapier and 26k Others
    ,

    Autonomous Supply-Chain Worm Compromises Postman, PostHog, Zapier, and 26k Others

     By Ryan Chaplin Operating fully autonomously, this new supply-chain malware has compromised Postman, PostHog, Zapier and 26k others. Learn what your organization should do now. December 10, 2025
  • AI-Augmented Series: LLM-Aided Enumeration for Dormant WordPress Account Discovery

    AI-Augmented Series: LLM-Aided Enumeration for Dormant WordPress Account Discovery

     By Ryan Chaplin Ryan Chaplin leads off our Augmented-AI series with a scenario from a recent pentest using AI to write a script to discover an account to gain system access. November 12, 2025
  • Windows Kills Common Offline/Account-less Install Method
    ,

    Windows Kills Common Offline/Account-less Install Method

     By Ryan Chaplin Microsoft Windows recently announced the removal of local-only installs on Windows 11. Raxis’ Ryan Chaplin looks at concerns and possible options. October 17, 2025
  • Dangers of Storing Sensitive Data in Web Storage: 5 Real Attack Scenarios
    , , ,

    Dangers of Storing Sensitive Data in Web Storage: 5 Real Attack Scenarios

     By Ryan Chaplin Lead Penetration Tester Ryan Chaplin walks us through 5 real-world attack scenarios used in real-world penetration tests by Raxis. August 26, 2025