The Exploit

Notes from the Front Lines of Penetration Testing

Category: Exploits

Discover expert insights on the latest exploits, penetration testing tactics, and real-world vulnerabilities to strengthen your cybersecurity defenses.
  • Cool Tools Series: Kerbrute
    Cool Tools Series: Kerbrute

    By

    Andrew Trexler
    Raxis Principal Penetration Tester Andrew Trexler walks through the many uses of Kerbrute from user enumeration to brute-forcing and password spraying.
    Read More
  • Lateral Movement: From Beachhead to Breach
    Lateral Movement: From Beachhead to Breach

    By

    Nate Jernigan
    Raxis Senior Penetration Tester Nate Jernigan discusses lateral movement in penetration testing and the methods and tools he uses when performing these attacks.
    Read More
  • Dangers of Storing Sensitive Data in Web Storage: 5 Real Attack Scenarios
    Dangers of Storing Sensitive Data in Web Storage: 5 Real Attack Scenarios

    By

    Ryan Chaplin
    Lead Penetration Tester Ryan Chaplin walks us through 5 real-world attack scenarios used in real-world penetration tests by Raxis.
    Read More
  • Raspberry Pi
    Raspberry Pi Planted in Failed ATM Heist

    By

    Brian Tant
    Raxis Chief Penetration Tester Brian Tant discusses the Raspberry Pi used in a recent ATM heist and how Raxis uses the same type of device in our pentesting.
    Read More
  • Microsoft Releases Security Patch for Actively Exploited On-Premises SharePoint Vulnerabilities
    Microsoft Releases Security Patch for Actively Exploited On-Premises SharePoint Vulnerabilities

    By

    Jason Taylor
    Microsoft has released patches for two critical vulnerabilities allowing unauthenticated remote code execution that affect on-premises SharePoint installations.
    Read More
  • OWASP Top 10 for LLM Applications
    OWASP Top 10 for LLM Applications Penetration Testing

    By

    Jason Taylor
    Lead Penetration Tester Jason Taylor looks at OWASP’s Top 10 list for LLM applications for penetration testing as AI machine learning becomes prevalent.
    Read More
  • Wireless Series: Using Wifite to Capture and Crack a WPA2 Pre-Shared Key
    Wireless Series: Using Wifite to Capture and Crack a WPA2 Pre-Shared Key for Penetration Testing

    By

    Scottie Cole
    Principal Penetration Tester Scottie Cole begins our wireless penetration testing series with capturing and cracking a WPA2 Pre-Shared Key using Wifite.
    Read More
  • Jailbreak Journey: Transforming an iPad for Mobile App Penetration Testing
    Jailbreak Journey: Transforming an iPad for Mobile App Penetration Testing

    By

    Jason Taylor
    Lead Penetration Tester Jason Taylor takes us step-by-step through jailbreaking an iPad 7 for use in penetration testing.
    Read More
  • Cisco Releases Patch for CVE-2025-20188 - 10.0 CVSS
    Cisco Releases Patch for CVE-2025-20188 – 10.0 CVSS

    By

    Scottie Cole
    Critical Alert – Patch Immediately. Cisco Releases Patch for CVE-2025-20188 – 10.0 CVSS. This vulnerability affects Cisco Catalyst 9800 wireless controllers.
    Read More
  • Cool Tools Series: CeWL
    Cool Tools Series: CeWL for Penetration Testing

    By

    Jason Taylor
    Lead Penetration Tester Jason Taylor discusses how the CeWL Custom Word List generator can improve hashcat results for penetration testing.
    Read More
  • AD Series: Using Evil-WinRM to Get NTDS Manually
    AD Series: Using Evil-WinRM to Get NTDS Manually in Penetration Tests

    By

    Andrew Trexler
    Principal Penetration Tester Andrew Trexler’s Active Directory series is back, showing how to use Evil-WinRM to copy NTDS.dit manually in penetration tests.
    Read More
  • Password Series: 8 Practical First Steps to Crack Difficult Passwords
    Password Series: 8 Practical First Steps to Crack Difficult Passwords in Penetration Tests

    By

    Ryan Chaplin
    From rulesets & hardware to wordlists and mask attacks, Lead Penetration Tester Ryan Chaplin shows how to crack difficult password hashes in penetration tests.
    Read More