SQL Injection Attack
SQLi Series: SQL Timing Attacks

Andrew Trexler is back with his SQLi Series, this time demonstrating SQL Timing Attacks using[…]

SQL Injection
SQLi Series: An Introduction to SQL Injection

In this first in a new series, Raxis’ Andrew Trexler explains what SQL Injection (SQLi)[…]

AD Series: Resource Based Constrained Delegation (RBCD) Exploits
AD Series: Resource Based Constrained Delegation (RBCD)

Learn to exploit msDS-AllowedToActOnBehalfOfOtherIdentitity to gain administrative access in a Resource Based Constrained Delegation (RBCD)

Raxis Red Team
An Inside Look at a Raxis Red Team

The Raxis Red Team Test is our top tier test that gives a true feel[…]

AD Series: Active Directory Certificate Services (ADCS) Exploits Using NTLMRelayx.py
AD Series: Active Directory Certificate Services (ADCS) Exploits Using NTLMRelayx.py

Raxis’ Andrew Trexler ran into some issues with certipy when testing on port 443 and[…]

Active Directory Certificate Services (ADCS) Misconfiguration Exploits
AD Series: Active Directory Certificate Services (ADCS) Misconfiguration Exploits

Raxis’ Andrew Trexler adds to his Active Directory series with a thorough tutorial of Active[…]

Broadcast Attacks - Responder
AD Series: How to Perform Broadcast Attacks Using NTLMRelayx, MiTM6 and Responder

Andrew Trexler continues his AD Series with an in-depth tutorial on broadcast Attacks using NTLMRelayx,[…]

How to Create an Active Directory Test Environment
How to Create an AD Test Environment

Andrew Trexler walks us through creating a simple AD test environment to test new hacks[…]

Exploiting GraphQL
Exploiting GraphQL

Exploiting GraphQL, a query language inspired by the structure & functionality of online data storage[…]

Log4 Exploit Walkthrough
Log4j: How to Exploit and Test this Critical Vulnerability

Raxis demonstrates how to obtain a remote shell on a target system using a Log4j[…]

OPENSSL v3.0.x: Critical Threat Alert
RAXIS THREAT ALERT: VULNERABILITY IN OPENSSL v3.0.x

In the cyberworld, news of a critical vulnerability affecting OpenSSL versions 3.0 – 3.0.6 will[…]

CVE-2022-35739: PRTG Network Monitor Cascading Style Sheets (CSS) Injection
CVE-2022-35739: PRTG Network Monitor Cascading Style Sheets (CSS) Injection

This CSS vulnerability, discovered by Raxis lead penetration tester Matt Mathur, lies in a device’s[…]