Category: Exploits
-
AD Series: Active Directory Certificate Services (ADCS) Misconfiguration Exploits
Raxis lead penetration tester Andrew Trexler walks us through several attacks on misconfigured Active Directory Certificate Services (ADCS) using Certipy.
-
AD Series: How to Perform Broadcast Attacks Using NTLMRelayx, MiTM6 and Responder
Raxis lead penetration tester Andrew Trexler walks us through several broadcast attacks using NTLMRelayx, MiTM6, and Responder.
-
How to Create an AD Test Environment
This post will show you how to setup a simple Active Directory (AD) test environment. Further posts in the series will show how to use this environment to test hacking exploits.
-
Exploiting GraphQL
This post will show you how to take advantage of some weak spots in GraphQL.
-
Log4j: How to Exploit and Test this Critical Vulnerability
In this article, Raxis’ CEO Mark Puckett describes how penetration testers and ethical hackers can exploit the dangerous new Log4J vulnerability (CVE 2021-44228)
-
RAXIS THREAT ALERT: VULNERABILITY IN OPENSSL v3.0.x
In the cyberworld, news of a critical vulnerability affecting OpenSSL versions 3.0 – 3.0.6 will likely be the scariest part of Halloween ’22.
-
CVE-2022-35739: PRTG Network Monitor Cascading Style Sheets (CSS) Injection
This CSS vulnerability, discovered by Raxis lead penetration tester Matt Mathur, lies in a device’s properties and how they are verified and displayed within PRTG Network Monitor.
-
CVE-2022-26653 & CVE-2022-26777: ManageEngine Remote Access Plus Guest User Insecure Direct Object References
Raxis lead penetration tester Matt Dunn uncovers two more ManageEngine vulnerabilities (CVE-2022-26653 & CVE-2022-26777).
-
CVE-2022-25373: ManageEngine Support Center Plus Stored Cross-Site Scripting (XSS)
Matt Dunn discovers another ManageEngine vulnerability, this one in the Support Center Plus application.
-
CVE-2022-25245: ManageEngine Asset Explorer Information Leakage
Raxis lead penetration tester Matt Dunn discovers an information leakage vulnerability in ManageEngine’s Asset Explorer CVE-2022-25245