Exploits - Raxis

Category: Exploits

Andrew Trexler

posted on

August 10, 2023

Blog, Exploits, How To

AD Series: Active Directory Certificate Services (ADCS) Misconfiguration Exploits

Raxis lead penetration tester Andrew Trexler walks us through several attacks on misconfigured Active Directory Certificate Services (ADCS) using Certipy.
Continue Reading
Andrew Trexler

posted on

June 19, 2023

Blog, Exploits, How To, Password Cracking

AD Series: How to Perform Broadcast Attacks Using NTLMRelayx, MiTM6 and Responder

Raxis lead penetration tester Andrew Trexler walks us through several broadcast attacks using NTLMRelayx, MiTM6, and Responder.
Continue Reading
Andrew Trexler

posted on

April 27, 2023

How To, Networks, Password Cracking, Penetration Testing

How to Create an AD Test Environment

This post will show you how to setup a simple Active Directory (AD) test environment. Further posts in the series will show how to use this environment to test hacking exploits.
Continue Reading
Brice Jager

posted on

March 28, 2023

Exploits, How To

Exploiting GraphQL

This post will show you how to take advantage of some weak spots in GraphQL.
Continue Reading
Mark Puckett

posted on

November 18, 2022

Exploits, How To

Log4j: How to Exploit and Test this Critical Vulnerability

In this article, Raxis’ CEO Mark Puckett describes how penetration testers and ethical hackers can exploit the dangerous new Log4J vulnerability (CVE 2021-44228)
Continue Reading
Brad Herring

posted on

October 31, 2022

Exploits

RAXIS THREAT ALERT: VULNERABILITY IN OPENSSL v3.0.x

In the cyberworld, news of a critical vulnerability affecting OpenSSL versions 3.0 – 3.0.6 will likely be the scariest part of Halloween ’22.
Continue Reading
admin

posted on

October 21, 2022

Exploits

CVE-2022-35739: PRTG Network Monitor Cascading Style Sheets (CSS) Injection

This CSS vulnerability, discovered by Raxis lead penetration tester Matt Mathur, lies in a device’s properties and how they are verified and displayed within PRTG Network Monitor.
Continue Reading
admin

posted on

July 21, 2022

Exploits

CVE-2022-26653 & CVE-2022-26777: ManageEngine Remote Access Plus Guest User Insecure Direct Object References

Raxis lead penetration tester Matt Dunn uncovers two more ManageEngine vulnerabilities (CVE-2022-26653 & CVE-2022-26777).
Continue Reading
admin

posted on

July 6, 2022

Exploits

CVE-2022-25373: ManageEngine Support Center Plus Stored Cross-Site Scripting (XSS)

Matt Dunn discovers another ManageEngine vulnerability, this one in the Support Center Plus application.
Continue Reading
admin

posted on

June 7, 2022

Exploits

CVE-2022-25245: ManageEngine Asset Explorer Information Leakage

Raxis lead penetration tester Matt Dunn discovers an information leakage vulnerability in ManageEngine’s Asset Explorer CVE-2022-25245
Continue Reading