The Exploit

Notes from the Front Lines of Penetration Testing

Category: Exploits

Discover expert insights on the latest exploits, penetration testing tactics, and real-world vulnerabilities to strengthen your cybersecurity defenses.
  • Cool Tools Series: Nuclei
    Cool Tools Series: Nuclei for Penetration Tests

    By

    Andrew Trexler
    Raxis’ Andrew Trexler shows how useful Nuclei is for network and application penetration tests, discovering vulnerabilities such as default passwords and more.
    Read More
  • Password Length: More than Just a Question of Compliance
    Password Length: More than Just a Question of Compliance

    By

    Brian Tant
    Password length requirements are a key part of password security, but, with PCI, NIST, OWASP, and CIS offering different recommendations, what length is best?
    Read More
  • SQL Injection Attack
    SQLi Series: SQL Timing Attacks for Penetration Testing

    By

    Andrew Trexler
    Andrew Trexler’s SQLi Series is back, demonstrating SQL Timing Attacks using MySQL’s sleep function in Blind SQL Injection attacks for penetration testing.
    Read More
  • SQL Injection
    SQLi Series: An Introduction to SQL Injection for Penetration Testing

    By

    Andrew Trexler
    Raxis’ Andrew Trexler explains what SQL Injection (SQLi) is and how to perform a simple exploit against a web app login page in penetration tests.
    Read More
  • AD Series: Resource Based Constrained Delegation (RBCD) Exploits
    AD Series: Resource Based Constrained Delegation (RBCD) for Penetration Testing

    By

    Andrew Trexler
    Exploit msDS-AllowedToActOnBehalfOfOtherIdentitity to gain administrative access in a Resource Based Constrained Delegation (RBCD) attack on penetration tests.
    Read More
  • Raxis Red Team
    An Inside Look at a Raxis Red Team

    By

    Bonnie Smyre
    The Raxis Red Team Test is our top tier test that gives a true feel of what hackers could do. Curious to know more? Take a look at this short video.
    Read More
  • AD Series: Active Directory Certificate Services (ADCS) Exploits Using NTLMRelayx.py
    AD Series: Active Directory Certificate Services (ADCS) Exploits Using NTLMRelayx.py for Penetration Tests

    By

    Andrew Trexler
    Andrew Trexler ran into issues with certipy when testing on port 443 and found that NTLMRelayx.py worked better in for those ADCS Exploits on penetration tests.
    Read More
  • Active Directory Certificate Services (ADCS) Misconfiguration Exploits
    AD Series: Active Directory Certificate Services (ADCS) Misconfiguration Exploits for Penetration Tests

    By

    Andrew Trexler
    Andrew Trexler adds to his AD series with a tutorial of Active Directory Certificate Services (ADCS) misconfiguration exploits for penetration tests.
    Read More
  • Broadcast Attacks - Responder
    AD Series: How to Perform Broadcast Attacks Using NTLMRelayx, MiTM6 and Responder for Penetration Tests

    By

    Andrew Trexler
    Andrew Trexler continues his AD Series with an in-depth tutorial on broadcast Attacks using NTLMRelayx, MiTM6 and Responder for penetration tests.
    Read More
  • How to Create an Active Directory Test Environment
    How to Create an AD Test Environment to Use for Penetration Testing

    By

    Andrew Trexler
    Andrew Trexler walks us through creating a simple AD test environment to test new hacks before trying them on a penetration test.
    Read More
  • Exploiting GraphQL
    Exploiting GraphQL for Penetration Testing

    By

    bjager
    Exploiting GraphQL, a query language inspired by the structure & functionality of online data storage & collaboration platforms Meta, Instagram & Google Sheets.
    Read More
  • Log4 Exploit Walkthrough
    Log4j: How to Exploit and Test this Critical Vulnerability on Penetration Tests

    By

    Mark Puckett
    Raxis demonstrates how to obtain a remote shell on a target system during penetration tests using a Log4j open-source exploit available to all. (CVE-2021-44228)
    Read More