Skip to content
Raxis
  • Home
  • Services
      Red Team Penetration Testing
    • Red Team
    • Breach and Attack Simulation
    • Phishing and Spear Phishing
    • Physical Penetration Testing
      • Penetration Testing
    • Penetration Testing Services
    • Raxis Attack: PTaaS
    • Raxis Strike: Penetration Test
    • Web Application Penetration Testing
    • API Security
    • Salesforce Applications
    • Internal Networks, Cloud, and VPC
    • External Networks and Internet
    • Wireless Networks
    • Mobile Applications
      • Cybersecurity Services
    • Elite Cybersecurity Services
    • Attack Surface Management
    • Cybersecurity Code Review
  • Industries
      Critical Infrastructure
    • Energy
    • Communications
    • Transportation
    • Water
      • Compliance Driven
    • Credit Card Industry (PCI)
    • Healthcare (HIPAA, FDA)
    • SOC 2
    • Education
    • Finance and Banking
    • GLBA Safeguards Rule
    • Government Agencies
    • Manufacturing
      • Technology
    • Technology and Software Development
    • Blockchain and Cryptocurrency
    • Media and Entertainment
    • Social Media
  • Resources
      Company Information
    • About Raxis
    • Become a Raxis Partner
    • Careers
    • Certifications
    • Meet Our Team
    • Signup for Raxis News
      • Resources
    • The Exploit Blog
    • Raxis One
    • Red, Blue, and Purple Teams
    • Penetration Test Glossary
    • Transporter Remote Pentesting
    • What is a Penetration Test?
  • The Exploit Blog
  • About Us
Contact Raxis Login
Raxis
Contact RaxisIcon Link to Contact Raxis
  • Home
  • Services
      Red Team Penetration Testing
    • Red Team
    • Breach and Attack Simulation
    • Phishing and Spear Phishing
    • Physical Penetration Testing
      • Penetration Testing
    • Penetration Testing Services
    • Raxis Attack: PTaaS
    • Raxis Strike: Penetration Test
    • Web Application Penetration Testing
    • API Security
    • Salesforce Applications
    • Internal Networks, Cloud, and VPC
    • External Networks and Internet
    • Wireless Networks
    • Mobile Applications
      • Cybersecurity Services
    • Elite Cybersecurity Services
    • Attack Surface Management
    • Cybersecurity Code Review
  • Industries
      Critical Infrastructure
    • Energy
    • Communications
    • Transportation
    • Water
      • Compliance Driven
    • Credit Card Industry (PCI)
    • Healthcare (HIPAA, FDA)
    • SOC 2
    • Education
    • Finance and Banking
    • GLBA Safeguards Rule
    • Government Agencies
    • Manufacturing
      • Technology
    • Technology and Software Development
    • Blockchain and Cryptocurrency
    • Media and Entertainment
    • Social Media
  • Resources
      Company Information
    • About Raxis
    • Become a Raxis Partner
    • Careers
    • Certifications
    • Meet Our Team
    • Signup for Raxis News
      • Resources
    • The Exploit Blog
    • Raxis One
    • Red, Blue, and Purple Teams
    • Penetration Test Glossary
    • Transporter Remote Pentesting
    • What is a Penetration Test?
  • The Exploit Blog
  • About Us

Cybersecurity Insights From The Frontlines

  • AD Series: Resource Based Constrained Delegation (RBCD) Exploits
    Exploits | How To

    AD Series: Resource Based Constrained Delegation (RBCD) for Penetration Testing

    ByAndrew Trexler March 12, 2024June 16, 2025

    Exploit msDS-AllowedToActOnBehalfOfOtherIdentitity to gain administrative access in a Resource Based Constrained Delegation (RBCD) attack on penetration tests.

    Read More AD Series: Resource Based Constrained Delegation (RBCD) for Penetration TestingContinue

  • Raxis Red Team
    Exploits | Penetration Testing | Phishing | Red Team | Social Engineering

    An Inside Look at a Raxis Red Team

    ByBonnie Smyre February 28, 2024

    The Raxis Red Team Test is our top tier test that gives a true feel of what hackers could do. Curious to know more? Take a look at this short video.

    Read More An Inside Look at a Raxis Red TeamContinue

  • AD Series: Active Directory Certificate Services (ADCS) Exploits Using NTLMRelayx.py
    Exploits | How To

    AD Series: Active Directory Certificate Services (ADCS) Exploits Using NTLMRelayx.py for Penetration Tests

    ByAndrew Trexler January 23, 2024June 16, 2025

    Andrew Trexler ran into issues with certipy when testing on port 443 and found that NTLMRelayx.py worked better in for those ADCS Exploits on penetration tests.

    Read More AD Series: Active Directory Certificate Services (ADCS) Exploits Using NTLMRelayx.py for Penetration TestsContinue

  • Active Directory Certificate Services (ADCS) Misconfiguration Exploits
    Exploits | How To

    AD Series: Active Directory Certificate Services (ADCS) Misconfiguration Exploits for Penetration Tests

    ByAndrew Trexler August 10, 2023July 28, 2025

    Andrew Trexler adds to his AD series with a tutorial of Active Directory Certificate Services (ADCS) misconfiguration exploits for penetration tests.

    Read More AD Series: Active Directory Certificate Services (ADCS) Misconfiguration Exploits for Penetration TestsContinue

  • Broadcast Attacks - Responder
    Exploits | How To | Password Cracking

    AD Series: How to Perform Broadcast Attacks Using NTLMRelayx, MiTM6 and Responder for Penetration Tests

    ByAndrew Trexler June 19, 2023June 16, 2025

    Andrew Trexler continues his AD Series with an in-depth tutorial on broadcast Attacks using NTLMRelayx, MiTM6 and Responder for penetration tests.

    Read More AD Series: How to Perform Broadcast Attacks Using NTLMRelayx, MiTM6 and Responder for Penetration TestsContinue

  • How to Create an Active Directory Test Environment
    How To | Networks | Password Cracking | Penetration Testing

    How to Create an AD Test Environment to Use for Penetration Testing

    ByAndrew Trexler April 27, 2023June 16, 2025

    Andrew Trexler walks us through creating a simple AD test environment to test new hacks before trying them on a penetration test.

    Read More How to Create an AD Test Environment to Use for Penetration TestingContinue

  • Exploiting GraphQL
    Exploits | How To

    Exploiting GraphQL for Penetration Testing

    Bybjager March 28, 2023June 16, 2025

    Exploiting GraphQL, a query language inspired by the structure & functionality of online data storage & collaboration platforms Meta, Instagram & Google Sheets.

    Read More Exploiting GraphQL for Penetration TestingContinue

  • Log4 Exploit Walkthrough
    Exploits | How To

    Log4j: How to Exploit and Test this Critical Vulnerability on Penetration Tests

    ByMark Puckett November 18, 2022June 16, 2025

    Raxis demonstrates how to obtain a remote shell on a target system during penetration tests using a Log4j open-source exploit available to all. (CVE-2021-44228)

    Read More Log4j: How to Exploit and Test this Critical Vulnerability on Penetration TestsContinue

  • OPENSSL v3.0.x: Critical Threat Alert
    Exploits

    RAXIS THREAT ALERT: VULNERABILITY IN OPENSSL v3.0.x

    ByBrad Herring October 31, 2022

    In the cyberworld, news of a critical vulnerability affecting OpenSSL versions 3.0 – 3.0.6 will likely be the scariest part of Halloween ’22.

    Read More RAXIS THREAT ALERT: VULNERABILITY IN OPENSSL v3.0.xContinue

  • CVE-2022-35739: PRTG Network Monitor Cascading Style Sheets (CSS) Injection
    Exploits

    CVE-2022-35739: PRTG Network Monitor Cascading Style Sheets (CSS) Injection

    ByRaxis Research Team October 21, 2022July 28, 2025

    This CSS vulnerability, discovered by Raxis’ Matt Mathur, lies in a device’s properties and how they are verified and displayed within PRTG Network Monitor.

    Read More CVE-2022-35739: PRTG Network Monitor Cascading Style Sheets (CSS) InjectionContinue

  • CVE-2022-26653 & CVE-2022-26777: ManageEngine Remote Access Plus Guest User Insecure Direct Object References
    Exploits

    CVE-2022-26653 & CVE-2022-26777: ManageEngine Remote Access Plus Guest User Insecure Direct Object References

    ByRaxis Research Team July 21, 2022July 28, 2025

    Raxis lead penetration tester Matt Dunn uncovers two more ManageEngine vulnerabilities (CVE-2022-26653 & CVE-2022-26777).

    Read More CVE-2022-26653 & CVE-2022-26777: ManageEngine Remote Access Plus Guest User Insecure Direct Object ReferencesContinue

  • CVE-2022-25373: ManageEngine Support Center Plus Stored Cross-Site Scripting (XSS)
    Exploits

    CVE-2022-25373: ManageEngine Support Center Plus Stored Cross-Site Scripting (XSS)

    ByRaxis Research Team July 6, 2022July 28, 2025

    Matt Dunn discovers another ManageEngine Cross-Site Scripting vulnerability, this one in the Support Center Plus application.

    Read More CVE-2022-25373: ManageEngine Support Center Plus Stored Cross-Site Scripting (XSS)Continue

Page navigation

Previous PagePrevious 1 2 3 4 5 6 Next PageNext

2870 Peachtree Road
Suite #915-8924
Atlanta, GA 30305 USA

+1 678.421.4544

Contact us online for faster response

About Raxis

  • About Raxis
  • Careers
  • Terms and Conditions
  • Privacy Policy
  • Penetration Testing Partner Program

Resources

  • The Exploit Blog
  • Transporter Remote Penetration Testing
  • Penetration Test Glossary
  • What is a Penetration Test?
Facebook X Instagram Linkedin YouTube