Exploits

Discover expert insights on the latest exploits, penetration testing tactics, and real-world vulnerabilities to strengthen your cybersecurity defenses.

the exploit blog logo
The Exploit: Penetration Testing Insights From The Frontlines

Articles Categorized as Exploits

  • BYOVD Attacks and EDR Evasion: Why Your Endpoint Security May Not Be Enough
    BYOVD Attacks and EDR Evasion: Why Your Endpoint Security May Not Be Enough
    With Reynolds Ransomware in the wild, Brian Tant dives into BYOVD attacks, how they evade enterprise defense like EDRs, and what your organization can do.
    Read More
  • The Hidden Risks in Your Password: What You Type Matters More Than You Think
    The Hidden Risks in Your Password: What You Type Matters More Than You Think
    Raxis has discovered and cracked our fair share of password hashes. Some that we have discovered may surprise you… and their bosses. Learn what not to do.
    Read More
  • AI-Augmented Series: AI Scripting for Brute-Forcing on a Web App Pentest
    AI-Augmented Series: AI Scripting for Brute-Forcing on a Web App Pentest
    On a recent web app pentest, Andrew Trexler used AI to find client-side code that stopped his brute-force attack then used AI again to thwart that code.
    Read More
  • Wireless Series: Aircrack-ng
    Wireless Series: The Aircrack-ng Suite for All Your Wireless Pentesting Needs
    Principal Penetration Tester Scottie Cole continues our wireless series with the Aircrack-ng Suite, a set of tools for wireless pentest discovery and exploits.
    Read More
  • Reynolds Ransomware BYOVD Eludes EDR Tools
    Reynolds Ransomware BYOVD Eludes EDR Tools
    Reynolds poses a new type of threat by including a Bring Your Own Vulnerable Driver (BYOVD) in the ransomware bundle, making it harder for EDR tools to catch.
    Read More
  • BeyondTrust RCE Vulnerability Exploited: Critical 9.9 CVSS Flaw Under Active Attack
    BeyondTrust RCE Vulnerability Exploited: Critical 9.9 CVSS Flaw Under Active Attack
    While BeyondTrust patched cloud-hosted Remote Support customers earlier this month, on-premises deployments of BeyondTrust must manually patch to remediate.
    Read More