Exploits

Discover expert insights on the latest exploits, penetration testing tactics, and real-world vulnerabilities to strengthen your cybersecurity defenses.

Exploits

OWASP Top 10: Broken Access Control
ByRaxis Research Team October 8, 2021

In this blog post, Raxis lead penetration tester Mark Fabian discusses broken access control and why it’s the most prevalent issue among the OWASP Top 10.

Read More OWASP Top 10: Broken Access Control
Exploits

2021 OWASP Top 10 Focus: Injection Attacks for Penetration Testing
ByRaxis Research Team September 24, 2021June 16, 2025

The latest draft of the OWASP Top 10 has been released. Though injection is #3, Raxis’ Matt Dun explains why that doesn’t mean the threat is any less severe.

Read More 2021 OWASP Top 10 Focus: Injection Attacks for Penetration Testing
Exploits

ManageEngine Key Manager Plus Cross-Site Scripting Vulnerability (CVE-2021-28382)
ByRaxis Research Team June 11, 2021July 28, 2025

Raxis’ Lead Penetration Tester Matt Dunn discovers another cross-site scripting vulnerability in Zoho’s MangeEngine Key Manager Plus (CVE-2021-28382).

Read More ManageEngine Key Manager Plus Cross-Site Scripting Vulnerability (CVE-2021-28382)
Exploits

Cross-Site Scripting Vulnerability in ManageEngine AD Self Service Plus (CVE-2021-27956)
ByRaxis Research Team May 20, 2021July 26, 2025

Raxis lead penetration tester Matt Dunn has uncovered a new cross-site scripting vulnerability in Manage Engine AD Self Service Plus (CVE-2021-27956). Find out more here.

Read More Cross-Site Scripting Vulnerability in ManageEngine AD Self Service Plus (CVE-2021-27956)
Exploits | How To

LDAP Passback and Why We Harp on Passwords
ByRaxis Research Team April 30, 2021June 6, 2025

LDAP passback exploits are easy when companies fail to change default passwords on network devices or fail to assign a password at all. If you connect it, you must protect it.

Read More LDAP Passback and Why We Harp on Passwords
Exploits | How To

New Metasploit Module: Microsoft Remote Desktop Web Access Authentication Timing Attack
ByRaxis Research Team February 25, 2021July 28, 2025

Raxis team member Matt Dunn has uncovered a vulnerability in Microsoft’s Remote Desktop Web Access application (RD Web Access). Learn more in this blog article.

Read More New Metasploit Module: Microsoft Remote Desktop Web Access Authentication Timing Attack
Exploits | How To | Security Recommendations

How to Pull Off a Mousejacking Attack
ByRaxis Research Team February 5, 2021July 28, 2025

Raxis’ penetration testing team demonstrates how to conduct a mousejacking attack to gain access as part of a penetration test.

Read More How to Pull Off a Mousejacking Attack
Exploits

Imminent Threat for US Hospitals and Clinics, RYUK Ransomware Alert (AA20-302A) – Updated 11/2/2020
ByBrian Tant October 29, 2020August 22, 2025

A new nationwide cyberattack appears to be targeted at U.S. based hospitals, clinics, and other health care facilities. Healthcare on heightened alert.

Read More Imminent Threat for US Hospitals and Clinics, RYUK Ransomware Alert (AA20-302A) – Updated 11/2/2020
Exploits

Why Tailgating is an Effective Hacker Tactic
ByBonnie Smyre October 9, 2020July 28, 2025

We’re conditioned to be helpful and accommodating. That’s why tailgating works so well for hackers. The Raxis penetration testing team shows how.

Read More Why Tailgating is an Effective Hacker Tactic
Exploits | How To | Security Recommendations

AttackTek: How to Launch a Broadcast Resolution Poisoning and SMB Relay Attack
ByRaxis Research Team September 25, 2020July 28, 2025

Learn an easy, effective way to test corporate networks with broadcast poisoning and SMB relay attacks used in tandem from the Raxis penetration testing team.

Read More AttackTek: How to Launch a Broadcast Resolution Poisoning and SMB Relay Attack
Password Cracking | Security Recommendations

Understanding the Why Behind Password Management
ByBonnie Smyre July 10, 2020

In this video, Raxis CTO Brian Tant explains why password mismanagement is still one of the most reliable ways to breach a company network and what you can do to secure your network.

Read More Understanding the Why Behind Password Management
Password Cracking | Patching | Security Recommendations | Social Engineering

3 Steps You Should Take Right Now to Reduce Your Risk of a Cyberattack
ByBrian Tant June 22, 2020July 28, 2025

In this video, Raxis CTO Brian Tant talks about three steps you should take to secure your network against hackers.

Read More 3 Steps You Should Take Right Now to Reduce Your Risk of a Cyberattack

Exploits

OWASP Top 10: Broken Access Control

2021 OWASP Top 10 Focus: Injection Attacks for Penetration Testing

ManageEngine Key Manager Plus Cross-Site Scripting Vulnerability (CVE-2021-28382)

Cross-Site Scripting Vulnerability in ManageEngine AD Self Service Plus (CVE-2021-27956)

LDAP Passback and Why We Harp on Passwords

New Metasploit Module: Microsoft Remote Desktop Web Access Authentication Timing Attack

How to Pull Off a Mousejacking Attack

Imminent Threat for US Hospitals and Clinics, RYUK Ransomware Alert (AA20-302A) – Updated 11/2/2020

AttackTek: How to Launch a Broadcast Resolution Poisoning and SMB Relay Attack

Understanding the Why Behind Password Management

About Raxis

Resources