Skip to content
Raxis
  • Home
  • Services
      Core Services
    • Raxis Red Team
    • AI Augmented Penetration Testing
    • Penetration Testing as a Service (PTaaS)
    • Elite Cybersecurity Services
    • Raxis listed as a Sample Vendor for Penetration Testing as a Service in two Gartner® Hype Cycle™, 2024 reports
      • Penetration Testing
    • Penetration Testing Services
    • Web Application Penetration Testing
    • API Security
    • Salesforce Applications
    • Internal Networks, Cloud, and VPC
    • External Networks and Internet
    • Wireless Networks
    • Mobile Applications
      • CyberSecurity Services
    • Compliance: PCI, HIPAA, GLBA, and more
    • Attack Surface Management
    • Breach and Attack Simulation
    • Cybersecurity Code Review
    • Cybersecurity Red Team
    • Phishing and Spear Phishing
    • Social Engineering
  • Industries
      Critical Infrastructure
    • Energy
    • Communications
    • Transportation
    • Water
      • Compliance Driven
    • Credit Card Industry (PCI)
    • Education
    • Finance and Banking
    • GLBA Safeguards Rule
    • Government Agencies
    • Healthcare (HIPAA)
    • Manufacturing
    • SOC 2
      • Technology
    • Technology and Software Development
    • Blockchain and Cryptocurrency
    • Media and Entertainment
    • Social Media
  • Resources
      Company Information
    • About Raxis
    • Careers
    • Meet Our Team
    • Signup for Raxis News
      • Resources
    • The Exploit Blog
    • Become a Raxis Partner
    • Certifications
    • Raxis One
    • Transporter Remote Pentesting
      • About Ethical Hacking
    • An Inside Look at a Raxis Red Team
    • Red, Blue, and Purple Teams
    • Penetration Test Glossary
    • What is a Penetration Test?
    • What is Web Application Penetration Testing?
  • The Exploit Blog
  • About Us
Contact Raxis Login
Raxis
Contact RaxisIcon Link to Contact Raxis
  • Home
  • Services
      Core Services
    • Raxis Red Team
    • AI Augmented Penetration Testing
    • Penetration Testing as a Service (PTaaS)
    • Elite Cybersecurity Services
    • Raxis listed as a Sample Vendor for Penetration Testing as a Service in two Gartner® Hype Cycle™, 2024 reports
      • Penetration Testing
    • Penetration Testing Services
    • Web Application Penetration Testing
    • API Security
    • Salesforce Applications
    • Internal Networks, Cloud, and VPC
    • External Networks and Internet
    • Wireless Networks
    • Mobile Applications
      • CyberSecurity Services
    • Compliance: PCI, HIPAA, GLBA, and more
    • Attack Surface Management
    • Breach and Attack Simulation
    • Cybersecurity Code Review
    • Cybersecurity Red Team
    • Phishing and Spear Phishing
    • Social Engineering
  • Industries
      Critical Infrastructure
    • Energy
    • Communications
    • Transportation
    • Water
      • Compliance Driven
    • Credit Card Industry (PCI)
    • Education
    • Finance and Banking
    • GLBA Safeguards Rule
    • Government Agencies
    • Healthcare (HIPAA)
    • Manufacturing
    • SOC 2
      • Technology
    • Technology and Software Development
    • Blockchain and Cryptocurrency
    • Media and Entertainment
    • Social Media
  • Resources
      Company Information
    • About Raxis
    • Careers
    • Meet Our Team
    • Signup for Raxis News
      • Resources
    • The Exploit Blog
    • Become a Raxis Partner
    • Certifications
    • Raxis One
    • Transporter Remote Pentesting
      • About Ethical Hacking
    • An Inside Look at a Raxis Red Team
    • Red, Blue, and Purple Teams
    • Penetration Test Glossary
    • What is a Penetration Test?
    • What is Web Application Penetration Testing?
  • The Exploit Blog
  • About Us
The Exploit Blog

Raxis Cybersecurity Insights From The Frontlines

  • 2021 OWASP Top 10
    Exploits

    OWASP Top 10: Broken Access Control

    ByRaxis Research Team October 8, 2021

    In this blog post, Raxis lead penetration tester Mark Fabian discusses broken access control and why it’s the most prevalent issue among the OWASP Top 10.

    Read More OWASP Top 10: Broken Access ControlContinue

  • 2021 OWASP Top 10
    Exploits

    2021 OWASP Top 10 Focus: Injection Attacks for Penetration Testing

    ByRaxis Research Team September 24, 2021June 16, 2025

    The latest draft of the OWASP Top 10 has been released. Though injection is #3, Raxis’ Matt Dun explains why that doesn’t mean the threat is any less severe.

    Read More 2021 OWASP Top 10 Focus: Injection Attacks for Penetration TestingContinue

  • Unescaped JavaScript Tags
    Exploits

    ManageEngine Key Manager Plus Cross-Site Scripting Vulnerability (CVE-2021-28382)

    ByRaxis Research Team June 11, 2021July 28, 2025

    Raxis’ Lead Penetration Tester Matt Dunn discovers another cross-site scripting vulnerability in Zoho’s MangeEngine Key Manager Plus (CVE-2021-28382).

    Read More ManageEngine Key Manager Plus Cross-Site Scripting Vulnerability (CVE-2021-28382)Continue

  • Cross-Site Scripting Vulnerability in ManageEngine AD Self Service Plus (CVE-2021-27956)
    Exploits

    Cross-Site Scripting Vulnerability in ManageEngine AD Self Service Plus (CVE-2021-27956)

    ByRaxis Research Team May 20, 2021July 26, 2025

    Raxis lead penetration tester Matt Dunn has uncovered a new cross-site scripting vulnerability in Manage Engine AD Self Service Plus (CVE-2021-27956). Find out more here.

    Read More Cross-Site Scripting Vulnerability in ManageEngine AD Self Service Plus (CVE-2021-27956)Continue

  • LDAP Passback
    Exploits | How To

    LDAP Passback and Why We Harp on Passwords

    ByRaxis Research Team April 30, 2021June 6, 2025

    LDAP passback exploits are easy when companies fail to change default passwords on network devices or fail to assign a password at all. If you connect it, you must protect it.

    Read More LDAP Passback and Why We Harp on PasswordsContinue

  • The rdp_web_login Metasploit Module in Use
    Exploits | How To

    New Metasploit Module: Microsoft Remote Desktop Web Access Authentication Timing Attack

    ByRaxis Research Team February 25, 2021July 28, 2025

    Raxis team member Matt Dunn has uncovered a vulnerability in Microsoft’s Remote Desktop Web Access application (RD Web Access). Learn more in this blog article.

    Read More New Metasploit Module: Microsoft Remote Desktop Web Access Authentication Timing AttackContinue

  • How to Pull Off a Mousejacking Attack
    Exploits | How To | Security Recommendations

    How to Pull Off a Mousejacking Attack

    ByRaxis Research Team February 5, 2021July 28, 2025

    Raxis’ penetration testing team demonstrates how to conduct a mousejacking attack to gain access as part of a penetration test.

    Read More How to Pull Off a Mousejacking AttackContinue

  • Smart phone with security alert
    Exploits

    Imminent Threat for US Hospitals and Clinics, RYUK Ransomware Alert (AA20-302A) – Updated 11/2/2020

    ByBrian Tant October 29, 2020August 22, 2025

    A new nationwide cyberattack appears to be targeted at U.S. based hospitals, clinics, and other health care facilities. Healthcare on heightened alert.

    Read More Imminent Threat for US Hospitals and Clinics, RYUK Ransomware Alert (AA20-302A) – Updated 11/2/2020Continue

  • Tailgating into stairwell
    Exploits

    Why Tailgating is an Effective Hacker Tactic

    ByBonnie Smyre October 9, 2020July 28, 2025

    We’re conditioned to be helpful and accommodating. That’s why tailgating works so well for hackers. The Raxis penetration testing team shows how.

    Read More Why Tailgating is an Effective Hacker TacticContinue

  • Broadcast Poisoning
    Exploits | How To | Security Recommendations

    AttackTek: How to Launch a Broadcast Resolution Poisoning and SMB Relay Attack

    ByRaxis Research Team September 25, 2020July 28, 2025

    Learn an easy, effective way to test corporate networks with broadcast poisoning and SMB relay attacks used in tandem from the Raxis penetration testing team.

    Read More AttackTek: How to Launch a Broadcast Resolution Poisoning and SMB Relay AttackContinue

  • Raxis CTO, Brian Tant
    Password Cracking | Security Recommendations

    Understanding the Why Behind Password Management

    ByBonnie Smyre July 10, 2020

    In this video, Raxis CTO Brian Tant explains why password mismanagement is still one of the most reliable ways to breach a company network and what you can do to secure your network.

    Read More Understanding the Why Behind Password ManagementContinue

  • Raxis CTO, Brian Tant
    Password Cracking | Patching | Security Recommendations | Social Engineering

    3 Steps You Should Take Right Now to Reduce Your Risk of a Cyberattack

    ByBrian Tant June 22, 2020July 28, 2025

    In this video, Raxis CTO Brian Tant talks about three steps you should take to secure your network against hackers.

    Read More 3 Steps You Should Take Right Now to Reduce Your Risk of a CyberattackContinue

Page navigation

Previous PagePrevious 1 2 3 4 5 Next PageNext

2870 Peachtree Road
Suite #915-8924
Atlanta, GA 30305 USA

Contact us online

About Raxis

  • About Raxis
  • Careers
  • Terms and Conditions
  • Privacy Policy
  • Partners, Apply Here

Resources

  • The Exploit
  • Transporter Remote Penetration Testing
  • Penetration Test Glossary
  • What is a Penetration Test?
Facebook X Instagram Linkedin YouTube