Exploits

Discover expert insights on the latest exploits, penetration testing tactics, and real-world vulnerabilities to strengthen your cybersecurity defenses.

the exploit blog logo
The Exploit: Penetration Testing Insights From The Frontlines

Articles Categorized as Exploits

  • AD Series: Active Directory Certificate Services (ADCS) Exploits Using NTLMRelayx.py
    AD Series: Active Directory Certificate Services (ADCS) Exploits Using NTLMRelayx.py for Penetration Tests
    Andrew Trexler ran into issues with certipy when testing on port 443 and found that NTLMRelayx.py worked better in for those ADCS Exploits on penetration tests.
    Read More
  • Active Directory Certificate Services (ADCS) Misconfiguration Exploits
    AD Series: Active Directory Certificate Services (ADCS) Misconfiguration Exploits for Penetration Tests
    Andrew Trexler adds to his AD series with a tutorial of Active Directory Certificate Services (ADCS) misconfiguration exploits for penetration tests.
    Read More
  • Broadcast Attacks - Responder
    AD Series: How to Perform Broadcast Attacks Using NTLMRelayx, MiTM6 and Responder for Penetration Tests
    Andrew Trexler continues his AD Series with an in-depth tutorial on broadcast Attacks using NTLMRelayx, MiTM6 and Responder for penetration tests.
    Read More
  • How to Create an Active Directory Test Environment
    How to Create an AD Test Environment to Use for Penetration Testing
    Andrew Trexler walks us through creating a simple AD test environment to test new hacks before trying them on a penetration test.
    Read More
  • Exploiting GraphQL
    Exploiting GraphQL for Penetration Testing
    Exploiting GraphQL, a query language inspired by the structure & functionality of online data storage & collaboration platforms Meta, Instagram & Google Sheets.
    Read More
  • Log4 Exploit Walkthrough
    Log4j: How to Exploit and Test this Critical Vulnerability on Penetration Tests
    Raxis demonstrates how to obtain a remote shell on a target system during penetration tests using a Log4j open-source exploit available to all. (CVE-2021-44228)
    Read More