Skip to content
Raxis
  • Home
  • Services
      Red Team Penetration Testing
    • Red Team
    • Breach and Attack Simulation
    • Phishing and Spear Phishing
    • Physical Penetration Testing
      • Penetration Testing
    • Penetration Testing Services
    • Raxis Attack: Penetration Testing as a Service
    • Web Application Penetration Testing
    • API Security
    • Salesforce Applications
    • Internal Networks, Cloud, and VPC
    • External Networks and Internet
    • Wireless Networks
    • Mobile Applications
      • Cybersecurity Services
    • Elite Cybersecurity Services
    • Attack Surface Management
    • Cybersecurity Code Review
  • Industries
      Critical Infrastructure
    • Energy
    • Communications
    • Transportation
    • Water
      • Compliance Driven
    • Credit Card Industry (PCI)
    • Healthcare (HIPAA, FDA)
    • SOC 2
    • Education
    • Finance and Banking
    • GLBA Safeguards Rule
    • Government Agencies
    • Manufacturing
      • Technology
    • Technology and Software Development
    • Blockchain and Cryptocurrency
    • Media and Entertainment
    • Social Media
  • Resources
      Company Information
    • About Raxis
    • Become a Raxis Partner
    • Careers
    • Certifications
    • Meet Our Team
    • Signup for Raxis News
      • Resources
    • The Exploit Blog
    • Raxis One
    • Red, Blue, and Purple Teams
    • Penetration Test Glossary
    • Transporter Remote Pentesting
    • What is a Penetration Test?
  • The Exploit Blog
  • About Us
Contact Raxis Login
Raxis
Contact RaxisIcon Link to Contact Raxis
  • Home
  • Services
      Red Team Penetration Testing
    • Red Team
    • Breach and Attack Simulation
    • Phishing and Spear Phishing
    • Physical Penetration Testing
      • Penetration Testing
    • Penetration Testing Services
    • Raxis Attack: Penetration Testing as a Service
    • Web Application Penetration Testing
    • API Security
    • Salesforce Applications
    • Internal Networks, Cloud, and VPC
    • External Networks and Internet
    • Wireless Networks
    • Mobile Applications
      • Cybersecurity Services
    • Elite Cybersecurity Services
    • Attack Surface Management
    • Cybersecurity Code Review
  • Industries
      Critical Infrastructure
    • Energy
    • Communications
    • Transportation
    • Water
      • Compliance Driven
    • Credit Card Industry (PCI)
    • Healthcare (HIPAA, FDA)
    • SOC 2
    • Education
    • Finance and Banking
    • GLBA Safeguards Rule
    • Government Agencies
    • Manufacturing
      • Technology
    • Technology and Software Development
    • Blockchain and Cryptocurrency
    • Media and Entertainment
    • Social Media
  • Resources
      Company Information
    • About Raxis
    • Become a Raxis Partner
    • Careers
    • Certifications
    • Meet Our Team
    • Signup for Raxis News
      • Resources
    • The Exploit Blog
    • Raxis One
    • Red, Blue, and Purple Teams
    • Penetration Test Glossary
    • Transporter Remote Pentesting
    • What is a Penetration Test?
  • The Exploit Blog
  • About Us

Cybersecurity Insights From The Frontlines

  • Bypassing a WAF and a CSP with Google Tag Manager: An Attacker’s Perspective and Remediation Advice
    How To | Injection Attacks | Security Recommendations | Web Apps

    Bypassing a WAF and a CSP with Google Tag Manager: An Attacker’s Perspective and Remediation Advice

    ByRyan Chaplin February 10, 2026January 26, 2026

    Ryan Chaplin takes an in-depth look at how attackers can use unsafe directives to bypass CSP, notably in Google Tag Manager, and how to remediate the issue.

    Read More Bypassing a WAF and a CSP with Google Tag Manager: An Attacker’s Perspective and Remediation AdviceContinue

  • PSE & Red Team Series: Social Engineering
    How To | Red Team | Social Engineering

    PSE & Red Team Series: Social Engineering

    ByNathan Anderson January 27, 2026January 20, 2026

    Lead Penetration Tester Nathan Anderson is back with more PSE and red team tips, including tailgating, impersonating, and pretexts to gain onsite access.

    Read More PSE & Red Team Series: Social EngineeringContinue

  • Data Theft Exploit: DNS Exfiltration Attack
    Exploits | How To | Networks | Penetration Testing | Red Team

    Data Theft Exploit Part 2: DNS Exfiltration Attack

    ByJason Taylor January 13, 2026November 14, 2025

    Raxis’ Jason Taylor is back with a detailed tutorial on performing both manual and automated DNS exfiltration attacks for pentesting.

    Read More Data Theft Exploit Part 2: DNS Exfiltration AttackContinue

  • Cross-Site Scripting (XSS): Cookie Theft - Advanced Payloads
    Exploits | How To | Web Apps

    Cross-Site Scripting (XSS): Cookie Theft – Advanced Payloads

    ByRaxis Research Team December 18, 2025November 21, 2025

    We reached into our vaults to bring you the final video in our cross-site scripting (XSS) series. Learn about cookie theft, website defacement, and CSRF attacks.

    Read More Cross-Site Scripting (XSS): Cookie Theft – Advanced PayloadsContinue

  • Data Theft Exploit: DNS Exfiltration Setup
    Exploits | How To | Networks | Penetration Testing | Red Team

    Data Theft Exploit Part 1: DNS Exfiltration Setup

    ByJason Taylor December 16, 2025November 14, 2025

    Raxis Lead Penetration Tester Jason Taylor’s in-depth tutorial explains setting up a server for DNS exfiltration. Check back next month to run the attack.

    Read More Data Theft Exploit Part 1: DNS Exfiltration SetupContinue

Page navigation

1 2 3 … 11 Next PageNext

2870 Peachtree Road
Suite #915-8924
Atlanta, GA 30305 USA

+1 678.421.4544

Contact us online for faster response

About Raxis

  • About Raxis
  • Careers
  • Terms and Conditions
  • Privacy Policy
  • Penetration Testing Partner Program

Resources

  • The Exploit Blog
  • Transporter Remote Penetration Testing
  • Penetration Test Glossary
  • What is a Penetration Test?
Facebook X Instagram Linkedin YouTube