SQL Injection Attack
SQLi Series: SQL Timing Attacks

Andrew Trexler is back with his SQLi Series, this time demonstrating SQL Timing Attacks using[…]

SQL Injection
SQLi Series: An Introduction to SQL Injection

In this first in a new series, Raxis’ Andrew Trexler explains what SQL Injection (SQLi)[…]

AD Series: Resource Based Constrained Delegation (RBCD) Exploits
AD Series: Resource Based Constrained Delegation (RBCD)

Learn to exploit msDS-AllowedToActOnBehalfOfOtherIdentitity to gain administrative access in a Resource Based Constrained Delegation (RBCD)

AD Series: Active Directory Certificate Services (ADCS) Exploits Using NTLMRelayx.py
AD Series: Active Directory Certificate Services (ADCS) Exploits Using NTLMRelayx.py

Raxis’ Andrew Trexler ran into some issues with certipy when testing on port 443 and[…]

Active Directory Certificate Services (ADCS) Misconfiguration Exploits
AD Series: Active Directory Certificate Services (ADCS) Misconfiguration Exploits

Raxis’ Andrew Trexler adds to his Active Directory series with a thorough tutorial of Active[…]

Broadcast Attacks - Responder
AD Series: How to Perform Broadcast Attacks Using NTLMRelayx, MiTM6 and Responder

Andrew Trexler continues his AD Series with an in-depth tutorial on broadcast Attacks using NTLMRelayx,[…]

How to Create an Active Directory Test Environment
How to Create an AD Test Environment

Andrew Trexler walks us through creating a simple AD test environment to test new hacks[…]

Exploiting GraphQL
Exploiting GraphQL

Exploiting GraphQL, a query language inspired by the structure & functionality of online data storage[…]

Log4 Exploit Walkthrough
Log4j: How to Exploit and Test this Critical Vulnerability

Raxis demonstrates how to obtain a remote shell on a target system using a Log4j[…]

Exploiting Dirty Pipe (CVE-2022-0847)
Exploiting Dirty Pipe (CVE-2022-0847)

The Dirty Pipe vulnerability (CVE-2022-0847) allows any user to write to read-only files, including files[…]

Submit Button
Hackers See Opportunity Where You See Only a Button

In this post, Raxis VP Brad Herring explains how web proxy tools can turn even[…]

How to Hire a Penetration Testing Firm Part Two
How to Hire a Penetration Testing Firm Part Two

Raxis’ COO Bonnie Smyre continues her two-part series on how to hire a penetration testing