Remediating Account Enumeration Vulnerabilities From Your Penetration Test
Account enumeration reveals whether usernames are valid for use in other attacks. Lead Penetration Tester Matt Dunn explains how it works and how to prevent it.
-
-
New Metasploit Module: Microsoft Remote Desktop Web Access Authentication Timing Attack
Raxis team member Matt Dunn has uncovered a vulnerability in Microsoft’s Remote Desktop Web Access application (RD Web Access). Learn more in this blog article.
-
How to Pull Off a Mousejacking Attack
Raxis’ penetration testing team demonstrates how to conduct a mousejacking attack to gain access as part of a penetration test.
-
AttackTek: How to Launch a Broadcast Resolution Poisoning and SMB Relay Attack
Learn an easy, effective way to test corporate networks with broadcast poisoning and SMB relay attacks used in tandem from the Raxis penetration testing team.
-
Goodies for Hoodies: TCP Timestamps
Does your penetration test always return a low-risk finding about TCP Timestamps? Why worry about it? Because it gives hackers info to use in other attacks.
