Raxis Blog Posts by Category

, ,
  • Cool Tools Series: NMAP for Penetration Tests
    Cool Tools Series: NMAP for Penetration Tests
    Raxis’ lead developer, Adam Fernandez, adds to our Cool Tools Series with a focus on Nmap: discovering live hosts that appear to be down and useful NSE scripts.
  • Cool Tools Series: Host Discovery
    Cool Tools Series: Host Discovery in Penetration Testing
    Raxis’ pentester, Scottie Cole, leads off our new Cool Tools Series with tips on tools for host discovery and vulnerability discovery for penetration tests.
  • SQL Injection Attack
    SQLi Series: SQL Timing Attacks for Penetration Testing
    Andrew Trexler’s SQLi Series is back, demonstrating SQL Timing Attacks using MySQL’s sleep function in Blind SQL Injection attacks for penetration testing.
  • SQL Injection
    SQLi Series: An Introduction to SQL Injection for Penetration Testing
    Raxis’ Andrew Trexler explains what SQL Injection (SQLi) is and how to perform a simple exploit against a web app login page in penetration tests.
  • AD Series: Resource Based Constrained Delegation (RBCD) Exploits
    AD Series: Resource Based Constrained Delegation (RBCD) for Penetration Testing
    Exploit msDS-AllowedToActOnBehalfOfOtherIdentitity to gain administrative access in a Resource Based Constrained Delegation (RBCD) attack on penetration tests.
  • AD Series: Active Directory Certificate Services (ADCS) Exploits Using NTLMRelayx.py
    AD Series: Active Directory Certificate Services (ADCS) Exploits Using NTLMRelayx.py for Penetration Tests
    Andrew Trexler ran into issues with certipy when testing on port 443 and found that NTLMRelayx.py worked better in for those ADCS Exploits on penetration tests.
  • Active Directory Certificate Services (ADCS) Misconfiguration Exploits
    AD Series: Active Directory Certificate Services (ADCS) Misconfiguration Exploits for Penetration Tests
    Andrew Trexler adds to his Active Directory series with a tutorial of Active Directory Certificate Services (ADCS) misconfiguration exploits for penetration tests.
  • Broadcast Attacks - Responder
    AD Series: How to Perform Broadcast Attacks Using NTLMRelayx, MiTM6 and Responder for Penetration Tests
    Andrew Trexler continues his AD Series with an in-depth tutorial on broadcast Attacks using NTLMRelayx, MiTM6 and Responder for penetration tests.
  • How to Create an Active Directory Test Environment
    How to Create an AD Test Environment to Use for Penetration Testing
    Andrew Trexler walks us through creating a simple AD test environment to test new hacks before trying them on a penetration test.
  • Exploiting GraphQL
    Exploiting GraphQL for Penetration Testing
    Exploiting GraphQL, a query language inspired by the structure & functionality of online data storage & collaboration platforms Meta, Instagram & Google Sheets.
  • Log4 Exploit Walkthrough
    Log4j: How to Exploit and Test this Critical Vulnerability on Penetration Tests
    Raxis demonstrates how to obtain a remote shell on a target system during penetration tests using a Log4j open-source exploit available to all. (CVE-2021-44228)
  • Exploiting Dirty Pipe (CVE-2022-0847)
    Exploiting Dirty Pipe (CVE-2022-0847)
    The Dirty Pipe vulnerability (CVE-2022-0847) allows any user to write to read-only files, including files that are owned by root, allowing privilege escalation.