Raxis Blog Posts by Category

, , ,
  • Submit Button
    Hackers See Opportunity Where You See Only a Button
    In this post, Raxis VP Brad Herring explains how web proxy tools can turn even simple buttons and check-boxes into avenues for an attack.
  • How to Hire a Penetration Testing Firm Part Two
    How to Hire a Penetration Testing Firm – Part 2
    Raxis’ COO Bonnie Smyre continues her two-part series on how to hire a penetration testing firm.
  • Penetration Testing Types
    How to Hire a Penetration Testing Firm – Part 1
    Raxis’ COO Bonnie Smyre offers some helpful hints about how to start the process of hiring a penetration testing company.
  • Matt Dunn Mathur
    Reporting Tools for Large Penetration Tests
    Raxis lead penetration tester Matt Dunn has developed three new tools to make it easier to compile and present findings from large penetration tests.
  • Offensive Security OSCP
    So, You Want to Earn Your OSCP?
    What’s it like to earn your OSCP? Raxis senior penetration tester Andrew Trexler talks about his experience preparing for and taking the exam.
  • Metasploit Module: Azure AD Login Scanner
    New Metasploit Module for Penetration Testing: Azure AD Login Scanner
    Raxis’ Matt Dunn has published another Metasploit module, this one describing a vulnerability in Azure’s Active Directory Seamless Single Sign-on. Learn more here.
  • Cross-Site Scripting: Filter Evasion & Sideloading Payloads
    Cross-Site Scripting (XSS): Filter Evasion and Sideloading
    In this second in a series, learn how to perform Cross-Site Scripting (XSS) attacks such as filter evasion and sideloading content.
  • Introduction to Cross-Site Scripting
    Introduction to Cross-Site Scripting
    This video covers the basics of cross-site scripting, including reflected, stored, and DOM-based XSS as well as remediation to protect against these attacks.
  • Clickjacking causes user to unknowingly purchase tickets
    Realistically Assessing the Threat of Clickjacking Today: A Penetration Tester Perspective
    Raxis’ Lead Developer Adam Fernandez discusses clickjacking, explaining what it is and why it represents less of a threat now than it once did. Adam also talks about how clickjacking differs from similar attacks.
  • LDAP Passback
    LDAP Passback and Why We Harp on Passwords
    LDAP passback exploits are easy when companies fail to change default passwords on network devices or fail to assign a password at all. If you connect it, you must protect it.