The Exploit

Notes from the Front Lines of Penetration Testing

Category: How To

Master penetration testing with Raxis “How To” tutorials. Get expert, step-by-step guides to uncover and fix vulnerabilities in your organization.
  • Exploiting Dirty Pipe (CVE-2022-0847)
    Exploiting Dirty Pipe (CVE-2022-0847)

    By

    Andrew Trexler
    The Dirty Pipe vulnerability (CVE-2022-0847) allows any user to write to read-only files, including files that are owned by root, allowing privilege escalation.
    Read More
  • Submit Button
    Hackers See Opportunity Where You See Only a Button

    By

    Brad Herring
    In this post, Raxis VP Brad Herring explains how web proxy tools can turn even simple buttons and check-boxes into avenues for an attack.
    Read More
  • How to Hire a Penetration Testing Firm Part Two
    How to Hire a Penetration Testing Firm – Part 2

    By

    Bonnie Smyre
    Is your organization is in the market for a penetration test? Raxis’ COO Bonnie Smyre continues her two-part series on how to hire a penetration testing firm.
    Read More
  • Penetration Testing Types
    How to Hire a Penetration Testing Firm – Part 1

    By

    Bonnie Smyre
    Raxis’ COO Bonnie Smyre offers some helpful hints about how to start the process of hiring a penetration testing company.
    Read More
  • Matt Dunn Mathur
    Reporting Tools for Large Penetration Tests

    By

    Raxis Administrator
    Raxis lead penetration tester Matt Dunn has developed three new tools to make it easier to compile and present findings from large penetration tests.
    Read More
  • Offensive Security OSCP
    So, You Want to Earn Your OSCP?

    By

    Andrew Trexler
    What’s it like to earn your OSCP? Raxis senior penetration tester Andrew Trexler talks about his experience preparing for and taking the exam.
    Read More
  • Metasploit Module: Azure AD Login Scanner
    New Metasploit Module for Penetration Testing: Azure AD Login Scanner

    By

    Raxis Administrator
    Raxis’ Matt Dunn has published another Metasploit module, this one describing a vulnerability in Azure’s Active Directory Seamless Single Sign-on. Learn more here.
    Read More
  • Cross-Site Scripting: Filter Evasion & Sideloading Payloads
    Cross-Site Scripting (XSS): Filter Evasion and Sideloading

    By

    Raxis Administrator
    In this second in a series, learn how to perform Cross-Site Scripting (XSS) attacks such as filter evasion and sideloading content.
    Read More
  • Introduction to Cross-Site Scripting
    Introduction to Cross-Site Scripting

    By

    Raxis Administrator
    This video covers the basics of cross-site scripting, including reflected, stored, and DOM-based XSS as well as remediation to protect against these attacks.
    Read More
  • Clickjacking causes user to unknowingly purchase tickets
    Realistically Assessing the Threat of Clickjacking Today: A Penetration Tester Perspective

    By

    Adam Fernandez
    Raxis’ Lead Developer Adam Fernandez discusses clickjacking, explaining what it is and why it represents less of a threat now than it once did. Adam also talks about how clickjacking differs from similar attacks.
    Read More
  • LDAP Passback
    LDAP Passback and Why We Harp on Passwords

    By

    Raxis Administrator
    LDAP passback exploits are easy when companies fail to change default passwords on network devices or fail to assign a password at all. If you connect it, you must protect it.
    Read More