Skip to content
Raxis
  • Home
  • Services
      Core Services
    • Raxis Red Team
    • AI Augmented Penetration Testing
    • Penetration Testing as a Service (PTaaS)
    • Elite Cybersecurity Services
    • Raxis listed as a Sample Vendor for Penetration Testing as a Service in two Gartner® Hype Cycle™, 2024 reports
      • Penetration Testing
    • Penetration Testing Services
    • Web Application Penetration Testing
    • API Security
    • Salesforce Applications
    • Internal Networks, Cloud, and VPC
    • External Networks and Internet
    • Wireless Networks
    • Mobile Applications
      • CyberSecurity Services
    • Compliance: PCI, HIPAA, GLBA, and more
    • Attack Surface Management
    • Breach and Attack Simulation
    • Cybersecurity Code Review
    • Cybersecurity Red Team
    • Phishing and Spear Phishing
    • Social Engineering
  • Industries
      Critical Infrastructure
    • Energy
    • Communications
    • Transportation
    • Water
      • Compliance Driven
    • Credit Card Industry (PCI)
    • Education
    • Finance and Banking
    • GLBA Safeguards Rule
    • Government Agencies
    • Healthcare (HIPAA)
    • Manufacturing
    • SOC 2
      • Technology
    • Technology and Software Development
    • Blockchain and Cryptocurrency
    • Media and Entertainment
    • Social Media
  • Resources
      Company Information
    • About Raxis
    • Careers
    • Meet Our Team
    • Signup for Raxis News
      • Resources
    • The Exploit Blog
    • Become a Raxis Partner
    • Certifications
    • Raxis One
    • Transporter Remote Pentesting
      • About Ethical Hacking
    • An Inside Look at a Raxis Red Team
    • Red, Blue, and Purple Teams
    • Penetration Test Glossary
    • What is a Penetration Test?
    • What is Web Application Penetration Testing?
  • The Exploit Blog
  • About Us
Contact Raxis Login
Raxis
Contact RaxisIcon Link to Contact Raxis
  • Home
  • Services
      Core Services
    • Raxis Red Team
    • AI Augmented Penetration Testing
    • Penetration Testing as a Service (PTaaS)
    • Elite Cybersecurity Services
    • Raxis listed as a Sample Vendor for Penetration Testing as a Service in two Gartner® Hype Cycle™, 2024 reports
      • Penetration Testing
    • Penetration Testing Services
    • Web Application Penetration Testing
    • API Security
    • Salesforce Applications
    • Internal Networks, Cloud, and VPC
    • External Networks and Internet
    • Wireless Networks
    • Mobile Applications
      • CyberSecurity Services
    • Compliance: PCI, HIPAA, GLBA, and more
    • Attack Surface Management
    • Breach and Attack Simulation
    • Cybersecurity Code Review
    • Cybersecurity Red Team
    • Phishing and Spear Phishing
    • Social Engineering
  • Industries
      Critical Infrastructure
    • Energy
    • Communications
    • Transportation
    • Water
      • Compliance Driven
    • Credit Card Industry (PCI)
    • Education
    • Finance and Banking
    • GLBA Safeguards Rule
    • Government Agencies
    • Healthcare (HIPAA)
    • Manufacturing
    • SOC 2
      • Technology
    • Technology and Software Development
    • Blockchain and Cryptocurrency
    • Media and Entertainment
    • Social Media
  • Resources
      Company Information
    • About Raxis
    • Careers
    • Meet Our Team
    • Signup for Raxis News
      • Resources
    • The Exploit Blog
    • Become a Raxis Partner
    • Certifications
    • Raxis One
    • Transporter Remote Pentesting
      • About Ethical Hacking
    • An Inside Look at a Raxis Red Team
    • Red, Blue, and Purple Teams
    • Penetration Test Glossary
    • What is a Penetration Test?
    • What is Web Application Penetration Testing?
  • The Exploit Blog
  • About Us

The Exploit

Raxis Cybersecurity Insights From The Frontlines

  • How to Create an Active Directory Test Environment
    How To | Networks | Password Cracking | Penetration Testing

    How to Create an AD Test Environment to Use for Penetration Testing

    ByAndrew Trexler April 27, 2023June 16, 2025

    Andrew Trexler walks us through creating a simple AD test environment to test new hacks before trying them on a penetration test.

    Read More How to Create an AD Test Environment to Use for Penetration TestingContinue

  • Exploiting GraphQL
    Exploits | How To

    Exploiting GraphQL for Penetration Testing

    Bybjager March 28, 2023June 16, 2025

    Exploiting GraphQL, a query language inspired by the structure & functionality of online data storage & collaboration platforms Meta, Instagram & Google Sheets.

    Read More Exploiting GraphQL for Penetration TestingContinue

  • Log4 Exploit Walkthrough
    Exploits | How To

    Log4j: How to Exploit and Test this Critical Vulnerability on Penetration Tests

    ByMark Puckett November 18, 2022June 16, 2025

    Raxis demonstrates how to obtain a remote shell on a target system during penetration tests using a Log4j open-source exploit available to all. (CVE-2021-44228)

    Read More Log4j: How to Exploit and Test this Critical Vulnerability on Penetration TestsContinue

  • Exploiting Dirty Pipe (CVE-2022-0847)
    Exploits | How To

    Exploiting Dirty Pipe (CVE-2022-0847)

    ByAndrew Trexler May 26, 2022September 5, 2025

    The Dirty Pipe vulnerability (CVE-2022-0847) allows any user to write to read-only files, including files that are owned by root, allowing privilege escalation.

    Read More Exploiting Dirty Pipe (CVE-2022-0847)Continue

  • Submit Button
    Exploits | How To | Injection Attacks | Web Apps

    Hackers See Opportunity Where You See Only a Button

    ByBrad Herring April 1, 2022June 3, 2025

    In this post, Raxis VP Brad Herring explains how web proxy tools can turn even simple buttons and check-boxes into avenues for an attack.

    Read More Hackers See Opportunity Where You See Only a ButtonContinue

  • How to Hire a Penetration Testing Firm Part Two
    How To | Penetration Testing

    How to Hire a Penetration Testing Firm – Part 2

    ByBonnie Smyre March 18, 2022July 28, 2025

    Is your organization is in the market for a penetration test? Raxis’ COO Bonnie Smyre continues her two-part series on how to hire a penetration testing firm.

    Read More How to Hire a Penetration Testing Firm – Part 2Continue

  • Penetration Testing Types
    How To | Penetration Testing

    How to Hire a Penetration Testing Firm – Part 1

    ByBonnie Smyre February 25, 2022July 28, 2025

    Raxis’ COO Bonnie Smyre offers some helpful hints about how to start the process of hiring a penetration testing company.

    Read More How to Hire a Penetration Testing Firm – Part 1Continue

  • Matt Dunn Mathur
    How To | Penetration Testing

    Reporting Tools for Large Penetration Tests

    ByRaxis Research Team February 11, 2022

    Raxis lead penetration tester Matt Dunn has developed three new tools to make it easier to compile and present findings from large penetration tests.

    Read More Reporting Tools for Large Penetration TestsContinue

  • Offensive Security OSCP
    Careers | How To

    So, You Want to Earn Your OSCP?

    ByAndrew Trexler February 4, 2022June 6, 2025

    What’s it like to earn your OSCP? Raxis senior penetration tester Andrew Trexler talks about his experience preparing for and taking the exam.

    Read More So, You Want to Earn Your OSCP?Continue

  • Metasploit Module: Azure AD Login Scanner
    How To | Security Recommendations

    New Metasploit Module for Penetration Testing: Azure AD Login Scanner

    ByRaxis Research Team November 23, 2021June 16, 2025

    Raxis’ Matt Dunn has published another Metasploit module, this one describing a vulnerability in Azure’s Active Directory Seamless Single Sign-on. Learn more here.

    Read More New Metasploit Module for Penetration Testing: Azure AD Login ScannerContinue

  • Cross-Site Scripting: Filter Evasion & Sideloading Payloads
    Exploits | How To

    Cross-Site Scripting (XSS): Filter Evasion and Sideloading

    ByRaxis Research Team November 12, 2021June 3, 2025

    In this second in a series, learn how to perform Cross-Site Scripting (XSS) attacks such as filter evasion and sideloading content.

    Read More Cross-Site Scripting (XSS): Filter Evasion and SideloadingContinue

  • Introduction to Cross-Site Scripting
    How To | Security Recommendations

    Introduction to Cross-Site Scripting

    ByRaxis Research Team October 29, 2021

    This video covers the basics of cross-site scripting, including reflected, stored, and DOM-based XSS as well as remediation to protect against these attacks.

    Read More Introduction to Cross-Site ScriptingContinue

Page navigation

Previous PagePrevious 1 2 3 4 Next PageNext

2870 Peachtree Road
Suite #915-8924
Atlanta, GA 30305 USA

Contact us online

About Raxis

  • About Raxis
  • Careers
  • Terms and Conditions
  • Privacy Policy
  • Partners, Apply Here

Resources

  • The Exploit
  • Transporter Remote Penetration Testing
  • Penetration Test Glossary
  • What is a Penetration Test?
Facebook X Instagram Linkedin YouTube