New Metasploit Module for Penetration Testing: Azure AD Login Scanner
Raxis’ Matt Dunn has published another Metasploit module, this one describing a vulnerability in Azure’s Active Directory Seamless Single Sign-on. Learn more here.
-
-
Cross-Site Scripting (XSS): Filter Evasion and Sideloading
In this second in a series, learn how to perform Cross-Site Scripting (XSS) attacks such as filter evasion and sideloading content.
-
Introduction to Cross-Site Scripting
This video covers the basics of cross-site scripting, including reflected, stored, and DOM-based XSS as well as remediation to protect against these attacks.
-
Realistically Assessing the Threat of Clickjacking Today: A Penetration Tester Perspective
Raxis’ Lead Developer Adam Fernandez discusses clickjacking, explaining what it is and why it represents less of a threat now than it once did. Adam also talks about how clickjacking differs from similar attacks.
-
Phish Like the Pros
Phish attacks are a significant threat to all organizations. In this video Raxis’ Scottie Cole shares tips and tricks for phishing assessments.
-
LDAP Passback and Why We Harp on Passwords
LDAP passback exploits are easy when companies fail to change default passwords on network devices or fail to assign a password at all. If you connect it, you must protect it.
-
Remediating Account Enumeration Vulnerabilities From Your Penetration Test
Account enumeration reveals whether usernames are valid for use in other attacks. Lead Penetration Tester Matt Dunn explains how it works and how to prevent it.
-
New Metasploit Module: Microsoft Remote Desktop Web Access Authentication Timing Attack
Raxis team member Matt Dunn has uncovered a vulnerability in Microsoft’s Remote Desktop Web Access application (RD Web Access). Learn more in this blog article.
-
How to Pull Off a Mousejacking Attack
Raxis’ penetration testing team demonstrates how to conduct a mousejacking attack to gain access as part of a penetration test.
-
AttackTek: How to Launch a Broadcast Resolution Poisoning and SMB Relay Attack
Learn an easy, effective way to test corporate networks with broadcast poisoning and SMB relay attacks used in tandem from the Raxis penetration testing team.
-
Goodies for Hoodies: TCP Timestamps
Does your penetration test always return a low-risk finding about TCP Timestamps? Why worry about it? Because it gives hackers info to use in other attacks.
-
IKE VPNs Supporting Aggressive Mode
In this post we’ll look at why IKE VPNs with Aggressive Mode enabled continue to be a vulnerability, how it can be exploited, and how to mitigate this risk.
