The Exploit

Notes from the Front Lines of Penetration Testing

Category: Security Recommendations

Get actionable cybersecurity advice from Raxis experts. Explore best practices, tips, and recommendations to strengthen your organization’s security.
  • Accepting Penetration Test Risks & How Compensating Controls Can Help
    Accepting Penetration Test Risks & How Compensating Controls Can Help

    By

    Tim Semchenko
    Tim Semchenko discusses documenting acceptance of risks and implementing compensating controls as options when pentest findings cannot be fixed immediately.
    Read More
  • Why Raxis Attack is a Huge Win for Organizations
    Why Raxis Attack PTaaS is a Huge Win for Organizations

    By

    Caroline Kelly
    With the recent launch of Raxis Attack, a powerful PTaaS service, Caroline Kelly is excited to share how it can help organizations of all sizes stay secure.
    Read More
  • The CrowdStrike Outage: Lessons Learned
    The CrowdStrike Outage: Lessons Learned

    By

    Scottie Cole
    Just a few days ago the world felt the rippling effects of a third-party push to networks across the globe. What would have normally been a routine undertaking instead caused mass disruption of information systems and brought businesses of all sizes to a standstill. Almost everyone was impacted by this incident in one way or […]
    Read More
  • Cyber Attack Disrupts Car Dealerships
    Ongoing Cyber Attack Disrupts Car Dealerships

    By

    Brian Tant
    Wednesday thousands of car dealerships across North America experienced a cyberattack resulting in widespread outages and significant operational degradation.
    Read More
  • Password Length: More than Just a Question of Compliance
    Password Length: More than Just a Question of Compliance

    By

    Brian Tant
    Password length requirements are a key part of password security, but, with PCI, NIST, OWASP, and CIS offering different recommendations, what length is best?
    Read More
  • SOC 2 Compliance
    SOC 2 Compliance: Is it Right for Your Organization?

    By

    Bonnie Smyre
    SOC 2 is a compliance and privacy standard that outlines how to manage customer data & related systems to ensure confidentiality, integrity, and availability.
    Read More
  • Raxis Achieves SOC 2 Type 2 Compliance
    Raxis Achieves SOC 2 Type 2 Compliance

    By

    Mark Puckett
    We are thrilled to announce that Raxis has successfully achieved SOC 2 Type 2 compliance, providing assurance to our clients that their data is handled securely
    Read More
  • You See a Wireless Mouse. We see an easy way in.
    What to Expect with a Raxis Wireless Penetration Test

    By

    Scottie Cole
    Wireless attacks are typically low-risk, high-reward opportunities that don’t often require direct interaction. See more about a wireless penetration test.
    Read More
  • Simultaneous Sessions
    Why We Take Simultaneous Sessions Seriously on Penetration Tests

    By

    Raxis Research Team
    Raxis Lead Penetration Tester Matt Dunn explains why you simultaneous sessions is a significant finding on a penetration test.
    Read More
  • CIS vs. NIST
    CIS vs. NIST: Understanding Cybersecurity Standards and Frameworks

    By

    Brian Tant
    Raxis’ CTO Brian Tant discusses two important gap analysis tools security professionals use to assess cyber defenses: CIS 18 and NIST 800-53.
    Read More
  • Why they're not the same: Vulnerability Scans and Pentests
    Chained Attacks and How a Scan Can Leave You Vulnerable

    By

    Tim Semchenko
    Vulnerability scans are useful tools for protecting your network. Find out why you shouldn’t rely on them exclusively.
    Read More
  • Metasploit Module: Azure AD Login Scanner
    New Metasploit Module for Penetration Testing: Azure AD Login Scanner

    By

    Raxis Research Team
    Raxis’ Matt Dunn has published another Metasploit module, this one describing a vulnerability in Azure’s Active Directory Seamless Single Sign-on. Learn more here.
    Read More