Skip to content
Raxis
  • Home
  • Services
      Core Services
    • Raxis Red Team
    • AI Augmented Penetration Testing
    • Penetration Testing as a Service (PTaaS)
    • Elite Cybersecurity Services
    • Raxis listed as a Sample Vendor for Penetration Testing as a Service in two Gartner® Hype Cycle™, 2024 reports
      • Penetration Testing
    • Penetration Testing Services
    • Web Application Penetration Testing
    • API Security
    • Salesforce Applications
    • Internal Networks, Cloud, and VPC
    • External Networks and Internet
    • Wireless Networks
    • Mobile Applications
      • CyberSecurity Services
    • Compliance: PCI, HIPAA, GLBA, and more
    • Attack Surface Management
    • Breach and Attack Simulation
    • Cybersecurity Code Review
    • Cybersecurity Red Team
    • Phishing and Spear Phishing
    • Social Engineering
  • Industries
      Critical Infrastructure
    • Energy
    • Communications
    • Transportation
    • Water
      • Compliance Driven
    • Credit Card Industry (PCI)
    • Education
    • Finance and Banking
    • GLBA Safeguards Rule
    • Government Agencies
    • Healthcare (HIPAA)
    • Manufacturing
    • SOC 2
      • Technology
    • Technology and Software Development
    • Blockchain and Cryptocurrency
    • Media and Entertainment
    • Social Media
  • Resources
      Company Information
    • About Raxis
    • Careers
    • Meet Our Team
    • Signup for Raxis News
      • Resources
    • The Exploit Blog
    • Become a Raxis Partner
    • Certifications
    • Raxis One
    • Transporter Remote Pentesting
      • About Ethical Hacking
    • An Inside Look at a Raxis Red Team
    • Red, Blue, and Purple Teams
    • Penetration Test Glossary
    • What is a Penetration Test?
    • What is Web Application Penetration Testing?
  • The Exploit Blog
  • About Us
Contact Raxis Login
Raxis
Contact RaxisIcon Link to Contact Raxis
  • Home
  • Services
      Core Services
    • Raxis Red Team
    • AI Augmented Penetration Testing
    • Penetration Testing as a Service (PTaaS)
    • Elite Cybersecurity Services
    • Raxis listed as a Sample Vendor for Penetration Testing as a Service in two Gartner® Hype Cycle™, 2024 reports
      • Penetration Testing
    • Penetration Testing Services
    • Web Application Penetration Testing
    • API Security
    • Salesforce Applications
    • Internal Networks, Cloud, and VPC
    • External Networks and Internet
    • Wireless Networks
    • Mobile Applications
      • CyberSecurity Services
    • Compliance: PCI, HIPAA, GLBA, and more
    • Attack Surface Management
    • Breach and Attack Simulation
    • Cybersecurity Code Review
    • Cybersecurity Red Team
    • Phishing and Spear Phishing
    • Social Engineering
  • Industries
      Critical Infrastructure
    • Energy
    • Communications
    • Transportation
    • Water
      • Compliance Driven
    • Credit Card Industry (PCI)
    • Education
    • Finance and Banking
    • GLBA Safeguards Rule
    • Government Agencies
    • Healthcare (HIPAA)
    • Manufacturing
    • SOC 2
      • Technology
    • Technology and Software Development
    • Blockchain and Cryptocurrency
    • Media and Entertainment
    • Social Media
  • Resources
      Company Information
    • About Raxis
    • Careers
    • Meet Our Team
    • Signup for Raxis News
      • Resources
    • The Exploit Blog
    • Become a Raxis Partner
    • Certifications
    • Raxis One
    • Transporter Remote Pentesting
      • About Ethical Hacking
    • An Inside Look at a Raxis Red Team
    • Red, Blue, and Purple Teams
    • Penetration Test Glossary
    • What is a Penetration Test?
    • What is Web Application Penetration Testing?
  • The Exploit Blog
  • About Us
The Exploit Blog

Raxis Cybersecurity Insights From The Frontlines

  • CIS vs. NIST
    Security Recommendations

    CIS vs. NIST: Understanding Cybersecurity Standards and Frameworks

    ByBrian Tant January 7, 2022July 28, 2025

    Raxis’ CTO Brian Tant discusses two important gap analysis tools security professionals use to assess cyber defenses: CIS 18 and NIST 800-53.

    Read More CIS vs. NIST: Understanding Cybersecurity Standards and FrameworksContinue

  • Why they're not the same: Vulnerability Scans and Pentests
    Security Recommendations

    Chained Attacks and How a Scan Can Leave You Vulnerable

    ByTim Semchenko December 10, 2021June 3, 2025

    Vulnerability scans are useful tools for protecting your network. Find out why you shouldn’t rely on them exclusively.

    Read More Chained Attacks and How a Scan Can Leave You VulnerableContinue

  • Metasploit Module: Azure AD Login Scanner
    How To | Security Recommendations

    New Metasploit Module for Penetration Testing: Azure AD Login Scanner

    ByRaxis Research Team November 23, 2021June 16, 2025

    Raxis’ Matt Dunn has published another Metasploit module, this one describing a vulnerability in Azure’s Active Directory Seamless Single Sign-on. Learn more here.

    Read More New Metasploit Module for Penetration Testing: Azure AD Login ScannerContinue

  • Introduction to Cross-Site Scripting
    How To | Security Recommendations

    Introduction to Cross-Site Scripting

    ByRaxis Research Team October 29, 2021

    This video covers the basics of cross-site scripting, including reflected, stored, and DOM-based XSS as well as remediation to protect against these attacks.

    Read More Introduction to Cross-Site ScriptingContinue

  • Nagios XI Stored Cross-Site Scripting (XSS): CVE-2021-38156
    Patching | Security Recommendations

    Nagios XI Stored Cross-Site Scripting (XSS): CVE-2021-38156

    ByRaxis Research Team September 17, 2021

    Nagios is open-source network and system monitoring software. Raxis’ Matt Dunn has discovered a cross-site scripting vulnerability that could leave users open to attack.

    Read More Nagios XI Stored Cross-Site Scripting (XSS): CVE-2021-38156Continue

  • Cookie Jar
    Security Recommendations

    Keep Your Cookies in the Cookie Jar: HttpOnly and Secure Flags

    ByRaxis Research Team September 3, 2021June 3, 2025

    How can cookies be used against you? And how do you keep that from happening? Raxis’ Matt Dunn explains.

    Read More Keep Your Cookies in the Cookie Jar: HttpOnly and Secure FlagsContinue

  • Scottie in 2004 on Navarre Beach in the wake of the Hurricane Ivan
    Security Recommendations

    Hurricane Ida: Limiting the Damage

    ByScottie Cole September 1, 2021

    Lead penetration tester Scottie Cole is a Gulf Coast resident and former first responder. Read his tips for avoiding hackers and scams that can be as costly as a natural disaster.

    Read More Hurricane Ida: Limiting the DamageContinue

  • PRTG Network Monitor Stored Cross-Site Scripting Vulnerability (CVE-2021-29643)
    Patching | Security Recommendations

    PRTG Network Monitor Stored Cross-Site Scripting Vulnerability (CVE-2021-29643)

    ByRaxis Research Team August 20, 2021July 28, 2025

    Raxis lead penetration tester Matt Dunn uncovers a new vulnerability in the PRTG Network Monitor (CVE-2021-29643). Read more here.

    Read More PRTG Network Monitor Stored Cross-Site Scripting Vulnerability (CVE-2021-29643)Continue

  • Screaming person with smartphone
    Security Recommendations

    Don’t Take the Smishbait

    ByBonnie Smyre July 30, 2021August 22, 2025

    Unwanted text messages are annoying, but some also hide malicious links. Here are some ways to avoid being “smished.”

    Read More Don’t Take the SmishbaitContinue

  • JavaScript Execution to Display User's Cookie in an Alert Box
    Security Recommendations

    ManageEngine Applications Manager Stored Cross-Site Scripting Vulnerability (CVE-2021-31813)

    ByRaxis Research Team June 25, 2021July 28, 2025

    Raxis’ Matt Dunn has discovered another ManangeEngine cross-site scripting (XSS) vulnerability, this time in the Applications Manager product (CVE-2021-31813).

    Read More ManageEngine Applications Manager Stored Cross-Site Scripting Vulnerability (CVE-2021-31813)Continue

  • Two people at laptops sending data at each other
    In The News | Security Recommendations

    Why Mutual Assured Destruction is an Incomplete Cyber Defense Strategy

    ByBonnie Smyre May 14, 2021July 28, 2025

    Is the threat of full-scale retaliation enough to prevent large-scale cyberattacks? Raxis’ Bonnie Smyre explains why this Cold War strategy is not effective.

    Read More Why Mutual Assured Destruction is an Incomplete Cyber Defense StrategyContinue

  • .be .wa .re .sc .am .me .rs
    Security Recommendations

    A High-Tech Take on an Old-Time Scam

    ByBrian Tant April 23, 2021

    Don’t fall prey to scammers trying to convince you that your domain name is about to be stolen by an overseas company.

    Read More A High-Tech Take on an Old-Time ScamContinue

Page navigation

Previous PagePrevious 1 2 3 4 5 … 7 Next PageNext

2870 Peachtree Road
Suite #915-8924
Atlanta, GA 30305 USA

Contact us online

About Raxis

  • About Raxis
  • Careers
  • Terms and Conditions
  • Privacy Policy
  • Partners, Apply Here

Resources

  • The Exploit
  • Transporter Remote Penetration Testing
  • Penetration Test Glossary
  • What is a Penetration Test?
Facebook X Instagram Linkedin YouTube