The Exploit

Notes from the Front Lines of Penetration Testing

Category: Security Recommendations

Get actionable cybersecurity advice from Raxis experts. Explore best practices, tips, and recommendations to strengthen your organization’s security.
  • Introduction to Cross-Site Scripting
    Introduction to Cross-Site Scripting

    By

    Raxis Research Team
    This video covers the basics of cross-site scripting, including reflected, stored, and DOM-based XSS as well as remediation to protect against these attacks.
    Read More
  • Nagios XI Stored Cross-Site Scripting (XSS): CVE-2021-38156
    Nagios XI Stored Cross-Site Scripting (XSS): CVE-2021-38156

    By

    Raxis Research Team
    Nagios is open-source network and system monitoring software. Raxis’ Matt Dunn has discovered a cross-site scripting vulnerability that could leave users open to attack.
    Read More
  • Cookie Jar
    Keep Your Cookies in the Cookie Jar: HttpOnly and Secure Flags

    By

    Raxis Research Team
    How can cookies be used against you? And how do you keep that from happening? Raxis’ Matt Dunn explains.
    Read More
  • Scottie in 2004 on Navarre Beach in the wake of the Hurricane Ivan
    Hurricane Ida: Limiting the Damage

    By

    Scottie Cole
    Lead penetration tester Scottie Cole is a Gulf Coast resident and former first responder. Read his tips for avoiding hackers and scams that can be as costly as a natural disaster.
    Read More
  • PRTG Network Monitor Stored Cross-Site Scripting Vulnerability (CVE-2021-29643)
    PRTG Network Monitor Stored Cross-Site Scripting Vulnerability (CVE-2021-29643)

    By

    Raxis Research Team
    Raxis lead penetration tester Matt Dunn uncovers a new vulnerability in the PRTG Network Monitor (CVE-2021-29643). Read more here.
    Read More
  • Screaming person with smartphone
    Don’t Take the Smishbait

    By

    Bonnie Smyre
    Unwanted text messages are annoying, but some also hide malicious links. Here are some ways to avoid being “smished.”
    Read More
  • JavaScript Execution to Display User's Cookie in an Alert Box
    ManageEngine Applications Manager Stored Cross-Site Scripting Vulnerability (CVE-2021-31813)

    By

    Raxis Research Team
    Raxis’ Matt Dunn has discovered another ManangeEngine cross-site scripting (XSS) vulnerability, this time in the Applications Manager product (CVE-2021-31813).
    Read More
  • Two people at laptops sending data at each other
    Why Mutual Assured Destruction is an Incomplete Cyber Defense Strategy

    By

    Bonnie Smyre
    Is the threat of full-scale retaliation enough to prevent large-scale cyberattacks? Raxis’ Bonnie Smyre explains why this Cold War strategy is not effective.
    Read More
  • .be .wa .re .sc .am .me .rs
    A High-Tech Take on an Old-Time Scam

    By

    Brian Tant
    Don’t fall prey to scammers trying to convince you that your domain name is about to be stolen by an overseas company.
    Read More
  • SonicWall
    SonicWall Patches Three Zero-Day Vulnerabilities

    By

    Raxis Research Team
    Cybersecurity company SonicWall has released patches for three zero-day vulnerabilities that are currently being exploited.
    Read More
  • Emblem of the Foreign Intelligence Service of the Russian Federation
    NSA, FBI, CISA Statement on Russian SVR Activity

    By

    Raxis Research Team
    The US government is warning businesses to beware of vulnerabilities being exploited by the Russian Foreign Intelligence Service (SVR RF). But that’s not the only group taking advantage. Here’s what you should do.
    Read More