ManageEngine Key Manager Plus Cross-Site Scripting Vulnerability (CVE-2021-28382)
Raxis’ Lead Penetration Tester Matt Dunn discovers another cross-site scripting vulnerability in Zoho’s MangeEngine Key Manager Plus (CVE-2021-28382).
Discover the Art of Penetration Testing
The Exploit is Raxis’ cybersecurity blog where penetration testers and red team experts share real-world insights, attack techniques, and strategies to strengthen defenses against evolving threats. We feature expert advice, detailed breakdowns of exploits, and practical guidance to help organizations understand and respond to today’s most pressing security challenges.
Raxis’ Transporter Enables Remote Penetration Testing
Tim Semchenko explains how Raxis Transporter enables our team to conduct internal and wireless penetration tests remotely.
Realistically Assessing the Threat of Clickjacking Today: A Penetration Tester Perspective
Raxis’ Lead Developer Adam Fernandez discusses clickjacking, explaining what it is and why it represents less of a threat now than it once did. Adam also talks about how clickjacking differs from similar attacks.
Cross-Site Scripting Vulnerability in ManageEngine AD Self Service Plus (CVE-2021-27956)
Raxis lead penetration tester Matt Dunn has uncovered a new cross-site scripting vulnerability in Manage Engine AD Self Service Plus (CVE-2021-27956). Find out more here.
Why Mutual Assured Destruction is an Incomplete Cyber Defense Strategy
Is the threat of full-scale retaliation enough to prevent large-scale cyberattacks? Raxis’ Bonnie Smyre explains why this Cold War strategy is not effective.
Phish Like the Pros
Phish attacks are a significant threat to all organizations. In this video Raxis’ Scottie Cole shares tips and tricks for phishing assessments.
LDAP Passback and Why We Harp on Passwords
LDAP passback exploits are easy when companies fail to change default passwords on network devices or fail to assign a password at all. If you connect it, you must protect it.
A High-Tech Take on an Old-Time Scam
Don’t fall prey to scammers trying to convince you that your domain name is about to be stolen by an overseas company.
SonicWall Patches Three Zero-Day Vulnerabilities
Cybersecurity company SonicWall has released patches for three zero-day vulnerabilities that are currently being exploited.
NSA, FBI, CISA Statement on Russian SVR Activity
The US government is warning businesses to beware of vulnerabilities being exploited by the Russian Foreign Intelligence Service (SVR RF). But that’s not the only group taking advantage. Here’s what you should do.
Blog Categories
- AI
- Careers
- Choosing a Penetration Testing Company
- Exploits
- How To
- In The News
- Injection Attacks
- Just For Fun
- Meet Our Team
- Mobile Apps
- Networks
- Password Cracking
- Patching
- Penetration Testing
- Phishing
- PTaaS
- Raxis In The Community
- Red Team
- Security Recommendations
- Social Engineering
- Tips For Everyone
- Web Apps
- What People Are Saying
- Wireless