We made a few changes
We’re excited to announce that we’ve launched our new penetration testing services website! We made many improvements to make it easier to interact with Raxis.
-
-
How to Create an AD Test Environment to Use for Penetration Testing
Andrew Trexler walks us through creating a simple AD test environment to test new hacks before trying them on a penetration test.
-
Raxis in the Classroom: Giving Back by Looking Forward
Raxis in the Classroom: Ed Ozols, a cybersecurity teacher at Putnam County High School invited Raxis’ Brice Jager to speak to his students about pentesting.
-
Exploiting GraphQL for Penetration Testing
Exploiting GraphQL, a query language inspired by the structure & functionality of online data storage & collaboration platforms Meta, Instagram & Google Sheets.
-
Brice Jager, Lead Penetration Tester
Brice Jager, a lead penetration tester at Raxis whose career ranges from health care, to health care technology, and now to penetration testing.
-
Log4j: How to Exploit and Test this Critical Vulnerability on Penetration Tests
Raxis demonstrates how to obtain a remote shell on a target system during penetration tests using a Log4j open-source exploit available to all. (CVE-2021-44228)
-
RAXIS THREAT ALERT: VULNERABILITY IN OPENSSL v3.0.x
In the cyberworld, news of a critical vulnerability affecting OpenSSL versions 3.0 – 3.0.6 will likely be the scariest part of Halloween ’22.
-
CVE-2022-35739: PRTG Network Monitor Cascading Style Sheets (CSS) Injection
This CSS vulnerability, discovered by Raxis’ Matt Mathur, lies in a device’s properties and how they are verified and displayed within PRTG Network Monitor.
-
What to Expect with a Raxis Wireless Penetration Test
Wireless attacks are typically low-risk, high-reward opportunities that don’t often require direct interaction. See more about a wireless penetration test.
-
5 Things You Should (and Shouldn’t) Take Away from the Starlink Hack
The hack of SpaceX’s Starlink shouldn’t distract security pros from the terrestrial threats that are much more likely and far more common.
-
CVE-2022-26653 & CVE-2022-26777: ManageEngine Remote Access Plus Guest User Insecure Direct Object References
Raxis lead penetration tester Matt Dunn uncovers two more ManageEngine vulnerabilities (CVE-2022-26653 & CVE-2022-26777).
-
CVE-2022-25373: ManageEngine Support Center Plus Stored Cross-Site Scripting (XSS)
Matt Dunn discovers another ManageEngine Cross-Site Scripting vulnerability, this one in the Support Center Plus application.
