Offensive security, written by the people who live it.
-
Cool Tools: Bloodhound CE
By Andrew Trexler BloodHound’s Community Edition has everything a penetration tester needs to enumerate relationships in a domain in order to gain more access, even Domain Admin. June 2, 2026 -
CVE-2026-36748: XSS in Rock RMS Leads to Privilege Escalation
By Jason Taylor Raxis Lead Pentester Jason Taylor recently discovered CVE-2026-36748, a high-risk XSS vulnerability in Rock RMS that allows privilege escalation to admin. June 1, 2026 -
Defense in Depth Against Linux Kernel Privilege Escalation: A Practical Guide for Container Workloads
By Ryan Chaplin With current local privilege escalation exploits like Copy Fail and Dirty Frag active in the wild, harden your defenses to halt attacks even before patching. May 26, 2026 -
Cool Tools: NetExec (NXC) Fundamentals
By Scottie Cole Now that CrackMapExec is no more, how is a pentester to rapidly test credentials, enumerate assets, spray passwords, and more? Learn the basics of NetExec here. May 19, 2026 -
Critical Buffer Overflow Vulnerability in Palo Alto Networks PAN-OS Software
By Andrew Trexler CVE-2026-0300 is a critical buffer overflow vulnerability in Palo Alto’s PAN-OS software. Discover if you are affected and what to do now. May 13, 2026 -
Copy Fail – Local Linux Privilege Escalation in 4 lines
By Jason Taylor CVE-2026-31431, dubbed Copy Fail, allows privilege escalation to root on Linux distros missing the latest kernel patches. Learn what to do in this blog. May 8, 2026 -
Bypassing ChatGPT’s Open-Source Model Security Restrictions for Agentic Hacking
By Ryan Chaplin Ryan Chaplin wondered what it would take to bypass ChatGPT’s open-source model security restrictions to allow AI to hack his website. See how he did it here. May 5, 2026 -
No Malware Required
By Brian Tant The March 2026 attack on Stryker Corporation was not Malware and did not make Ransomware demands. Instead it used compromised credentials to disrupt business. May 1, 2026 -
Cool Tools Series: SCP
By Nathan Anderson Raxis Lead Penetration Tester Nathan Anderson continues our Cool Tool Series with SCP for data exfiltration on internal network pentests and red teams. April 21, 2026 -
Deepfakes: The Face on Your Screen Might Not Be Real
By Scottie Cole Phishing and other social engineering techniques have crossed a threshold with deepfake attacks. Scottie Cole discusses how to protect your organization. April 17, 2026
About The Exploit Blog
The Exploit is written by Raxis penetration testers. Every post is a technical writeup from someone who runs engagements for a living, with code, command output, and the reasoning behind each step. Topics include exploit research, vulnerability disclosure, tool development, and the offensive techniques showing up in current client work.
Search The Exploit Blog
Raxis Discovered Vulnerabilities
View the CVEs and bugs that Raxis pentesters have uncovered and submitted.
Tested by the People Who Wrote This Blog Post
The engineers behind these posts run real engagements every week. Put them on your network, web apps, APIs, or cloud and see what an attacker would find first.
Blog Categories
- AI
- Careers
- Choosing a Penetration Testing Company
- Exploits
- How To
- In The News
- Injection Attacks
- Just For Fun
- Meet Our Team
- Mobile Apps
- Networks
- Password Cracking
- Patching
- Penetration Testing
- Phishing
- PTaaS
- Raxis Discovered Vulnerabilities
- Raxis In The Community
- Red Team
- Security Recommendations
- Social Engineering
- Tips For Everyone
- Web Apps
- What People Are Saying
- Wireless
