How to Create an AD Test Environment to Use for Penetration Testing
Andrew Trexler walks us through creating a simple AD test environment to test new hacks before trying them on a penetration test.
Discover the Art of Penetration Testing
The Exploit is Raxis’ cybersecurity blog where penetration testers and red team experts share real-world insights, attack techniques, and strategies to strengthen defenses against evolving threats. We feature expert advice, detailed breakdowns of exploits, and practical guidance to help organizations understand and respond to today’s most pressing security challenges.
Raxis in the Classroom: Giving Back by Looking Forward
Raxis in the Classroom: Ed Ozols, a cybersecurity teacher at Putnam County High School invited Raxis’ Brice Jager to speak to his students about pentesting.
Exploiting GraphQL for Penetration Testing
Exploiting GraphQL, a query language inspired by the structure & functionality of online data storage & collaboration platforms Meta, Instagram & Google Sheets.
Brice Jager, Lead Penetration Tester
Brice Jager, a lead penetration tester at Raxis whose career ranges from health care, to health care technology, and now to penetration testing.
Log4j: How to Exploit and Test this Critical Vulnerability on Penetration Tests
Raxis demonstrates how to obtain a remote shell on a target system during penetration tests using a Log4j open-source exploit available to all. (CVE-2021-44228)
RAXIS THREAT ALERT: VULNERABILITY IN OPENSSL v3.0.x
In the cyberworld, news of a critical vulnerability affecting OpenSSL versions 3.0 – 3.0.6 will likely be the scariest part of Halloween ’22.
CVE-2022-35739: PRTG Network Monitor Cascading Style Sheets (CSS) Injection
This CSS vulnerability, discovered by Raxis’ Matt Mathur, lies in a device’s properties and how they are verified and displayed within PRTG Network Monitor.
What to Expect with a Raxis Wireless Penetration Test
Wireless attacks are typically low-risk, high-reward opportunities that don’t often require direct interaction. See more about a wireless penetration test.
5 Things You Should (and Shouldn’t) Take Away from the Starlink Hack
The hack of SpaceX’s Starlink shouldn’t distract security pros from the terrestrial threats that are much more likely and far more common.
CVE-2022-26653 & CVE-2022-26777: ManageEngine Remote Access Plus Guest User Insecure Direct Object References
Raxis lead penetration tester Matt Dunn uncovers two more ManageEngine vulnerabilities (CVE-2022-26653 & CVE-2022-26777).
Blog Categories
- AI
- Careers
- Choosing a Penetration Testing Company
- Exploits
- How To
- In The News
- Injection Attacks
- Just For Fun
- Meet Our Team
- Mobile Apps
- Networks
- Password Cracking
- Patching
- Penetration Testing
- Phishing
- PTaaS
- Raxis In The Community
- Red Team
- Security Recommendations
- Social Engineering
- Tips For Everyone
- Web Apps
- What People Are Saying
- Wireless