Skip to content
Raxis
  • Home
  • Services
      Core Services
    • Raxis Red Team
    • AI Augmented Penetration Testing
    • Penetration Testing as a Service (PTaaS)
    • Elite Cybersecurity Services
    • Raxis listed as a Sample Vendor for Penetration Testing as a Service in two Gartner® Hype Cycleâ„¢, 2024 reports
      • Penetration Testing
    • Penetration Testing Services
    • Web Application Penetration Testing
    • API Security
    • Salesforce Applications
    • Internal Networks, Cloud, and VPC
    • External Networks and Internet
    • Wireless Networks
    • Mobile Applications
      • CyberSecurity Services
    • Compliance: PCI, HIPAA, GLBA, and more
    • Attack Surface Management
    • Breach and Attack Simulation
    • Cybersecurity Code Review
    • Cybersecurity Red Team
    • Phishing and Spear Phishing
    • Social Engineering
  • Industries
      Critical Infrastructure
    • Energy
    • Communications
    • Transportation
    • Water
      • Compliance Driven
    • Credit Card Industry (PCI)
    • Education
    • Finance and Banking
    • GLBA Safeguards Rule
    • Government Agencies
    • Healthcare (HIPAA)
    • Manufacturing
    • SOC 2
      • Technology
    • Technology and Software Development
    • Blockchain and Cryptocurrency
    • Media and Entertainment
    • Social Media
  • Resources
      Company Information
    • About Raxis
    • Careers
    • Meet Our Team
    • Signup for Raxis News
      • Resources
    • The Exploit Blog
    • Become a Raxis Partner
    • Certifications
    • Raxis One
    • Transporter Remote Pentesting
      • About Ethical Hacking
    • An Inside Look at a Raxis Red Team
    • Red, Blue, and Purple Teams
    • Penetration Test Glossary
    • What is a Penetration Test?
    • What is Web Application Penetration Testing?
  • The Exploit Blog
  • About Us
Contact Raxis Login
Raxis
Contact RaxisIcon Link to Contact Raxis
  • Home
  • Services
      Core Services
    • Raxis Red Team
    • AI Augmented Penetration Testing
    • Penetration Testing as a Service (PTaaS)
    • Elite Cybersecurity Services
    • Raxis listed as a Sample Vendor for Penetration Testing as a Service in two Gartner® Hype Cycleâ„¢, 2024 reports
      • Penetration Testing
    • Penetration Testing Services
    • Web Application Penetration Testing
    • API Security
    • Salesforce Applications
    • Internal Networks, Cloud, and VPC
    • External Networks and Internet
    • Wireless Networks
    • Mobile Applications
      • CyberSecurity Services
    • Compliance: PCI, HIPAA, GLBA, and more
    • Attack Surface Management
    • Breach and Attack Simulation
    • Cybersecurity Code Review
    • Cybersecurity Red Team
    • Phishing and Spear Phishing
    • Social Engineering
  • Industries
      Critical Infrastructure
    • Energy
    • Communications
    • Transportation
    • Water
      • Compliance Driven
    • Credit Card Industry (PCI)
    • Education
    • Finance and Banking
    • GLBA Safeguards Rule
    • Government Agencies
    • Healthcare (HIPAA)
    • Manufacturing
    • SOC 2
      • Technology
    • Technology and Software Development
    • Blockchain and Cryptocurrency
    • Media and Entertainment
    • Social Media
  • Resources
      Company Information
    • About Raxis
    • Careers
    • Meet Our Team
    • Signup for Raxis News
      • Resources
    • The Exploit Blog
    • Become a Raxis Partner
    • Certifications
    • Raxis One
    • Transporter Remote Pentesting
      • About Ethical Hacking
    • An Inside Look at a Raxis Red Team
    • Red, Blue, and Purple Teams
    • Penetration Test Glossary
    • What is a Penetration Test?
    • What is Web Application Penetration Testing?
  • The Exploit Blog
  • About Us

The Exploit

Raxis Cybersecurity Insights From The Frontlines

  • AD Series: Using Evil-WinRM to Get NTDS Manually
    Exploits | How To

    AD Series: Using Evil-WinRM to Get NTDS Manually in Penetration Tests

    ByAndrew Trexler March 11, 2025August 19, 2025

    Principal Penetration Tester Andrew Trexler’s Active Directory series is back, showing how to use Evil-WinRM to copy NTDS.dit manually in penetration tests.

    Read More AD Series: Using Evil-WinRM to Get NTDS Manually in Penetration TestsContinue

  • AD Series: Resource Based Constrained Delegation (RBCD) Exploits
    Exploits | How To

    AD Series: Resource Based Constrained Delegation (RBCD) for Penetration Testing

    ByAndrew Trexler March 12, 2024June 16, 2025

    Exploit msDS-AllowedToActOnBehalfOfOtherIdentitity to gain administrative access in a Resource Based Constrained Delegation (RBCD) attack on penetration tests.

    Read More AD Series: Resource Based Constrained Delegation (RBCD) for Penetration TestingContinue

  • AD Series: Active Directory Certificate Services (ADCS) Exploits Using NTLMRelayx.py
    Exploits | How To

    AD Series: Active Directory Certificate Services (ADCS) Exploits Using NTLMRelayx.py for Penetration Tests

    ByAndrew Trexler January 23, 2024June 16, 2025

    Andrew Trexler ran into issues with certipy when testing on port 443 and found that NTLMRelayx.py worked better in for those ADCS Exploits on penetration tests.

    Read More AD Series: Active Directory Certificate Services (ADCS) Exploits Using NTLMRelayx.py for Penetration TestsContinue

  • Active Directory Certificate Services (ADCS) Misconfiguration Exploits
    Exploits | How To

    AD Series: Active Directory Certificate Services (ADCS) Misconfiguration Exploits for Penetration Tests

    ByAndrew Trexler August 10, 2023July 28, 2025

    Andrew Trexler adds to his AD series with a tutorial of Active Directory Certificate Services (ADCS) misconfiguration exploits for penetration tests.

    Read More AD Series: Active Directory Certificate Services (ADCS) Misconfiguration Exploits for Penetration TestsContinue

  • Broadcast Attacks - Responder
    Exploits | How To | Password Cracking

    AD Series: How to Perform Broadcast Attacks Using NTLMRelayx, MiTM6 and Responder for Penetration Tests

    ByAndrew Trexler June 19, 2023June 16, 2025

    Andrew Trexler continues his AD Series with an in-depth tutorial on broadcast Attacks using NTLMRelayx, MiTM6 and Responder for penetration tests.

    Read More AD Series: How to Perform Broadcast Attacks Using NTLMRelayx, MiTM6 and Responder for Penetration TestsContinue

  • How to Create an Active Directory Test Environment
    How To | Networks | Password Cracking | Penetration Testing

    How to Create an AD Test Environment to Use for Penetration Testing

    ByAndrew Trexler April 27, 2023June 16, 2025

    Andrew Trexler walks us through creating a simple AD test environment to test new hacks before trying them on a penetration test.

    Read More How to Create an AD Test Environment to Use for Penetration TestingContinue

  • Exploiting Dirty Pipe (CVE-2022-0847)
    Exploits | How To

    Exploiting Dirty Pipe (CVE-2022-0847)

    ByAndrew Trexler May 26, 2022September 5, 2025

    The Dirty Pipe vulnerability (CVE-2022-0847) allows any user to write to read-only files, including files that are owned by root, allowing privilege escalation.

    Read More Exploiting Dirty Pipe (CVE-2022-0847)Continue

  • Offensive Security OSCP
    Careers | How To

    So, You Want to Earn Your OSCP?

    ByAndrew Trexler February 4, 2022June 6, 2025

    What’s it like to earn your OSCP? Raxis senior penetration tester Andrew Trexler talks about his experience preparing for and taking the exam.

    Read More So, You Want to Earn Your OSCP?Continue

  • Andrew Trexler
    Meet Our Team

    Andrew Trexler, Senior Penetration Tester

    ByAndrew Trexler December 3, 2021June 6, 2025

    Senior penetration tester Andrew Trexler has a penchant for breaking in and blowing up. Read on to find out why both are good things.

    Read More Andrew Trexler, Senior Penetration TesterContinue

2870 Peachtree Road
Suite #915-8924
Atlanta, GA 30305 USA

Contact us online

About Raxis

  • About Raxis
  • Careers
  • Terms and Conditions
  • Privacy Policy
  • Partners, Apply Here

Resources

  • The Exploit
  • Transporter Remote Penetration Testing
  • Penetration Test Glossary
  • What is a Penetration Test?
Facebook X Instagram Linkedin YouTube