Exploiting GraphQL for Penetration Testing
Exploiting GraphQL, a query language inspired by the structure & functionality of online data storage & collaboration platforms Meta, Instagram & Google Sheets.
-
-
Log4j: How to Exploit and Test this Critical Vulnerability on Penetration Tests
Raxis demonstrates how to obtain a remote shell on a target system during penetration tests using a Log4j open-source exploit available to all. (CVE-2021-44228)
-
CVE-2022-35739: PRTG Network Monitor Cascading Style Sheets (CSS) Injection
This CSS vulnerability, discovered by Raxis’ Matt Mathur, lies in a device’s properties and how they are verified and displayed within PRTG Network Monitor.
-
Why Mutual Assured Destruction is an Incomplete Cyber Defense Strategy
Is the threat of full-scale retaliation enough to prevent large-scale cyberattacks? Raxis’ Bonnie Smyre explains why this Cold War strategy is not effective.
-
LDAP Passback and Why We Harp on Passwords
LDAP passback exploits are easy when companies fail to change default passwords on network devices or fail to assign a password at all. If you connect it, you must protect it.
-
SonicWall Patches Three Zero-Day Vulnerabilities
Cybersecurity company SonicWall has released patches for three zero-day vulnerabilities that are currently being exploited.
-
IKE VPNs Supporting Aggressive Mode
In this post we’ll look at why IKE VPNs with Aggressive Mode enabled continue to be a vulnerability, how it can be exploited, and how to mitigate this risk.
-
Ransomware – What you can do to avoid being a victim
Raxis VP of Business Development Brad Herring discusses ways to protect your company from ransomware and how to be prepared in the event an attack occurs against your company.
