Skip to content
Raxis
  • Home
  • Services
      Red Team Penetration Testing
    • Red Team
    • Breach and Attack Simulation
    • Phishing and Spear Phishing
    • Physical Penetration Testing
      • Penetration Testing
    • Penetration Testing Services
    • Raxis Attack: Penetration Testing as a Service
    • Web Application Penetration Testing
    • API Security
    • Salesforce Applications
    • Internal Networks, Cloud, and VPC
    • External Networks and Internet
    • Wireless Networks
    • Mobile Applications
      • Cybersecurity Services
    • Elite Cybersecurity Services
    • Attack Surface Management
    • Cybersecurity Code Review
  • Industries
      Critical Infrastructure
    • Energy
    • Communications
    • Transportation
    • Water
      • Compliance Driven
    • Credit Card Industry (PCI)
    • Healthcare (HIPAA, FDA)
    • SOC 2
    • Education
    • Finance and Banking
    • GLBA Safeguards Rule
    • Government Agencies
    • Manufacturing
      • Technology
    • Technology and Software Development
    • Blockchain and Cryptocurrency
    • Media and Entertainment
    • Social Media
  • Resources
      Company Information
    • About Raxis
    • Become a Raxis Partner
    • Careers
    • Certifications
    • Meet Our Team
    • Signup for Raxis News
      • Resources
    • The Exploit Blog
    • Raxis One
    • Red, Blue, and Purple Teams
    • Penetration Test Glossary
    • Transporter Remote Pentesting
    • What is a Penetration Test?
  • The Exploit Blog
  • About Us
Contact Raxis Login
Raxis
Contact RaxisIcon Link to Contact Raxis
  • Home
  • Services
      Red Team Penetration Testing
    • Red Team
    • Breach and Attack Simulation
    • Phishing and Spear Phishing
    • Physical Penetration Testing
      • Penetration Testing
    • Penetration Testing Services
    • Raxis Attack: Penetration Testing as a Service
    • Web Application Penetration Testing
    • API Security
    • Salesforce Applications
    • Internal Networks, Cloud, and VPC
    • External Networks and Internet
    • Wireless Networks
    • Mobile Applications
      • Cybersecurity Services
    • Elite Cybersecurity Services
    • Attack Surface Management
    • Cybersecurity Code Review
  • Industries
      Critical Infrastructure
    • Energy
    • Communications
    • Transportation
    • Water
      • Compliance Driven
    • Credit Card Industry (PCI)
    • Healthcare (HIPAA, FDA)
    • SOC 2
    • Education
    • Finance and Banking
    • GLBA Safeguards Rule
    • Government Agencies
    • Manufacturing
      • Technology
    • Technology and Software Development
    • Blockchain and Cryptocurrency
    • Media and Entertainment
    • Social Media
  • Resources
      Company Information
    • About Raxis
    • Become a Raxis Partner
    • Careers
    • Certifications
    • Meet Our Team
    • Signup for Raxis News
      • Resources
    • The Exploit Blog
    • Raxis One
    • Red, Blue, and Purple Teams
    • Penetration Test Glossary
    • Transporter Remote Pentesting
    • What is a Penetration Test?
  • The Exploit Blog
  • About Us

Cybersecurity Insights From The Frontlines

  • Exploiting GraphQL
    Exploits | How To

    Exploiting GraphQL for Penetration Testing

    Bybjager March 28, 2023June 16, 2025

    Exploiting GraphQL, a query language inspired by the structure & functionality of online data storage & collaboration platforms Meta, Instagram & Google Sheets.

    Read More Exploiting GraphQL for Penetration TestingContinue

  • Log4 Exploit Walkthrough
    Exploits | How To

    Log4j: How to Exploit and Test this Critical Vulnerability on Penetration Tests

    ByMark Puckett November 18, 2022June 16, 2025

    Raxis demonstrates how to obtain a remote shell on a target system during penetration tests using a Log4j open-source exploit available to all. (CVE-2021-44228)

    Read More Log4j: How to Exploit and Test this Critical Vulnerability on Penetration TestsContinue

  • CVE-2022-35739: PRTG Network Monitor Cascading Style Sheets (CSS) Injection
    Exploits

    CVE-2022-35739: PRTG Network Monitor Cascading Style Sheets (CSS) Injection

    ByRaxis Research Team October 21, 2022July 28, 2025

    This CSS vulnerability, discovered by Raxis’ Matt Mathur, lies in a device’s properties and how they are verified and displayed within PRTG Network Monitor.

    Read More CVE-2022-35739: PRTG Network Monitor Cascading Style Sheets (CSS) InjectionContinue

  • Two people at laptops sending data at each other
    In The News | Security Recommendations

    Why Mutual Assured Destruction is an Incomplete Cyber Defense Strategy

    ByBonnie Smyre May 14, 2021July 28, 2025

    Is the threat of full-scale retaliation enough to prevent large-scale cyberattacks? Raxis’ Bonnie Smyre explains why this Cold War strategy is not effective.

    Read More Why Mutual Assured Destruction is an Incomplete Cyber Defense StrategyContinue

  • LDAP Passback
    Exploits | How To

    LDAP Passback and Why We Harp on Passwords

    ByRaxis Research Team April 30, 2021June 6, 2025

    LDAP passback exploits are easy when companies fail to change default passwords on network devices or fail to assign a password at all. If you connect it, you must protect it.

    Read More LDAP Passback and Why We Harp on PasswordsContinue

Page navigation

1 2 Next PageNext

2870 Peachtree Road
Suite #915-8924
Atlanta, GA 30305 USA

+1 678.421.4544

Contact us online for faster response

About Raxis

  • About Raxis
  • Careers
  • Terms and Conditions
  • Privacy Policy
  • Penetration Testing Partner Program

Resources

  • The Exploit Blog
  • Transporter Remote Penetration Testing
  • Penetration Test Glossary
  • What is a Penetration Test?
Facebook X Instagram Linkedin YouTube