Skip to content
Raxis
  • Home
  • Services
      Core Services
    • Raxis Red Team
    • AI Augmented Penetration Testing
    • Penetration Testing as a Service (PTaaS)
    • Elite Cybersecurity Services
    • Raxis listed as a Sample Vendor for Penetration Testing as a Service in two Gartner® Hype Cycle™, 2024 reports
      • Penetration Testing
    • Penetration Testing Services
    • Web Application Penetration Testing
    • API Security
    • Salesforce Applications
    • Internal Networks, Cloud, and VPC
    • External Networks and Internet
    • Wireless Networks
    • Mobile Applications
      • CyberSecurity Services
    • Compliance: PCI, HIPAA, GLBA, and more
    • Attack Surface Management
    • Breach and Attack Simulation
    • Cybersecurity Code Review
    • Cybersecurity Red Team
    • Phishing and Spear Phishing
    • Social Engineering
  • Industries
      Critical Infrastructure
    • Energy
    • Communications
    • Transportation
    • Water
      • Compliance Driven
    • Credit Card Industry (PCI)
    • Education
    • Finance and Banking
    • GLBA Safeguards Rule
    • Government Agencies
    • Healthcare (HIPAA)
    • Manufacturing
    • SOC 2
      • Technology
    • Technology and Software Development
    • Blockchain and Cryptocurrency
    • Media and Entertainment
    • Social Media
  • Resources
      Company Information
    • About Raxis
    • Careers
    • Meet Our Team
    • Signup for Raxis News
      • Resources
    • The Exploit Blog
    • Become a Raxis Partner
    • Certifications
    • Raxis One
    • Transporter Remote Pentesting
      • About Ethical Hacking
    • An Inside Look at a Raxis Red Team
    • Red, Blue, and Purple Teams
    • Penetration Test Glossary
    • What is a Penetration Test?
    • What is Web Application Penetration Testing?
  • The Exploit Blog
  • About Us
Contact Raxis Login
Raxis
Contact RaxisIcon Link to Contact Raxis
  • Home
  • Services
      Core Services
    • Raxis Red Team
    • AI Augmented Penetration Testing
    • Penetration Testing as a Service (PTaaS)
    • Elite Cybersecurity Services
    • Raxis listed as a Sample Vendor for Penetration Testing as a Service in two Gartner® Hype Cycle™, 2024 reports
      • Penetration Testing
    • Penetration Testing Services
    • Web Application Penetration Testing
    • API Security
    • Salesforce Applications
    • Internal Networks, Cloud, and VPC
    • External Networks and Internet
    • Wireless Networks
    • Mobile Applications
      • CyberSecurity Services
    • Compliance: PCI, HIPAA, GLBA, and more
    • Attack Surface Management
    • Breach and Attack Simulation
    • Cybersecurity Code Review
    • Cybersecurity Red Team
    • Phishing and Spear Phishing
    • Social Engineering
  • Industries
      Critical Infrastructure
    • Energy
    • Communications
    • Transportation
    • Water
      • Compliance Driven
    • Credit Card Industry (PCI)
    • Education
    • Finance and Banking
    • GLBA Safeguards Rule
    • Government Agencies
    • Healthcare (HIPAA)
    • Manufacturing
    • SOC 2
      • Technology
    • Technology and Software Development
    • Blockchain and Cryptocurrency
    • Media and Entertainment
    • Social Media
  • Resources
      Company Information
    • About Raxis
    • Careers
    • Meet Our Team
    • Signup for Raxis News
      • Resources
    • The Exploit Blog
    • Become a Raxis Partner
    • Certifications
    • Raxis One
    • Transporter Remote Pentesting
      • About Ethical Hacking
    • An Inside Look at a Raxis Red Team
    • Red, Blue, and Purple Teams
    • Penetration Test Glossary
    • What is a Penetration Test?
    • What is Web Application Penetration Testing?
  • The Exploit Blog
  • About Us

The Exploit

Raxis Cybersecurity Insights From The Frontlines

  • Accepting Penetration Test Risks & How Compensating Controls Can Help
    Penetration Testing | Security Recommendations

    Accepting Penetration Test Risks & How Compensating Controls Can Help

    ByTim Semchenko December 17, 2024

    Tim Semchenko discusses documenting acceptance of risks and implementing compensating controls as options when pentest findings cannot be fixed immediately.

    Read More Accepting Penetration Test Risks & How Compensating Controls Can HelpContinue

  • OPENSSL v3.0.x: Critical Threat Alert
    Exploits

    RAXIS THREAT ALERT: VULNERABILITY IN OPENSSL v3.0.x

    ByBrad Herring October 31, 2022

    In the cyberworld, news of a critical vulnerability affecting OpenSSL versions 3.0 – 3.0.6 will likely be the scariest part of Halloween ’22.

    Read More RAXIS THREAT ALERT: VULNERABILITY IN OPENSSL v3.0.xContinue

  • CVE-2022-35739: PRTG Network Monitor Cascading Style Sheets (CSS) Injection
    Exploits

    CVE-2022-35739: PRTG Network Monitor Cascading Style Sheets (CSS) Injection

    ByRaxis Research Team October 21, 2022July 28, 2025

    This CSS vulnerability, discovered by Raxis’ Matt Mathur, lies in a device’s properties and how they are verified and displayed within PRTG Network Monitor.

    Read More CVE-2022-35739: PRTG Network Monitor Cascading Style Sheets (CSS) InjectionContinue

  • CVE-2022-26653 & CVE-2022-26777: ManageEngine Remote Access Plus Guest User Insecure Direct Object References
    Exploits

    CVE-2022-26653 & CVE-2022-26777: ManageEngine Remote Access Plus Guest User Insecure Direct Object References

    ByRaxis Research Team July 21, 2022July 28, 2025

    Raxis lead penetration tester Matt Dunn uncovers two more ManageEngine vulnerabilities (CVE-2022-26653 & CVE-2022-26777).

    Read More CVE-2022-26653 & CVE-2022-26777: ManageEngine Remote Access Plus Guest User Insecure Direct Object ReferencesContinue

  • CVE-2022-25245: ManageEngine Asset Explorer Information Leakage
    Exploits

    CVE-2022-25245: ManageEngine Asset Explorer Information Leakage

    ByRaxis Research Team June 7, 2022September 5, 2025

    Raxis lead penetration tester Matt Dunn discovers an information leakage vulnerability in ManageEngine’s Asset Explorer CVE-2022-25245

    Read More CVE-2022-25245: ManageEngine Asset Explorer Information LeakageContinue

  • CVE-2022-24681: ManageEngine AD SelfService Plus Stored Cross-Site Scripting (XSS)
    Exploits

    CVE-2022-24681: ManageEngine AD SelfService Plus Stored Cross-Site Scripting (XSS)

    ByRaxis Research Team May 17, 2022July 28, 2025

    Raxis’ Matt Dunn continues his prolific discovery of new CSS CVEs. This one affects ManageEngine AD SelfService Plus Stored Cross-Site Scripting.

    Read More CVE-2022-24681: ManageEngine AD SelfService Plus Stored Cross-Site Scripting (XSS)Continue

  • Web App Testing: Part Two
    Web Apps

    What is Web App Pentesting? (Part Two)

    ByRaxis Research Team March 4, 2022August 22, 2025

    Lead penetration tester Matt Dunn continues his discussion about web application testing. In Part Two, Matt explains testing as an authenticated user vs. as an unauthenticated user.

    Read More What is Web App Pentesting? (Part Two)Continue

  • Penetration Testing Types
    How To | Penetration Testing

    How to Hire a Penetration Testing Firm – Part 1

    ByBonnie Smyre February 25, 2022July 28, 2025

    Raxis’ COO Bonnie Smyre offers some helpful hints about how to start the process of hiring a penetration testing company.

    Read More How to Hire a Penetration Testing Firm – Part 1Continue

  • Web App Testing: Part One
    Web Apps

    What is Web Application Penetration Testing?

    ByRaxis Research Team February 18, 2022June 3, 2025

    Learn how Raxis approaches web application testing and how it differs from network penetration testing. Lead penetration tester Matt Dunn explains in this post.

    Read More What is Web Application Penetration Testing?Continue

  • Metaverse
    Tips For Everyone

    Entering the Metaverse: You are the Real Commodity

    ByMark Puckett December 21, 2021

    Raxis’ CEO Mark Puckett explains why we might not wake up in the metaverse tomorrow, but why we should be prepared as we move toward an even more digitized reality.

    Read More Entering the Metaverse: You are the Real CommodityContinue

  • Metasploit Module: Azure AD Login Scanner
    How To | Security Recommendations

    New Metasploit Module for Penetration Testing: Azure AD Login Scanner

    ByRaxis Research Team November 23, 2021June 16, 2025

    Raxis’ Matt Dunn has published another Metasploit module, this one describing a vulnerability in Azure’s Active Directory Seamless Single Sign-on. Learn more here.

    Read More New Metasploit Module for Penetration Testing: Azure AD Login ScannerContinue

  • Cross-Site Scripting: Filter Evasion & Sideloading Payloads
    Exploits | How To

    Cross-Site Scripting (XSS): Filter Evasion and Sideloading

    ByRaxis Research Team November 12, 2021June 3, 2025

    In this second in a series, learn how to perform Cross-Site Scripting (XSS) attacks such as filter evasion and sideloading content.

    Read More Cross-Site Scripting (XSS): Filter Evasion and SideloadingContinue

Page navigation

1 2 3 Next PageNext

2870 Peachtree Road
Suite #915-8924
Atlanta, GA 30305 USA

Contact us online

About Raxis

  • About Raxis
  • Careers
  • Terms and Conditions
  • Privacy Policy
  • Partners, Apply Here

Resources

  • The Exploit
  • Transporter Remote Penetration Testing
  • Penetration Test Glossary
  • What is a Penetration Test?
Facebook X Instagram Linkedin YouTube