AD Series: Resource Based Constrained Delegation (RBCD) Exploits
AD Series: Resource Based Constrained Delegation (RBCD)

Learn to exploit msDS-AllowedToActOnBehalfOfOtherIdentitity to gain administrative access in a Resource Based Constrained Delegation (RBCD)

Raxis Red Team
An Inside Look at a Raxis Red Team

Ever wonder what a Raxis Red Team is really like? Check out this short video[…]

AD Series: Active Directory Certificate Services (ADCS) Exploits Using NTLMRelayx.py
AD Series: Active Directory Certificate Services (ADCS) Exploits Using NTLMRelayx.py

Raxis lead penetration tester Andrew Trexler comes back to Active Directory Certificate Services (ADCS) exploits,[…]

Active Directory Certificate Services (ADCS) Misconfiguration Exploits
AD Series: Active Directory Certificate Services (ADCS) Misconfiguration Exploits

Raxis lead penetration tester Andrew Trexler walks us through several attacks on misconfigured Active Directory[…]

Broadcast Attacks - Responder
AD Series: How to Perform Broadcast Attacks Using NTLMRelayx, MiTM6 and Responder

Raxis lead penetration tester Andrew Trexler walks us through several broadcast attacks using NTLMRelayx, MiTM6,[…]

How to Create an Active Directory Test Environment
How to Create an AD Test Environment

This post will show you how to setup a simple Active Directory (AD) test environment.[…]

Exploiting GraphQL
Exploiting GraphQL

This post will show you how to take advantage of some weak spots in GraphQL.

Log4 Exploit Walkthrough
Log4j: How to Exploit and Test this Critical Vulnerability

In this article, Raxis’ CEO Mark Puckett describes how penetration testers and ethical hackers can[…]

OPENSSL v3.0.x: Critical Threat Alert
RAXIS THREAT ALERT: VULNERABILITY IN OPENSSL v3.0.x

In the cyberworld, news of a critical vulnerability affecting OpenSSL versions 3.0 – 3.0.6 will[…]

CVE-2022-35739: PRTG Network Monitor Cascading Style Sheets (CSS) Injection
CVE-2022-35739: PRTG Network Monitor Cascading Style Sheets (CSS) Injection

This CSS vulnerability, discovered by Raxis lead penetration tester Matt Mathur, lies in a device’s[…]

CVE-2022-26653 & CVE-2022-26777: ManageEngine Remote Access Plus Guest User Insecure Direct Object References
CVE-2022-26653 & CVE-2022-26777: ManageEngine Remote Access Plus Guest User Insecure Direct Object References

Raxis lead penetration tester Matt Dunn uncovers two more ManageEngine vulnerabilities (CVE-2022-26653 & CVE-2022-26777).

CVE-2022-25373: ManageEngine Support Center Plus Stored Cross-Site Scripting (XSS)
CVE-2022-25373: ManageEngine Support Center Plus Stored Cross-Site Scripting (XSS)

Matt Dunn discovers another ManageEngine vulnerability, this one in the Support Center Plus application.