Tag: Penetration Testing

  • A Note from the Hacker-in-Chief

    A Note from the Hacker-in-Chief

    Raxis is an amazing place to work. 

    As founder and CEO, I say that with a great deal of pride – and only one (very important) qualifier. 

    Raxis is an amazing place to work if you’re the right person for the job.

    Over the past several weeks, you’ve heard from our employees about what makes it special to be part of our team. 

    Throughout this series, they told you what it‘s like to work for Raxis, the skills needed to be a penetration tester, and how communication is key to, not only our success, but also the success of our clients. While I am very proud of what Raxis has done and how good we are at it, I am even more proud of the culture we have created. 

    At Raxis, we truly believe in fostering a culture of education. We take pride in the learning environment we have created and the continued growth of our people. We encourage our employees to constantly expand on their skills and to share as they go — when one learns, we all learn. 

    We also believe in giving our employees the freedom to do their job on their own time. With that freedom, the expectation of results is understood. Our fully remote team is made up of people who don’t need constant supervision and instruction. Instead, our team is driven by their commitment to finding results for our customers. 

    Most importantly, when it comes to fostering the Raxis culture, it comes down to teamwork. Our diverse team is composed of some of the brightest minds in the business all bringing different backgrounds and skillsets. We learn from one another, and by learning and working together, we provide amazing value for our clients. 

    Now, I’ll let you in on a little secret: What makes it special to me is all of them – the world-class team of professionals we’ve assembled. Their intellect, tech skills, experience, and personalities make each day interesting, exciting, and incredibly rewarding.

    Being part of the Raxis team is not an easy job, but it is a fun job. Again, if you’re the right person for it.

    Do you have what it takes to be part of our team? Please make sure to watch all the videos in this series. Honestly assess your ability to thrive in an environment where we value accountability far more than control. Where freedom and flexibility bring out our absolute best work. And where we’re as excited about tomorrow’s challenges as today’s victories. 

    If that sounds like your ideal work environment – and you’ve got the skills to hit the ground running – then let us hear from you.

     

  • A Culture of Freedom with an Expectation of Results

    A Culture of Freedom with an Expectation of Results

    When it comes to choosing a job, there are so many things to consider – benefits, responsibilities, leadership, and of course pay — to name just a few.

    But for many, a company’s culture is near the top of that list. In fact, an Indeed survey found that 72 percent of job seekers say that it is extremely or very important to see details about company culture in job descriptions. The survey also found that 46 percent of job seekers said they would not apply to a job if they did not believe it would be a good culture fit for them. That’s pretty eye opening.

    At Raxis, we look for talented people we know will work well with our unique culture. If you think that makes us very selective when hiring, I’d say that’s accurate. But here’s why: We give our employees a great deal of freedom about when and how to get their jobs done. With a fully remote team, we hire people who don’t need constant supervision and instruction. Instead, they are driven by a powerful desire to get results for our customers, and we hold them accountable for doing just that.

    Not everyone works well in that type of environment — and that’s okay. There are lots of tech jobs with an abundance of structure and routine. But if you’re the type who thrives outside a rigid environment, and you do your best work independently, check out the video below (and others in the series).

    Raxis lead penetration tester Scottie Cole talks about the freedom he has as a Raxis team member and the tremendous responsibility that comes along with it.

    We know how important culture is to prospective employees. It’s just that important to Raxis, too. If you’re a talented cybersecurity pro who values flexibility and is committed to results, you’re the kind of person we want to hear from.

    For more information, check out our careers page and the rest of our website to see what we offer.

    Want to learn more? Take a look at the first part of our Working at Raxis discussion.

  • Change is Growth in the Pen Testing Field

    Change is Growth in the Pen Testing Field

    Ask most of us at Raxis what we do, and we’ll tell you we’re penetration testers or ethical hackers or simply that we work for a cybersecurity company. But if you ask what that means – what we really do on a day-to-day basis – you’ll likely get a variety of fun stories about sneaking into buildings, bluffing our way past security guards, using high-tech equipment and special software to hack into networks . . . you know, the usual things.

    That’s partly because the field of penetration testing requires us to try many different approaches to breach a customer’s defenses, which means the more skillsets we bring to the job, the better our chances. But it’s also because Raxis is a company where those additional talents are rewarded with opportunities to grow.

    In this week’s video, Adam Fernandez explains how his journey at Raxis has taken him from pen tester to his current role as our Lead Developer. 

    Adam is a great example of the unique talent we have at Raxis and the type of multifaceted professionals we look for to join our team. His professional growth is helping our company grow and in turn opening up new opportunities for all of us.

    Are you the kind of person who brings more than one set of skills to the job? Are you looking for a team where flexibility and adaptability are appreciated and rewarded? If so, take a look at the other articles in this series and let us hear from you.

    Want to learn more? Take a look at the next part of our Working at Raxis discussion.

  • Client Success is Raxis’ Success

    Client Success is Raxis’ Success

    At Raxis, we find communication with our clients is one of the most critical and key components of our service. 

    Throughout the penetration testing process we are communicating with our clients through daily updates, at the end we provide not only a debriefing call but also a full report describing what we found, what it means for them, and steps they can take to resolve any issues uncovered throughout the process. 

    In the video above, Raxis Senior Manager of Operations and Customer Delivery Tim Semchenko explains how critical the after-action reporting is for our clients.

    It is undeniable that finding network security vulnerabilities and helping our clients shore up those weak spots is a huge component of what we do. However, the key to a successful engagement between us and the client is all about the communication. Our penetration testers must be able to not only find security flaws but also to accurately communicate these issues with the client as well as detail how to remedy them. 

    We could simply drop a report on your desk showing what we found and what to do to fix it, but that just isn’t who we are. We want our clients to feel that Raxis is a trusted partner who respects them and is there to help them understand every aspect of their report.

    By treating customers like partners, we ensure our success is based on your success. 

    Here are some other posts you might enjoy:

    Want to learn more? Take a look at the next part of our Working at Raxis discussion.

  • What’s it Like to Work at Raxis?

    What’s it Like to Work at Raxis?

    One of the great things about being a penetration tester is explaining what we do to people inside andoutside the world of cybersecurity. Having done this work myself and now managing others, I can’t imagine a more fascinating job. However, I also can’t imagine doing this job for any company other than Raxis.

    That’s because we’ve assembled a team of outstanding professionals with wildly diverse backgrounds that range from film and television to law enforcement to web design to IT administration and software development. We are, of course, expert hackers, but working for Raxis means that we all bring much more to the table.

    Over the next several weeks, we’ll be offering up a series of videos that will show you what our company and our work is truly like. These videos will likely be helpful if you’re interested in penetration as a career. They must-watch material if you want a career at Raxis.

    In addition to an advanced skillset, we expect an incredibly high degree of integrity. The nature of our works means that we only bring on people who have held positions of trust and who have proven themselves worthy of ours. 

    Integrity is essential, but it’s only one part of the larger picture that is culture. Beginning with our founder, we’ve brought on people who work well together, naturally. We have created a culture that places a high value on creative thinking, problem-solving, and above all, teamwork. 

    Please take a look at our inaugural video above. Raxis’ chief technology officer Brian Tant and I will explain how each penetration test demands presents different issues and opportunities. If you think you have what it takes to join our ranks, keep watching in the weeks ahead as other members of the Raxis team discuss different aspects of life in our world.

    Also, keep an eye on our careers page. Occasionally, we have openings for people with the right skills, determination, and attitude to join our team.

    Want to learn more? Take a look at the next part of our Working at Raxis discussion.

  • Three Reasons Why a Penetration Test Won’t Break Your Network

    Three Reasons Why a Penetration Test Won’t Break Your Network

    Myth: A penetration test breaks your network. 

    Reality: A penetration test helps you find vulnerabilities so someone else doesn’t break your network (and your customers’ confidence in you).

    This is actually a common concern we hear from potential customers. Many are worried that a pen test will damage their network by crashing a server, knocking their website offline, causing an eclipse, or maybe releasing a 5G kraken. 

    In the video above I explain how we work with our customers ahead of testing to make them feel at ease and to help them understand that our profession is hacking but that our business is protecting theirs.

    As I explained in the video, our pen testers aim to make as little noise as possible while they’re slinking around in your network. Our whole goal is to get in, and to not get detected or get blocked. Crashing and breaking things is the opposite of that. And we’re simply not going to perform the kind of attacks that cause actual damage.

    The only scary part of our penetration tests are when you realize what might have happened if a hacker found your vulnerabilities before we did. 

    Be sure to also check out this article from Bonnie Smyre: What to Expect When Expecting a (Raxis) Pen Test?

    If you are ready for Raxis’ elite team of professionals to put your security to the test (did we mention they have successfully breached some of the most sophisticated corporate networks in the US?), then reach out to us here.

    Also, if you liked this video, please be sure to subscribe to our YouTube channel for more videos that can help you improve your security posture.

  • AttackTek: How to Launch a Broadcast Resolution Poisoning and SMB Relay Attack

    AttackTek: How to Launch a Broadcast Resolution Poisoning and SMB Relay Attack

    Welcome to our first AttackTek installment, where we’ll go deeper into the tech side of our penetration testing. We’re going to start with a couple of the easiest and most consistent ways we’ve found to get inside corporate networks and gain domain admin rights – sometimes before we finish our coffee on Day 1.

    The first is broadcast name resolution poisoning, known more simply as the broadcast poisoning attack. The second, which we often use in tandem, is the SMB relay attack. 

    For those unfamiliar with these attacks, a broadcast poisoning attack targets users’ credentials as a means to further access corporate networks and data. An SMB relay attack is basically a man-in-the-middle attack in which the malicious actor tries to make the target machine believe that it is the authenticating server.

    These two attack methods work really well together and can be put into motion in a matter of minutes. 

    In this video, I will walk you through an entire attack chain and break down both of these attacks as I’m conducting them.

    Just a friendly heads-up: A lot of the ‘action’ in this video is code on a screen. If you’re a pen tester or a defender, you’ll probably find it very interesting. But if you’re a non-techie and you clicked here after watching your favorite surf video, well . . . enjoy!

    At Raxis, we offer a variety of penetration tests to help you and your company identify vulnerabilities and close the gaps before a cybercriminal finds them. During these tests our team of experienced, professional hackers use every trick in the book – plus some they make up on the fly – to get past your security. 

    If you are ready to explore more penetration testing and assessment options with Raxis, be sure to visit our contact page.

  • Securing the Internet of Things

    Securing the Internet of Things

    The term “Internet of Things” is almost redundant now. If it’s a “thing” that has more than one setting, odds are it is or can be online. Whether or not you need remote access to your toaster oven is a question for another day, but it is an option

    Here’s the problem: As the Raxis team proves on a near-daily basis, anything that’s connected can be hacked. It’s not that someone’s going to overcook your morning bagel as a prank (although that would be a good one). Instead, it’s that uncontrolled access to any device can give a bad guy a way into your network (and maybe all your devices) if you’re not careful.

    The good news is that there are some simple safeguards you can take to protect your smart devices, and our new Securing the Internet of Things series will take you through them.

    Scottie Cole, senior penetration tester, is kicking things off with the quick video above about securing your home thermostat or corporate HVAC system. I encourage you to watch and to follow Scottie’s advice. Better to take a few minutes now than take a big loss later.

    PS – We’ll do a video on protecting your smart toaster . . . as soon as we find someone who owns one.

  • What is Least Privilege Access?

    What is Least Privilege Access?

    This week, we’re continuing to explore some of the most common vulnerabilities the Raxis team has discovered during thousands of penetration tests across the US. In the video above, Brian Tant, our chief technology officer, discusses the principle of ‘least privilege access’ and why it’s an essential component of an overall business cybersecurity strategy.

    Hopefully, you’ve watched the video and have a better understanding about why you should restrict permissions as much as possible and still allow team members to get their jobs done. If you still have questions or want to learn more about protecting your corporate network, please reach out.

    The Raxis team brings years of hacking and penetration testing experience to the table. We can use that experience to improve your skills and make your environment more secure.

    Download our list of Top 10 Cyber Attacks to learn more about ways to secure your company.

    Want to learn more? Take a look at the next part of our Common Vulnerabilities discussion.

  • 3 Steps You Should Take Right Now to Reduce Your Risk of a Cyberattack

    3 Steps You Should Take Right Now to Reduce Your Risk of a Cyberattack

    Hi everybody, it’s Brian with Raxis, back with another video today!

    This is a busy time for us all, with no signs of slowing down. Do you know who else is busy now? Hackers – especially ones that know just how easy it is for thousands of us to forget to update passwords, patch operating systems, and scan for new viruses.

    I get it. Life happens. Seniors are graduating, families are acclimating, dogs are crashing Zoom meetings, and many of us are adjusting to completely new work environments. But if you can remember to lock your doors at home, you can get in the habit of locking out cyber attackers at work.

    Watch the video above for the top 3 things I wish every company would do today to keep out intruders online:

    These steps are the basics that every company should be taking, but, as hackers know all too well, not everyone does. Your company’s security is a 24-hour-a-day responsibility. Make sure your employees and your IT department know how critical it is for everyone to use the tools you already have to stay one step ahead of criminals.

    If this video made you wonder how secure your company’s data is, contact Raxis and learn how our tests can help you assess and improve your cyber defenses. We partner with small- and mid-sized businesses, as well as Fortune 500 companies, to help protect your employees, your data, and your bottom line.

    Follow us on this blog or social media, and we’ll share more ways that hackers can get in — and how we can help you keep them out.

    Download our list of Top 10 Cyber Attacks to learn more about ways to secure your company.

    Want to learn more? Take a look at the next part of our Common Vulnerabilities discussion.

  • Can This Simple Trick Outwit Your Smart Security?

    Can This Simple Trick Outwit Your Smart Security?

    Armed with nothing more than an ordinary can of cool, compressed air, a hacker can gain entry to a key-card-only access facility in just 19 seconds. Skeptical? See for yourself in this video.

    Fortunately, the guy in this video is me. Our company, Raxis, is a team of ethical hackers and penetration testing experts who evaluate and identify solutions that help businesses safeguard their sensitive data, from healthcare to finance to innovative product and app development.  

    Some folks forget that physical security is the first line of defense for a cyberattack.  If someone can get inside your business, they can find your servers, and in seconds they can steal, sell, and destroy data you’ve invested thousands in protecting.  

    Our cybersecurity specialists have studied for years to find hidden, unscrupulous techniques that the world’s most sophisticated hackers use. Solving these puzzles and preventing cyberattacks is what we love to do – but often we find security vulnerabilities long before we get to delve deep.  

    Finding a failure in your company’s security isn’t something to fear; it’s something to fix. And you can only fix something when you know it is broken.  

    Follow us on this blog or social media and we’ll share more ways that hackers can get in — and how we can help you keep them out.