Raxis Red Team Services

“Everybody Has a Plan Until They Get Punched in the Face.”
-Mike Tyson

A Game That You Always Win

Email Phishing

We craft custom phishing campaigns tailored to your organization’s unique profile, ensuring maximum effectiveness and relevance. Our targeted approach allows us to focus on specific high-risk roles or conduct company-wide assessments, providing comprehensive insights into your cybersecurity awareness.

Physical Social Engineering

We’re experts at talking our way in, tailgating, and even circumventing digital locks to gain access to your network.

Telephone Social Engineering

Phones are increasingly being used to breach companies, and we will utilize similar tactics to assess the effectiveness of your security training.

Red Team Operations Designed For You


The Digital Shoplifter

Raxis Hack Stories

Our stories are based on real events encountered by Raxis engineers; however, some details have been altered or omitted to protect our customers’ identities.

In a daring demonstration of cybersecurity vulnerabilities, the Raxis Red Team orchestrated a multi-stage attack that exposed critical weaknesses in a major retailer’s digital infrastructure. The operation began with our team targeting the company’s wireless network using the powerful Aircrack-ng suite. This versatile toolkit allowed us to capture the network’s encryption key during a routine handshake process and swiftly crack it using Hashcat’s advanced capabilities.

With network access secured, we obtained local system access and then pivoted to internal systems using CrackMapExec, a potent post-exploitation tool. We discovered a system protected by nothing more than a default password—a digital equivalent of leaving the keys in the ignition. This oversight became our gateway, allowing us to gain local administrator privileges. Using CrackMapExec’s –sam option, we dumped the local SAM hashes, further expanding our access.

Like master locksmiths, we moved from system to system, leveraging our newly acquired local admin rights. Eventually, we obtained a prized domain administrator hash. Overnight, our dedicated team worked tirelessly, using Raxis’ Hashcat multi-GPU system to break this high-value credential. Returning the next day, we validated our newfound domain administrative access, cementing our control over the retailer’s entire digital domain.

The crown jewel of our operation was the discovery of the application and database containing store-branded gift cards and PINs, along with the ability to generate new ones at will. This find not only highlighted the potential for financial exploitation but also underscored the critical importance of robust, multi-layered cybersecurity measures in today’s retail landscape.

Red Teams, Blue Teams, And Purple Teams, oh My!

The cybersecurity field has adopted the terms Red Teams, Blue Teams, and Purple Teams to categorize various methods of evaluating and enhancing an organization’s security. These teams – Red and Blue – and their collaborative efforts – the Purple Team – greatly contribute to the cybersecurity process.