White Oak Security discovered a “Zip Slip” Authenticated Remote Code Execution vulnerability in Frevvo Live Forms (https://www.frevvo.com). Frevvo Live Forms is a workflow automation software used to automate processes and […]
Scenario On a recent web application penetration test, I identified a classic server-side request forgery (SSRF) vulnerability that used a denylist in an attempt to prevent active exploitation. This post […]
On a recent Red Team engagement, White Oak Security had compromised a domain and dumped the Active Directory user password hashes. We attempted to pivot into another domain using shared […]
Cross-Origin Resource Sharing On a recent penetration test, we found an interesting misconfiguration that allowed us to use a CORS attack to steal session tokens directly. This made account compromise […]
White Oak Security Introduces DNSscope Tool White Oak Security’s experts created a tool to make performing deep attack surface analysis and identifying assets quicker – introducing DNSscope, a tool for […]
AD Hardening For penetration testers who do many internal network penetration tests, the process tends to follow a familiar rhythm: Default Active Directory and Windows OS settings often lead to […]
Mimikatz Mimikatz (1) is a big-name tool in penetration testing used to dump credentials from memory on Windows. As a penetration tester, this method is invaluable for lateral and vertical […]
