Identifying & Bypassing Responder Detections
It is nearly 2024, and broadcast protocols and lack of SMB signing are still default settings on Microsoft Windows hosts. This means the classic technique of broadcast traffic poisoning to […]
It is nearly 2024, and broadcast protocols and lack of SMB signing are still default settings on Microsoft Windows hosts. This means the classic technique of broadcast traffic poisoning to […]
Bypassing Microsoft Defender For Identity Detections On a few recent internal penetration tests, I found common tools and techniques for Active Directory attacks being detected by Microsoft Defender for Identity […]
White Oak Security discovered a “Zip Slip” Authenticated Remote Code Execution vulnerability in Frevvo Live Forms. Frevvo Live Forms is a workflow automation software used to automate processes and forms. […]
On a recent web application penetration test, I identified a classic server-side request forgery (SSRF) vulnerability that used a Denylist in an attempt to prevent active exploitation. This post details […]
On a recent Red Team engagement, White Oak Security had compromised a domain and dumped the Active Directory user password hashes. We attempted to pivot into another domain using shared […]
Cross-Origin Resource Sharing On a recent penetration test, we found an interesting misconfiguration that allowed us to use a CORS attack to steal session tokens directly. This made account compromise […]
White Oak Security Introduces DNSscope Tool White Oak Security’s experts created a tool to make performing deep attack surface analysis and identifying assets quicker – introducing DNSscope, a tool for […]
AD Hardening For penetration testers who do many internal network penetration tests, the process tends to follow a familiar rhythm: Default Active Directory and Windows OS settings often lead to […]
Mimikatz Mimikatz (1) is a big-name tool in penetration testing used to dump credentials from memory on Windows. As a penetration tester, this method is invaluable for lateral and vertical […]