Account Operators Privilege Escalation
On a recent Red Team engagement, White Oak Security had compromised a domain and dumped the Active Directory user password hashes. We attempted to pivot into another domain using shared […]
Defense
Bypassing Doors – Part 4: Compressed Air
Let’s bypass another REX sensor on a door we don’t have access to! The Bypassing Doors blog series demonstrates easy-to-use tools and techniques that can be utilized to bypass an […]
Bypassing Doors – Part 3: REX Sensor
Let’s bypass another door we don’t have access to! The Bypassing Doors blog series demonstrates easy-to-use tools and techniques that can be utilized to bypass an organization’s interior and exterior […]
Bypassing Doors – Part 2: DDT
Wondering how our White Oak Security pentesters open doors they don’t have access to? The Bypassing Doors blog series will demonstrate easy-to-use tools and techniques that can be utilized to […]
Bypassing Doors – Part 1: UTDT
Physical red team attacks are something we are passionate about at White Oak Security. Ever wonder how we open doors we don’t have access to? The Bypassing Doors blog series […]
Bug Bounty Frustrations
Recently, the pentesters here at White Oak Security have run into some common frustrations regarding bug hunting on various platforms. These can be broken down into several categories – communication, […]
Active Directory Security
AD Hardening For penetration testers who do many internal network penetration tests, the process tends to follow a familiar rhythm: Default Active Directory and Windows OS settings often lead to […]
Attacks & Defenses: Dumping LSASS With No Mimikatz
Mimikatz Mimikatz (1) is a big-name tool in penetration testing used to dump credentials from memory on Windows. As a penetration tester, this method is invaluable for lateral and vertical […]
Vehicle Personal Information & Exfiltration
I recently purchased a used vehicle from a local dealership, and so far, so good! My Chevy Cruze works as expected, the tires all are round, and I have not managed […]
The Importance of Egress Filtering
“Egress filtering is the practice of monitoring and potentially restricting the flow of information outbound from one network to another. Typically, it is information from a private TCP/IP computer network […]