Weaponizing CVE-2018-19859 Summary On a recent internal penetration test, White Oak Security discovered an outdated version of OpenRefine which is vulnerable to an unauthenticated Zip Slip attack. The vulnerability was […]
This is one part of a series of posts on how to prepare your API for a pentest. The first post was focused on Insomnia. The second was focused on […]
Modifying Security Focus With Bloodhound Prerequisite viewing: Let’s Enhance At a very basic level, Active Directory authenticates and authorizes users and computers in a Windows domain environment. It can also […]
Lately, I have received more phishing emails in my burner (test) email that are related to Amazon than ever before. This probably due to the influx of online shopping driven […]
This is one part of a series of posts on how to prepare your API for a pentest. Other posts are located here: Insomnia. Similar to web applications, web APIs […]
For those not yet familiar with the Simple Security Fails series – previous posts are located here: part 1, part 2, part 3, part 4 Lately I have tested a […]
This is one part of a series of posts on how to prepare your API for a pentest. Check back in the near future for additional content. Similar to web […]
Over the past five blogs (part 1, part 2, part 3, part 4, part 5) we’ve covered utilizing event handlers for ActiveX controls to obtain code execution in Office documents, […]
White Oak Security has a new website!
Thanks for returning to the series! Over the last few posts we discussed making use events from the InkPicture, Windows Media Player, and System Monitor controls to obtain macro execution, […]
