Exploiting Oracle Databases With ODAT
ODAT ODAT (Oracle Database Attacking Tool) is “an open source penetration testing tool that tests the security of Oracle Databases remotely” (1). The goal of the tool is to help […]
ODAT ODAT (Oracle Database Attacking Tool) is “an open source penetration testing tool that tests the security of Oracle Databases remotely” (1). The goal of the tool is to help […]
Credential Access Without Mimikatz On a recent engagement, a client implemented multiple EDR solutions to prevent common ways of obtaining credentials either through Mimikatz or various LSASS memory dumping methods. […]
Exploiting GraphQL Batching Attacks Using Turbo Intruder What Are Batching Attacks In GraphQL? GraphQL allows for multiple queries to be sent to the server in one single request in order […]
Microsoft has acknowledged a remote code execution vulnerability, CVE-2022-30190, which is possible in environments where Microsoft Office has been installed and Microsoft Support Diagnostic Tool (MSDT) is present – which […]
Chances are if you’re reading this article, you are in the middle of a penetration test against a fairly large enterprise with some legacy equipment hanging off the network. You’ve […]
Welcome to a new installment of Unauthenticated! One of my goals with this series is to drive home the point that authentication (with properly implemented access controls) is essential to […]