Account Operators Privilege Escalation
On a recent Red Team engagement, White Oak Security had compromised a domain and dumped the Active Directory user password hashes. We attempted to pivot into another domain using shared […]
On a recent Red Team engagement, White Oak Security had compromised a domain and dumped the Active Directory user password hashes. We attempted to pivot into another domain using shared […]
This series of blog posts was sparked from a recent internal discussion and is really just to learn how penetration testing individuals “got their start” or became interested with security, […]
An Intro to Blind XSS & Secure GCP Functions During a recent engagement, I ran across an instance of potential Blind Cross-Site Scripting (XSS) while pentesting a web application. I […]
Burp Suite Macros If you’ve performed web application pentests with Burp Suite for a while, you’ve certainly come across applications that don’t play nicely with Burp Suite’s out-of-the-box scanning. Perhaps […]
Credential Access Without Mimikatz On a recent engagement, a client implemented multiple EDR solutions to prevent common ways of obtaining credentials either through Mimikatz or various LSASS memory dumping methods. […]
Exploiting GraphQL Batching Attacks Using Turbo Intruder What Are Batching Attacks In GraphQL? GraphQL allows for multiple queries to be sent to the server in one single request in order […]
What Is OSINT? For those who aren’t familiar with the term, OSINT stands for Open Source Intelligence. This refers to the use of data collected from open or publicly available […]
Let’s bypass another REX sensor on a door we don’t have access to! The Bypassing Doors blog series demonstrates easy-to-use tools and techniques that can be utilized to bypass an […]
Physical red team attacks are something we are passionate about at White Oak Security. Ever wonder how we open doors we don’t have access to? The Bypassing Doors blog series […]
AD Hardening For penetration testers who do many internal network penetration tests, the process tends to follow a familiar rhythm: Default Active Directory and Windows OS settings often lead to […]