Attacks & Defenses: Dumping LSASS With No Mimikatz
Mimikatz Mimikatz (1) is a big-name tool in penetration testing used to dump credentials from memory on Windows. As a penetration tester, this method is invaluable for lateral and vertical […]
Red Team
Take Over Situations: Part 3 – SQL Injection to Domain Admin
White Oak Security recently performed a red team engagement for a client where we discovered subsidiaries owned by their parent company (which we were testing against). All of these subsidiaries […]
Bypassing Defenses: Symantec Endpoint Protection
In this edition of Bypassing Defenses, we’ll highlight how we were able to bypass the Endpoint Detection and Response (EDR) solution Symantec Endpoint Protection on a recent Red Team engagement, […]
Bypassing Defenses: Cylance
Bypassing defenses with Cylance during a White Oak Security’s red team engagement to extract domain admin credentials from LSASS leads to a HUGE compromise.
Alternative Execution: A Macro Saga (part 7)
Thanks for returning to Alternative Execution: A Macro Saga! This will be the last post in this series (here are the links to part 1, part 2, part 3, part […]
Alternative Execution: A Macro Saga (part 6)
Over the past five blogs (part 1, part 2, part 3, part 4, part 5) we’ve covered utilizing event handlers for ActiveX controls to obtain code execution in Office documents, […]
Alternative Execution: A Macro Saga (part 5)
Thanks for returning to the series! Over the last few posts we discussed making use events from the InkPicture, Windows Media Player, and System Monitor controls to obtain macro execution, […]
Alternative Execution: A Macro Saga (part 4)
Thanks for returning to the “Alternative Execution: A Macro Saga” series! ( Here’s part 1, part 2, and part 3) It’s been a busy past few months, and I had […]
Alternative Execution: A Macro Saga (part 3)
In the last few blogs in this series (part 1 & part 2) we worked through scenarios making use of the ActiveX controls InkPicture and WMPlayer to trigger macro execution. […]
Alternative Execution: A Macro Saga (part 2)
In the previous blog in this series, we worked through a scenario making use of the ActiveX control InkPicture to trigger macro execution. Macro execution utilizing the InkPicture object can […]