How I Got Free Propane (Lock Picking) & YOU Can Too!
Lock Picking Guide To Propane Cage Locks Howdy folks! This blog post will be a quick explanation of how lock picking can improve your everyday life. I will give a […]
Lock Picking Guide To Propane Cage Locks Howdy folks! This blog post will be a quick explanation of how lock picking can improve your everyday life. I will give a […]
When I first came to White Oak Security, I was presented with a unique opportunity to do some training for threat hunting assessments. Prior to that point, I had some […]
MiniDumpDotNet – Part 1 & 2 In MiniDumpDoNet – Part 1, we took a brief look at the MiniDumpWriteDump() Win32 API and considered options for reimplementation for the purposes of […]
MiniDumpWriteDump The Background Story Throughout 2021 a thought had been bouncing around in my head: why hasn’t anyone reimplemented MiniDumpWriteDump? For those who are not yet familiar, the Win32 API […]
Mimikatz Mimikatz (1) is a big-name tool in penetration testing used to dump credentials from memory on Windows. As a penetration tester, this method is invaluable for lateral and vertical […]
White Oak Security recently performed a red team engagement for a client where we discovered subsidiaries owned by their parent company (which we were testing against). All of these subsidiaries […]
Welcome to another installment of Unauthenticated! In this post, we will look at a recent web application penetration test where an XML external entity (XXE) expansion vulnerability was exploited without […]
Bypassing defenses with Cylance during a White Oak Security’s red team engagement to extract domain admin credentials from LSASS leads to a HUGE compromise.
Welcome to the last post in the Alternative Execution Macro Saga series (part 1 – InkPicture, part 2 – WMP, part 3 – Performance Monitor, part 4 – Disable Macros, […]
Over the past five blogs (part 1, part 2, part 3, part 4, part 5) of the Alternative Execution Macro Saga, we’ve covered utilizing event handlers for ActiveX controls to obtain code execution in […]