CentreStack Disclosure
White Oak Security discovered an instance of Gladinet’s CentreStack server which was vulnerable to an authentication bypass and an arbitrary file upload resulting in remote code execution. This issue has […]
Blog
Parsing ScoutSuite Results With jq
Cloud Security Audits Supported by other tools and manual analysis, ScoutSuite provides a solid base to start your Cloud Security audit. Such audits often follow a pattern that is quite […]
Flipper Fanclub: Part 1 – Flipper Zero Pentesting
WELCOME TO THE FANCLUB! Part 1 of the Flipper Fanclub Series will be going over the Flipper Zero tool. We will discuss what it is, how to use it (from […]
How To Pick A Tubular Lock
Tubular Lock The tubular lock has many different names including: circle pin tumbler lock, radial lock, or ace lock. The tubular lock consists of multiple stacks of pins in a […]
Exploiting Oracle Databases With ODAT
ODAT ODAT (Oracle Database Attacking Tool) is “an open source penetration testing tool that tests the security of Oracle Databases remotely” (1). The goal of the tool is to help […]
Account Operators Privilege Escalation
On a recent Red Team engagement, White Oak Security had compromised a domain and dumped the Active Directory user password hashes. We attempted to pivot into another domain using shared […]
Phishing For Success – Part 2
Phishing Leadership Thanks for returning for part 2 of Phishing For Success! If you missed Phishing For Success – Part 1, be sure to catch up. 😜🎣 Newer to White Oak […]
Phishing for Success – Part 1
Leadership In Cyber Security Hi folks, I am a Senior Threat Emulation Specialist at White Oak Security. The majority of my time in cyber security has been focused heavily on […]
Boo Language
Knock, knock! Who’s there? Boo! Boo who? It’s Boo language, the spooky dead language that you may not have heard about. It is a language for .Net with a clean […]
How I Became A Penetration Tester
This series of blog posts was sparked from a recent internal discussion and is really just to learn how penetration testing individuals “got their start” or became interested with security, […]