Cypher Query Primer for BloodHound
A primer on how to use Cypher queries within the Neo4j web console to investigate your BloodHound data to go beyond what GUI provides. Read more White Oak Sec..
Blog
Web App Pentesting With Burp Suite Scan Profiles
What separates a tool from a tester? Read White Oak Security’s blog about pentesting web apps efficiently through Burp Suite Config Library with scan profiles.
Unauthenticated: Jenkins Edition
A pentester at White Oak Security accesses an unauthenticated Jenkins server, an interesting target for attack, with a compromised AWS environment. Learn more…
Success In Pentesting: Learn To Code
White Oak Security’s expert pentesters share a tip in their success: learn to code! Whether you’re in cybersecurity or just curious, coding is a valuable skill.
RFID – A Social Engineers Best Friend – part 2 (Bruteforce)
In a previous blog post I talked about downloading, installing, and using the Proxmark3 for social engineering engagements. This post will build off of the content discussed previously and walk […]
Let’s Talk Wireless Pentesting Equipment
It seems like more and more often I get asked what equipment I utilize for performing wireless penetration tests (802.11 wireless networking). In this post I will talk about the […]
Interesting Take Over Situations (part 2 – Zerologon)
This blog post will walk through utilizing publicly available exploit code to compromise a network through Zerologon.
Interesting Take Over Situations (part 1)
In this blog series coworkers and I will be performing a walkthrough of interesting domain take overs that have occurred during pentest engagements. The first part to this series occurred […]
Alternative Execution: A Macro Saga (part 7)
Thanks for returning to Alternative Execution: A Macro Saga! This will be the last post in this series (here are the links to part 1, part 2, part 3, part […]
Zip Slip to Reverse Shell in OpenRefine
Weaponizing CVE-2018-19859 Summary On a recent internal penetration test, White Oak Security discovered an outdated version of OpenRefine which is vulnerable to an unauthenticated Zip Slip attack. The vulnerability was […]