A primer on how to use Cypher queries within the Neo4j web console to investigate your BloodHound data to go beyond what GUI provides. Read more White Oak Sec..
What separates a tool from a tester? Read White Oak Security’s blog about pentesting web apps efficiently through Burp Suite Config Library with scan profiles.
A pentester at White Oak Security accesses an unauthenticated Jenkins server, an interesting target for attack, with a compromised AWS environment. Learn more…
White Oak Security’s expert pentesters share a tip in their success: learn to code! Whether you’re in cybersecurity or just curious, coding is a valuable skill.
In a previous blog post I talked about downloading, installing, and using the Proxmark3 for social engineering engagements. This post will build off of the content discussed previously and walk […]
It seems like more and more often I get asked what equipment I utilize for performing wireless penetration tests (802.11 wireless networking). In this post I will talk about the […]
This blog post will walk through utilizing publicly available exploit code to compromise a network through Zerologon.
In this blog series coworkers and I will be performing a walkthrough of interesting domain take overs that have occurred during pentest engagements. The first part to this series occurred […]
Thanks for returning to Alternative Execution: A Macro Saga! This will be the last post in this series (here are the links to part 1, part 2, part 3, part […]
Weaponizing CVE-2018-19859 Summary On a recent internal penetration test, White Oak Security discovered an outdated version of OpenRefine which is vulnerable to an unauthenticated Zip Slip attack. The vulnerability was […]