Welcome to a new installment of Unauthenticated! One of my goals with this series is to drive home the point that authentication (with properly implemented access controls) is essential to […]
White Oak Security recently performed a red team engagement for a client where we discovered subsidiaries owned by their parent company (which we were testing against). All of these subsidiaries […]
In this edition of Bypassing Defenses, we’ll highlight how we were able to bypass the Endpoint Detection and Response (EDR) solution Symantec Endpoint Protection on a recent Red Team engagement, […]
GitHub Cave Of Wonders – Part 1 begins to dive into secrets management & how data repositories are a treasure trove for malicious threats. Read White Oak’s blog
Bypassing defenses with Cylance during a White Oak Security’s red team engagement to extract domain admin credentials from LSASS leads to a HUGE compromise.
Ever get a weird scam email and wonder why? Here is a White Oak Security blog about phishing attacks, a modest investigation into a few phishing emails we got.
Skim Job is White Oak Security’s RFID skimmer project, discover how we did this social engineering RFID security attack of skimming our way into client buildings.
This blog post will walk through utilizing publicly available exploit code to compromise a network through Zerologon.
In this blog series, we will be performing a walkthrough of interesting domain takeovers that have occurred during pentest engagements. The first part of this series occurred rather recently during […]
So You Want a Red Team: The Primer In my former life, I was a member of an institutional Red Team at a Fortune 500 organization with several colleagues and […]