This article is a follow-up to Unauthenticated: Jenkins Edition where we discussed the dangers of unauthenticated access to the /script and /credentials pages of Jenkins systems. This article will focus […]
Modifying Compiled Java Executables By Editing Bytecode This post will cover the basics of Java Bytecode editing, which allows you to take a compiled Java Executable and make modifications to […]
SSRF Attack We recently came across a privilege escalation attack avenue during a web application / thick client penetration test. In this blog post, I will be talking about a […]
Welcome to another installment of Unauthenticated! In this post, we will look at a recent web application penetration test where an XML external entity (XXE) expansion vulnerability was exploited without […]
Brett uncovers an insecure password reset during a pentest, this post will go through the password reset functionality, what went wrong, & how to fix this issue.
Discover how to use, configure, & install one of White Oak Security’s penentration testers, Brett DeWall’s favorite (& free) pentesting tools, TestSSL.sh.
Part 2 on dockerizing a web testing environment and crafting custom wordlists by White Oak Security, continue this how-to blog series & learn from our experts.
Discover White Oak Security’s how to blog series part one on dockerizing a web testing environment, a safe way for pentesters to learn & test new things!
Don’t believe everything you see! Invisible or hidden data in web application pentesting could be revealing details like SSNs, like in this example by White Oak.
What separates a tool from a tester? Read White Oak Security’s blog about pentesting web apps efficiently through Burp Suite Config Library with scan profiles.