What’s In A Social Engineering Toolkit?
One of the many services that White Oak Security offers is Onsite Social Engineering. As a pentester, I have performed 50+ physical onsite social engineering engagements over my professional career […]
Blog
Active Directory Security
AD Hardening For penetration testers who do many internal network penetration tests, the process tends to follow a familiar rhythm: Default Active Directory and Windows OS settings often lead to […]
Gophish Setup – Part 1
Welcome to the first of a series of posts diving into the functionality and usage of the tool – Gophish. This tool allows users to quickly deploy phishing engagements or […]
5 Useful & Free Burp Suite Plugins
At White Oak Security, we do a variety of engagement types. Previously, we’ve written several posts on some of the tools we use, including Burp Suite. To take full advantage […]
Unauthenticated: Docker Edition
Welcome to a new installment of Unauthenticated! One of my goals with this series is to drive home the point that authentication (with properly implemented access controls) is essential to […]
Attacks & Defenses: Dumping LSASS With No Mimikatz
Mimikatz Mimikatz (1) is a big-name tool in penetration testing used to dump credentials from memory on Windows. As a penetration tester, this method is invaluable for lateral and vertical […]
STEM Methodology Process
Our STEM Methodology process is White Oak Security’s unique, 3 phrase approach to personalized penetration & cyber security testing. Learn why White Oak uses…
Take Over Situations: Part 3 – SQL Injection to Domain Admin
White Oak Security recently performed a red team engagement for a client where we discovered subsidiaries owned by their parent company (which we were testing against). All of these subsidiaries […]
Bypassing Defenses: Symantec Endpoint Protection
In this edition of Bypassing Defenses, we’ll highlight how we were able to bypass the Endpoint Detection and Response (EDR) solution Symantec Endpoint Protection on a recent Red Team engagement, […]
Types Of Security Testing: Scans, Assessments, Pentests
Learn about different types of security testing, like the differences between Scans vs Vulnerability Assessment vs Penetration Testing with White Oak’s experts.