How to Prepare for an API Pentest – Postman
This is one part of a series of posts on how to prepare your API for a pentest. Other posts are located here: Insomnia. Similar to web applications, web APIs […]
This is one part of a series of posts on how to prepare your API for a pentest. Other posts are located here: Insomnia. Similar to web applications, web APIs […]
For those not yet familiar with the Simple Security Fails series – previous posts are located here: part 1, part 2, part 3, part 4 Lately I have tested a […]
This is one part of a series of posts on how to prepare your API for a pentest. Check back in the near future for additional content. Similar to web […]
Over the past five blogs (part 1, part 2, part 3, part 4, part 5) of the Alternative Execution Macro Saga, we’ve covered utilizing event handlers for ActiveX controls to obtain code execution in […]
White Oak Security has a new website!
Hello again and thanks for returning to our Alternative Execution Macro Saga series! Over the last few posts, we discussed making use of events from part 1 – InkPicture, part 2 […]
Before we get into the nuts and bolts of this post, I need to provide a little background. The COVID-19 pandemic has brought a number of changes to our day […]
Thanks for returning to the Alternative Execution Macro Saga series! Here are parts 1-3 in case you missed them: part 1, part 2, and part 3. It’s been a busy […]
Welcome back! We hope you’re enjoying our series on Simple Security Fails. If not, or if you have any topics that you’re interested in learning more about, hit us up! […]
This blog post will focus on exploiting exposed Docker daemons. During a recent internal penetration test I discovered an exposed Docker Daemon. By having the daemon exposed outside of the […]