Your Boss Wants You to Write Pentest Blog Posts… Now What?
Oh dear, what have I gotten myself into? I recently started at White Oak Security and I’m getting a different set of pentesting experiences under my belt. Life has been […]
Blog
Tales From The Red Team: What the Heck is Virgo?
Our Red Team engagements generally start out as technical as possible. We start with OSINT and some light perimeter scanning to identify both human and technical targets, but we only […]
(Very Simple) Checkout Manipulation Fun with PayPal
Many small businesses (and to be fair, several large businesses as well) use an external vendor to handle their checkout process. There may be many reasons to do so, such […]
Gone in 60 Mobile Apps – part 2
This series of posts is in no way showcases a full penetration test, which does a much deeper dive into an application’s risks and utilizes many more tools and manual […]
BlazeDS Java Object Deserialization Exploit Walkthrough
During a recent internal network penetration test, we saw indications that an Adobe ColdFusion host was vulnerable to the BlazeDS Java Object Deserialization exploit. After performing some research, I couldn’t […]
Christopher Emerson’s Secure360 Presentation
A number of people had asked for a copy of Christopher’s presentation (Anatomy of a Hack) from the 2019 Secure360 Conference, so we’ve uploaded it here. If anyone has questions […]
Red Teaming Guide | Part 1
So You Want a Red Team: The Primer In my former life, I was a member of an institutional Red Team at a Fortune 500 organization with several colleagues and […]
Social Engineers Best Friend – Part 1: Proxmark3 & RFIDs
When performing onsite social engineering engagements for clients, regardless of industry, 95% of the time you will see some sort of technology involving RFID utilized to manage access (interior and […]
Brief CMD+CTRL Cyber Range Review
Secure360 just took place here in Minnesota on May 14th through the 15th. One interesting addition this year I noticed was the Cyber Range Capture The Flag (CTF). At the […]
Password Cracking Rig
In this blog post, we’ll talk about White Oak Security’s password cracking rig. Additionally, we will cover some simple changes that can be implemented into your Active Directory environment, that […]