The Amazon Scam (COVID-19)
Lately, I have received more phishing emails in my burner (test) email that are related to Amazon than ever before. This probably due to the influx of online shopping driven […]
Blog
How to Prepare for an API Pentest – Postman
This is one part of a series of posts on how to prepare your API for a pentest. Other posts are located here: Insomnia. Similar to web applications, web APIs […]
Simple Security Fails (part 5) – Basic Authentication
For those not yet familiar with the Simple Security Fails series – previous posts are located here: part 1, part 2, part 3, part 4 Lately I have tested a […]
How To Prepare for an API Pentest – Insomnia
This is one part of a series of posts on how to prepare your API for a pentest. Check back in the near future for additional content. Similar to web […]
Alternative Execution: A Macro Saga (part 6)
Over the past five blogs (part 1, part 2, part 3, part 4, part 5) we’ve covered utilizing event handlers for ActiveX controls to obtain code execution in Office documents, […]
White Oak Has a New Website!
White Oak Security has a new website!
Alternative Execution: A Macro Saga (part 5)
Thanks for returning to the series! Over the last few posts we discussed making use events from the InkPicture, Windows Media Player, and System Monitor controls to obtain macro execution, […]
Accessibility Within Application Security Tools
Before we get into the nuts and bolts of this post, I need to provide a little background. The COVID-19 pandemic has brought a number of changes to our day […]
Alternative Execution: A Macro Saga (part 4)
Thanks for returning to the “Alternative Execution: A Macro Saga” series! ( Here’s part 1, part 2, and part 3) It’s been a busy past few months, and I had […]
Simple Security Fails (part 4) – Extraneous Server Content
Welcome back! We hope you’re enjoying our series on Simple Security Fails. If not, or if you have any topics that you’re interested in learning more about, hit us up! […]