Bug Bounty Frustrations
Recently, the pentesters here at White Oak Security have run into some common frustrations regarding bug hunting on various platforms. These can be broken down into several categories – communication, […]
Blog
Extensis Portfolio Vulnerability Disclosure
During an external penetration test, White Oak Security discovered an instance of the Extensis Portfolio software which was deployed publicly on the internet with default administrative credentials. Using black-box web […]
Modifying Java By Editing Bytecode
Modifying Compiled Java Executables By Editing Bytecode This post will cover the basics of Java Bytecode editing, which allows you to take a compiled Java Executable and make modifications to […]
Penetration Tester’s Predatory Drive
I’ll preface this article by saying that these are my personal opinions and views on pentesting, which may not align with those of other pentesters and that’s ok. Everyone has […]
Nmap: Host Discovery
This article describes how to enhance the default Nmap host discovery phase to include SYN and ACK probes to ports other than the default 80/tcp and 443/tcp. These techniques can […]
Server-Side Request Forgery Attack & Fix
SSRF Attack We recently came across a privilege escalation attack avenue during a web application / thick client penetration test. In this blog post, I will be talking about a […]
What’s In A Social Engineering Toolkit?
One of the many services that White Oak Security offers is Onsite Social Engineering. As a pentester, I have performed 50+ physical onsite social engineering engagements over my professional career […]
Active Directory Security
AD Hardening For penetration testers who do many internal network penetration tests, the process tends to follow a familiar rhythm: Default Active Directory and Windows OS settings often lead to […]
Gophish Setup – Part 1
Welcome to the first of a series of posts diving into the functionality and usage of the tool – Gophish. This tool allows users to quickly deploy phishing engagements or […]
5 Useful & Free Burp Suite Plugins
At White Oak Security, we do a variety of engagement types. Previously, we’ve written several posts on some of the tools we use, including Burp Suite. To take full advantage […]