Unauthenticated: XXE Edition
Welcome to another installment of Unauthenticated! In this post, we will look at a recent web application penetration test where an XML external entity (XXE) expansion vulnerability was exploited without […]
Blog
Bypassing Defenses: Cylance
Bypassing defenses with Cylance during a White Oak Security’s red team engagement to extract domain admin credentials from LSASS leads to a HUGE compromise.
Insecure Password Reset
Brett uncovers an insecure password reset during a pentest, this post will go through the password reset functionality, what went wrong, & how to fix this issue.
Installation & Use Of TestSSL.sh Tool
Discover how to use, configure, & install one of White Oak Security’s penentration testers, Brett DeWall’s favorite (& free) pentesting tools, TestSSL.sh.
Preparing For Ransomware Attacks
The effects of ransomware attacks are no longer limited to large corps, it’s important for the average person to understand & be prepared for ransomware attacks.
Dockerizing A Web Testing Environment: Part 2
Part 2 on dockerizing a web testing environment and crafting custom wordlists by White Oak Security, continue this how-to blog series & learn from our experts.
Dockerizing A Web Testing Environment: Part 1
Discover White Oak Security’s how to blog series part one on dockerizing a web testing environment, a safe way for pentesters to learn & test new things!
Invisible Data in Web App Pentesting – Don’t Believe Everything You See
Don’t believe everything you see! Invisible or hidden data in web application pentesting could be revealing details like SSNs, like in this example by White Oak.
How To Root A Google Pixel 4a
Brett DeWall (one of our pentesters) is back at it again, with White Oak Security’s new blog – a guide on how to root a Google Pixel 4a Smartphone. Learn how…
Healthcare Ransomware Attacks
Our EndPoint & Ransomware Simulation services have a positive impact on White Oak’s clients, learn how they were spared in the Ryuk Ransomware cyber attack.