Bypassing OpenSSH MaxAuthTries
Chances are if you’re reading this article, you are in the middle of a penetration test against a fairly large enterprise with some legacy equipment hanging off the network. You’ve […]
Blog
Jenkins: Remote Execution Via Malicious Jobs
This article is a follow-up to Unauthenticated: Jenkins Edition where we discussed the dangers of unauthenticated access to the /script and /credentials pages of Jenkins systems. This article will focus […]
Gophish Setup: Gandi – Part 2
Please review our Gophish – Part 1 blog to ensure you are ready to proceed with configuring Gophish with Gandi before proceeding with the following blog post below. In this […]
MiniDumpDotNet: Pure CLR Alt – Part 2
MiniDumpDotNet – Part 1 & 2 In MiniDumpDoNet – Part 1, we took a brief look at the MiniDumpWriteDump() Win32 API and considered options for reimplementation for the purposes of […]
MiniDumpDotNet: MiniDumpWriteDump – Part 1
MiniDumpWriteDump The Background Story Throughout 2021 a thought had been bouncing around in my head: why hasn’t anyone reimplemented MiniDumpWriteDump? For those who are not yet familiar, the Win32 API […]
DNSscope: Tool for Automating DNS Recon
White Oak Security Introduces DNSscope Tool White Oak Security’s experts created a tool to make performing deep attack surface analysis and identifying assets quicker – introducing DNSscope, a tool for […]
Bug Bounty Frustrations
Recently, the pentesters here at White Oak Security have run into some common frustrations regarding bug hunting on various platforms. These can be broken down into several categories – communication, […]
Extensis Portfolio Vulnerability Disclosure
During an external penetration test, White Oak Security discovered an instance of the Extensis Portfolio software which was deployed publicly on the internet with default administrative credentials. Using black-box web […]
Modifying Java By Editing Bytecode
Modifying Compiled Java Executables By Editing Bytecode This post will cover the basics of Java Bytecode editing, which allows you to take a compiled Java Executable and make modifications to […]
Penetration Tester’s Predatory Drive
I’ll preface this article by saying that these are my personal opinions and views on pentesting, which may not align with those of other pentesters and that’s ok. Everyone has […]