GoAWSConsoleSpray: Password Spraying Tool
GoAWSConsoleSpray – A Simple AWS Console Password Spraying Tool As part of our Cloud Security Penetration Test service, White Oak Security has observed quite a few different AWS deployments over […]
GoAWSConsoleSpray – A Simple AWS Console Password Spraying Tool As part of our Cloud Security Penetration Test service, White Oak Security has observed quite a few different AWS deployments over […]
In the previous posts, part 1 and part 2, for this blog series we created an environment where we can test directory enumeration tools and adjust rate limiting. Let’s continue […]
Microsoft has acknowledged a remote code execution vulnerability, CVE-2022-30190, which is possible in environments where Microsoft Office has been installed and Microsoft Support Diagnostic Tool (MSDT) is present – which […]
What Is OSINT? For those who aren’t familiar with the term, OSINT stands for Open Source Intelligence. This refers to the use of data collected from open or publicly available […]
Let’s bypass another REX sensor on a door we don’t have access to! The Bypassing Doors blog series demonstrates easy-to-use tools and techniques that can be utilized to bypass an […]
Let’s bypass another door we don’t have access to! The Bypassing Doors blog series demonstrates easy-to-use tools and techniques that can be utilized to bypass an organization’s interior and exterior […]
Wondering how our White Oak Security pentesters open doors they don’t have access to? The Bypassing Doors blog series will demonstrate easy-to-use tools and techniques that can be utilized to […]
Physical red team attacks are something we are passionate about at White Oak Security. Ever wonder how we open doors we don’t have access to? The Bypassing Doors blog series […]
Chances are if you’re reading this article, you are in the middle of a penetration test against a fairly large enterprise with some legacy equipment hanging off the network. You’ve […]
This article is a follow-up to Unauthenticated: Jenkins Edition where we discussed the dangers of unauthenticated access to the /script and /credentials pages of Jenkins systems. This article will focus […]