Credential Access Without Mimikatz On a recent engagement, a client implemented multiple EDR solutions to prevent common ways of obtaining credentials either through Mimikatz or various LSASS memory dumping methods. […]
Exploiting GraphQL Batching Attacks Using Turbo Intruder What Are Batching Attacks In GraphQL? GraphQL allows for multiple queries to be sent to the server in one single request in order […]
What Is OSINT? For those who aren’t familiar with the term, OSINT stands for Open Source Intelligence. This refers to the use of data collected from open or publicly available […]
Let’s bypass another REX sensor on a door we don’t have access to! The Bypassing Doors blog series demonstrates easy-to-use tools and techniques that can be utilized to bypass an […]
Physical red team attacks are something we are passionate about at White Oak Security. Ever wonder how we open doors we don’t have access to? The Bypassing Doors blog series […]
AD Hardening For penetration testers who do many internal network penetration tests, the process tends to follow a familiar rhythm: Default Active Directory and Windows OS settings often lead to […]
Welcome to the first of a series of posts diving into the functionality and usage of the tool – Gophish. This tool allows users to quickly deploy phishing engagements or […]
Kurt begins a mobile security framework, or MobSF, overview White Oak Security blog series by getting you started, teaching you the tool’s core features, and more.
Discover how to use, configure, & install one of White Oak Security’s penentration testers, Brett DeWall’s favorite (& free) pentesting tools, TestSSL.sh.
Part 2 on dockerizing a web testing environment and crafting custom wordlists by White Oak Security, continue this how-to blog series & learn from our experts.