Services

Services Overview
Our team of highly skilled and specialized consultants perform the difficult offensive security tests that go beyond in-house testing.
Learn More

Application Security
Penetration testing of your mobile apps, web apps and thick clients. We also provide API security testing and application security code review.
Infrastructure Security
Identify critical network vulnerabilities through External/Internal Penetration Testing, PCI Penetration Testing, Wireless Penetration Testing, Cloud Security Assessment and Remote Access Penetration Testing.
Adversarial Simulation
Uncover organizational weaknesses through Red Team, Purple Team, Social Engineering, Threat Emulation and Threat Hunting.
Device Security
Identify medical and embedded devices in an IoT-enabled environment and test critical hardware technologies to locate vulnerabilities and security-related issues.
Strategic Services
Utilize the years of experience and deep industry knowledge of our team of security consultants for AppSec Program Management and Developer Security Training.
Cloud Security
Assess and protect your cloud data, applications, and infrastructure in all cloud environments, including AWS, Google Cloud, & Microsoft Azure.
About Us
Blog
Careers
Contact Us

Java

Exploiting Oracle Databases With ODAT

ODAT ODAT (Oracle Database Attacking Tool) is “an open source penetration testing tool that tests the security of Oracle Databases remotely” (1). The goal of the tool is to help […]

Fishbowl Disclosure: CVE-2022-29805

Finding A Shell In Your Fishbowl White Oak Security discovered an instance of Fishbowl Inventory that was vulnerable to a Java deserialization vulnerability, resulting in unauthenticated remote code execution. This […]

Modifying Java By Editing Bytecode

Modifying Compiled Java Executables By Editing Bytecode This post will cover the basics of Java Bytecode editing, which allows you to take a compiled Java Executable and make modifications to […]

Tales From The Red Team: What the Heck is Virgo?

Our Red Team engagements generally start out as technical as possible. We start with OSINT and some light perimeter scanning to identify both human and technical targets, but we only […]