CentreStack Disclosure
White Oak Security discovered an instance of Gladinet’s CentreStack server which was vulnerable to an authentication bypass and an arbitrary file upload resulting in remote code execution. This issue has […]
White Oak Security discovered an instance of Gladinet’s CentreStack server which was vulnerable to an authentication bypass and an arbitrary file upload resulting in remote code execution. This issue has […]
WELCOME TO THE FANCLUB! Part 1 of the Flipper Fanclub Series will be going over the Flipper Zero tool. We will discuss what it is, how to use it (from […]
On a recent Red Team engagement, White Oak Security had compromised a domain and dumped the Active Directory user password hashes. We attempted to pivot into another domain using shared […]
Phishing Leadership Thanks for returning for part 2 of Phishing For Success! If you missed Phishing For Success – Part 1, be sure to catch up. 😜🎣 Newer to White Oak […]
Leadership In Cyber Security Hi folks, I am a Senior Threat Emulation Specialist at White Oak Security. The majority of my time in cyber security has been focused heavily on […]
Knock, knock! Who’s there? Boo! Boo who? It’s Boo language, the spooky dead language that you may not have heard about. It is a language for .Net with a clean […]
This series of blog posts was sparked from a recent internal discussion and is really just to learn how penetration testing individuals “got their start” or became interested with security, […]
Credential Access Without Mimikatz On a recent engagement, a client implemented multiple EDR solutions to prevent common ways of obtaining credentials either through Mimikatz or various LSASS memory dumping methods. […]
Cobalt Strike OpSec & Other Misadventures of Pentesting I’m old enough to know better. Since 2004 I’ve been in various offensive roles in infosec, so OpSec isn’t a new thing […]
Finding A Shell In Your Fishbowl White Oak Security discovered an instance of Fishbowl Inventory that was vulnerable to a Java deserialization vulnerability, resulting in unauthenticated remote code execution. This […]