Credential Access Without Mimikatz On a recent engagement, a client implemented multiple EDR solutions to prevent common ways of obtaining credentials either through Mimikatz or various LSASS memory dumping methods. […]
Cobalt Strike OpSec & Other Misadventures of Pentesting I’m old enough to know better. Since 2004 I’ve been in various offensive roles in infosec, so OpSec isn’t a new thing […]
Finding A Shell In Your Fishbowl White Oak Security discovered an instance of Fishbowl Inventory that was vulnerable to a Java deserialization vulnerability, resulting in unauthenticated remote code execution. This […]
Comparing Automated HTTP Screenshot Tools At last, the finale! For our last Screenshot Tool blog post, White Oak Security will be putting the top 5 HTTP screenshot tools that are […]
Reviewing Automated HTTP Screenshot Tools Welcome back to our Screenshot Tool blog series, where White Oak Security is reviewing some of the top HTTP screenshot tools that are currently available […]
Reviewing Automated HTTP Screenshot Tools In our Screenshot Tool blog series, White Oak Security is reviewing some of the top HTTP screenshot tools that are currently available for penetration testers […]
Chances are if you’re reading this article, you are in the middle of a penetration test against a fairly large enterprise with some legacy equipment hanging off the network. You’ve […]
Recently, the pentesters here at White Oak Security have run into some common frustrations regarding bug hunting on various platforms. These can be broken down into several categories – communication, […]
I’ll preface this article by saying that these are my personal opinions and views on pentesting, which may not align with those of other pentesters and that’s ok. Everyone has […]
This article describes how to enhance the default Nmap host discovery phase to include SYN and ACK probes to ports other than the default 80/tcp and 443/tcp. These techniques can […]
