Screenshot Tool: Part 6 – Which Tool Is Best?
Comparing Automated HTTP Screenshot Tools At last, the finale! For our last Screenshot Tool blog post, White Oak Security will be putting the top 5 HTTP screenshot tools that are […]
penetration testing
Screenshot Tool: Part 3 – Snapback
Reviewing Automated HTTP Screenshot Tools Welcome back to our Screenshot Tool blog series, where White Oak Security is reviewing some of the top HTTP screenshot tools that are currently available […]
Screenshot Tool: Part 2 – WitnessMe
Reviewing Automated HTTP Screenshot Tools In our Screenshot Tool blog series, White Oak Security is reviewing some of the top HTTP screenshot tools that are currently available for penetration testers […]
Bypassing OpenSSH MaxAuthTries
Chances are if you’re reading this article, you are in the middle of a penetration test against a fairly large enterprise with some legacy equipment hanging off the network. You’ve […]
Bug Bounty Frustrations
Recently, the pentesters here at White Oak Security have run into some common frustrations regarding bug hunting on various platforms. These can be broken down into several categories – communication, […]
Penetration Tester’s Predatory Drive
I’ll preface this article by saying that these are my personal opinions and views on pentesting, which may not align with those of other pentesters and that’s ok. Everyone has […]
Nmap: Host Discovery
This article describes how to enhance the default Nmap host discovery phase to include SYN and ACK probes to ports other than the default 80/tcp and 443/tcp. These techniques can […]
Unauthenticated: Docker Edition
Welcome to a new installment of Unauthenticated! One of my goals with this series is to drive home the point that authentication (with properly implemented access controls) is essential to […]
Take Over Situations: Part 3 – SQL Injection to Domain Admin
White Oak Security recently performed a red team engagement for a client where we discovered subsidiaries owned by their parent company (which we were testing against). All of these subsidiaries […]
Bypassing Defenses: Symantec Endpoint Protection
In this edition of Bypassing Defenses, we’ll highlight how we were able to bypass the Endpoint Detection and Response (EDR) solution Symantec Endpoint Protection on a recent Red Team engagement, […]