Phishing For Success – Part 3 & Autosneakphish Tool
Hi, again folks! Welcome back, I am a Senior Threat Emulation Specialist at White Oak Security. The majority of my time in the Cyber Security field has been focused on […]
Hi, again folks! Welcome back, I am a Senior Threat Emulation Specialist at White Oak Security. The majority of my time in the Cyber Security field has been focused on […]
Your Penetration Testing PARTNER, Not Your Adversary This blog post is intended to help organizations understand the mentality and drivers behind pentesting and to help them recognize that we (pentesters, […]
Red Team Volunteering Experiences From The Collegiate Cyber Defense Competitions This blog post will shed light on the experiences of a few of our White Oak Security penetration testers that […]
Tubular Lock The tubular lock has many different names including: circle pin tumbler lock, radial lock, or ace lock. The tubular lock consists of multiple stacks of pins in a […]
On a recent Red Team engagement, White Oak Security had compromised a domain and dumped the Active Directory user password hashes. We attempted to pivot into another domain using shared […]
Cobalt Strike OpSec & Other Misadventures of Pentesting I’m old enough to know better. Since 2004 I’ve been in various offensive roles in infosec, so OpSec isn’t a new thing […]
MiniDumpDotNet – Part 1 & 2 In MiniDumpDoNet – Part 1, we took a brief look at the MiniDumpWriteDump() Win32 API and considered options for reimplementation for the purposes of […]
MiniDumpWriteDump The Background Story Throughout 2021 a thought had been bouncing around in my head: why hasn’t anyone reimplemented MiniDumpWriteDump? For those who are not yet familiar, the Win32 API […]
Mimikatz Mimikatz (1) is a big-name tool in penetration testing used to dump credentials from memory on Windows. As a penetration tester, this method is invaluable for lateral and vertical […]
White Oak Security recently performed a red team engagement for a client where we discovered subsidiaries owned by their parent company (which we were testing against). All of these subsidiaries […]