Unauthenticated: Jenkins Edition
A pentester at White Oak Security accesses an unauthenticated Jenkins server, an interesting target for attack, with a compromised AWS environment. Learn more…
Tactical Insights
RFID – A Social Engineers Best Friend – part 2 (Bruteforce)
In a previous blog post I talked about downloading, installing, and using the Proxmark3 for social engineering engagements. This post will build off of the content discussed previously and walk […]
Let’s Talk Wireless Pentesting Equipment
It seems like more and more often I get asked what equipment I utilize for performing wireless penetration tests (802.11 wireless networking). In this post I will talk about the […]
Interesting Take Over Situations (part 2 – Zerologon)
This blog post will walk through utilizing publicly available exploit code to compromise a network through Zerologon.
Interesting Take Over Situations (part 1)
In this blog series coworkers and I will be performing a walkthrough of interesting domain take overs that have occurred during pentest engagements. The first part to this series occurred […]
Alternative Execution: A Macro Saga (part 7)
Thanks for returning to Alternative Execution: A Macro Saga! This will be the last post in this series (here are the links to part 1, part 2, part 3, part […]
Zip Slip to Reverse Shell in OpenRefine
Weaponizing CVE-2018-19859 Summary On a recent internal penetration test, White Oak Security discovered an outdated version of OpenRefine which is vulnerable to an unauthenticated Zip Slip attack. The vulnerability was […]
How To Prepare for an API Pentest – Curl
This is one part of a series of posts on how to prepare your API for a pentest. The first post was focused on Insomnia. The second was focused on […]
Enhance, Enhance, Enhance…
Modifying Security Focus With Bloodhound Prerequisite viewing: Let’s Enhance At a very basic level, Active Directory authenticates and authorizes users and computers in a Windows domain environment. It can also […]
The Amazon Scam (COVID-19)
Lately, I have received more phishing emails in my burner (test) email that are related to Amazon than ever before. This probably due to the influx of online shopping driven […]