Blog and side projects

Latest updates, tools and ideas from our internal research projects

(Ab)using Linux SNMP for RCE

October 2019 | 7 minutes read

How to use a SNMP write community to gain (remote) code execution as root on Linux systems

More

Attacking RMI based JMX services

April 2019 | 16 minutes read

An attack primer on how to hack into RMI based JMX services

More

Attacking Java RMI services after JEP 290

March 2019 | 23 minutes read

An attack primer on how to attack Java RMI services using Java deserialization

More

Repacking iOS applications

March 2019 | 5 minutes read

A quick and easy guide for binary patching and repacking iOS apps during security audits

More

jarjarbigs

October 2018 | 3 minutes read

Merge jar files to simplify remote debugging of closed source java applications

More

Vulnerability spotlight: CVE-2016-5072

July 2018 | 10 minutes read

Analysis of a vulnerability in the open source shop system OXID

More

Static JWT signing Key in dotCMS

July 2018 | 7 minutes read

Please let me sign that for you

More

CANAPE workshop slides

June 2018 | 1 minutes read

Slides and examples from our CANAPE workshop at BSides Munich 2018.

More