Blog and side projects

Latest updates, tools and ideas from our internal research projects

Attacking RMI based JMX services

April 2019 | 16 minutes read

An attack primer on how to hack into RMI based JMX services


Attacking Java RMI services after JEP 290

March 2019 | 23 minutes read

An attack primer on how to attack Java RMI services using Java deserialization


Repacking iOS applications

March 2019 | 5 minutes read

A quick and easy guide for binary patching and repacking iOS apps during security audits



October 2018 | 3 minutes read

Merge jar files to simplify remote debugging of closed source java applications


Vulnerability spotlight: CVE-2016-5072

July 2018 | 10 minutes read

Analysis of a vulnerability in the open source shop system OXID


Static JWT signing Key in dotCMS

July 2018 | 7 minutes read

Please let me sign that for you


CANAPE workshop slides

June 2018 | 1 minutes read

Slides and examples from our CANAPE workshop at BSides Munich 2018.