Hans-Martin Münch

Blogs von Hans-Martin Münch

Geschäftsführer von MOGWAI LABS

| 8 min Lesezeit

Vulnerability Spotlight: RCE in Ajax.NET Professional

Vulnerability / exploitation details for CVE-2021-23758

.NET Penetration test CVE-2021-23758

| 8 min Lesezeit

Vulnerability notes: Log4Shell

Everything you should know about the Log4Shell vulnerability (CVE-2021-44228)

Java JNDI deserialization CVE-2021-44228 pentest

| 13 min Lesezeit

Vulnerability digging with CodeQL

Using CodeQL based variant analysis to find vulnerabilties


| 8 min Lesezeit

Exploiting insecure RCCMD installations

Owning systems through remote control software

penetration-test pentest RCCMD

| 14 min Lesezeit

An Trinhs RMI Registry Bypass

A closer look at the RMI Registry whitelist bypass gadget from An Trinhs Blackhat Europe 2019 presentation

Java RMI deserialization Gadgets pentest penetration-test

| 7 min Lesezeit

(Ab)using Linux SNMP for RCE

How to use a SNMP write community to gain (remote) code execution as root on Linux systems

SNMP Linux penetration-test pentest privilege-escalation

| 16 min Lesezeit

Attacking RMI based JMX services

An attack primer on how to hack into RMI based JMX services

Java RMI JMX deserialization pentest penetration-test

| 24 min Lesezeit

Attacking Java RMI services after JEP 290

An attack primer on how to attack Java RMI services using Java deserialization

Java RMI deserialization bsides pentest

| 5 min Lesezeit

Repacking iOS applications

A quick and easy guide for binary patching and repacking iOS apps during security audits

mobile iOS penetration-test

| 3 min Lesezeit


Merge jar files to simplify remote debugging of closed source java applications

Java Offensive Debugging

| 1 min Lesezeit

CANAPE workshop slides

Slides and examples from our CANAPE workshop at BSides Munich 2018.

bsides CANAPE workshop