Why choose MOGWAI LABS?

MOGWAI LABS is a "no fluff" company. We focus on vulnerabilities that matter, use attack techniques that work, and provide solutions that scale.

We want to support your organization by improving its resilience against technically highly-skilled attackers, transferring our knowledge and experience. If you want to work with a small and agile team of security experts, MOGWAI LABS is the partner of your choice.

Blog and side projects

Latest updates, tools and ideas from our internal research projects.

Vulnerability digging with CodeQL

Using CodeQL based variant analysis to find vulnerabilties


Exploiting insecure RCCMD installations

Owning systems through remote control software


An Trinhs RMI Registry Bypass

A closer look at the RMI Registry whitelist bypass gadget from An Trinhs Blackhat Europe 2019 presentation


(Ab)using Linux SNMP for RCE

How to use a SNMP write community to gain (remote) code execution as root on Linux systems


Attacking RMI based JMX services

An attack primer on how to hack into RMI based JMX services


Attacking Java RMI services after JEP 290

An attack primer on how to attack Java RMI services using Java deserialization