Blog posts by Hans-Martin Münch

10 Jul 2024 | 3 min read

Visual Planning 8 Unauthenticated Remote Code Execution

18 Mar 2024 | 2 min read

Cross Site Scripting (XSS) vulnerability in vis-timeline

18 Mar 2024 | 4 min read

mendelson AS2 Admin Service Unauthenticated Remote Code Execution

18 Mar 2024 | 1 min read

Privilege escalation in Oracle Identity Analytics

18 Mar 2024 | 3 min read

RaspberryMatic Unauthenticated Remote Code Execution

18 Mar 2024 | 3 min read

ruby-mysql / Metasploit Arbitrary File Read

18 Mar 2024 | 2 min read

x2gowebrpc Unauthenticated OS Command Injection

18 Mar 2024 | 1 min read

XML External Entity (XXE) Injection in TwelveMonkeys ImageIO

18 Mar 2024 | 1 min read

ZipSlip vulnerability in elfinder.NetCore

11 Apr 2023 | 12 min read

Look Mama, no TemplatesImpl

Exploiting deserialization vulnerabilities in Java 17 and beyond, using JDBC connections

deserialization Java JDBC Connection pools

18 Jan 2022 | 8 min read

Vulnerability Spotlight: RCE in Ajax.NET Professional

Vulnerability / exploitation details for CVE-2021-23758

.NET Penetration test CVE-2021-23758

10 Dec 2021 | 8 min read

Vulnerability notes: Log4Shell

Everything you should know about the Log4Shell vulnerability (CVE-2021-44228)

Java JNDI deserialization CVE-2021-44228 Penetration test

13 Sep 2021 | 13 min read

Vulnerability digging with CodeQL

Using CodeQL based variant analysis to find vulnerabilties

Java RMI JMX CodeQL

18 Jun 2021 | 8 min read

Exploiting insecure RCCMD installations

Owning systems through remote control software

Penetration-test RCCMD

8 Feb 2020 | 14 min read

An Trinhs RMI Registry Bypass

A closer look at the RMI Registry whitelist bypass gadget from An Trinhs Blackhat Europe 2019 presentation

Java RMI deserialization Gadgets Penetration-test

30 Oct 2019 | 7 min read

(Ab)using Linux SNMP for RCE

How to use a SNMP write community to gain (remote) code execution as root on Linux systems

SNMP Linux penetration-test privilege-escalation

28 Apr 2019 | 17 min read

Attacking RMI based JMX services

An attack primer on how to hack into RMI based JMX services

Java RMI JMX deserialization Penetration test

25 Mar 2019 | 24 min read

Attacking Java RMI services after JEP 290

An attack primer on how to attack Java RMI services using Java deserialization

Java RMI deserialization bsides Penetration test

2 Mar 2019 | 5 min read

Repacking iOS applications

A quick and easy guide for binary patching and repacking iOS apps during security audits

mobile iOS Penetration-test

31 Oct 2018 | 3 min read

jarjarbigs

Merge jar files to simplify remote debugging of closed source java applications

Java Offensive Debugging

13 Jul 2018 | 10 min read

Vulnerability spotlight: CVE-2016-5072

Analysis of a vulnerability in the open source shop system OXID

vulnerability spotlight exploit development oxid PHP logical bug mass assignment

22 Jun 2018 | 1 min read

CANAPE workshop slides

Slides and examples from our CANAPE workshop at BSides Munich 2018.

bsides CANAPE workshop