Blog posts by Timo Müller

15 Jul 2024 | 2 min read

Pentaho DI Authenticated Remote Code Execution

12 Apr 2024 | 2 min read

DataHub GMS Privilege Escalation through User Signup

12 Mar 2024 | 2 min read

Keycloak Device Grant Spoofing

19 Apr 2023 | 10 min read

Vulnerability Spotlight: CVE-2023-0264

Details for an user impersonation vulnerability within Keycloak

Keycloak OAuth CVE CVE-2023-0264 Penetration test

26 Aug 2022 | 17 min read

Exploiting Laravel based applications with leaked APP_KEYs and Queues

So you got access to a Laravel .env file, now what?

Penetration test PHP Laravel CMS CVE-2018-15133

13 Sep 2021 | 13 min read

Vulnerability digging with CodeQL

Using CodeQL based variant analysis to find vulnerabilties

Java RMI JMX CodeQL

30 Oct 2019 | 7 min read

(Ab)using Linux SNMP for RCE

How to use a SNMP write community to gain (remote) code execution as root on Linux systems

SNMP Linux penetration-test privilege-escalation

2 Jul 2018 | 7 min read

Static JWT signing Key in dotCMS

Please let me sign that for you

Vulnerability research dotCMS Java