Latest updates, tools and ideas from our internal research
Java JNDI Offensive
JNDI Mind Tricks
More shells in Java based applications through ROGUE JNDI NG
Frederic Linn
Keycloak OAuth CVE CVE-2023-0264
Vulnerability Spotlight: CVE-2023-0264
Details for an user impersonation vulnerability within Keycloak
Timo Müller
deserialization Java JDBC Connection pools
Look Mama, no TemplatesImpl
Exploiting deserialization vulnerabilities in Java 17 and beyond, using JDBC connections
Hans-Martin Münch
Penetration test PHP Laravel CMS
Exploiting Laravel based applications with leaked APP_KEYs and Queues
So you got access to a Laravel .env file, now what?
.NET Penetration test CVE-2021-23758
Vulnerability Spotlight: RCE in Ajax.NET Professional
Vulnerability / exploitation details for CVE-2021-23758
Java JNDI deserialization CVE-2021-44228
Vulnerability notes: Log4Shell
Everything you should know about the Log4Shell vulnerability (CVE-2021-44228)
Java RMI JMX CodeQL
Vulnerability digging with CodeQL
Using CodeQL based variant analysis to find vulnerabilties
Timo Müller, Hans-Martin Münch
Penetration-test RCCMD
Exploiting insecure RCCMD installations
Owning systems through remote control software
Java RMI deserialization Gadgets
An Trinhs RMI Registry Bypass
A closer look at the RMI Registry whitelist bypass gadget from An Trinhs Blackhat Europe 2019 presentation
SNMP Linux penetration-test privilege-escalation
(Ab)using Linux SNMP for RCE
How to use a SNMP write community to gain (remote) code execution as root on Linux systems
Hans-Martin Münch, Timo Müller
Java RMI JMX deserialization
Attacking RMI based JMX services
An attack primer on how to hack into RMI based JMX services
Java RMI deserialization bsides
Attacking Java RMI services after JEP 290
An attack primer on how to attack Java RMI services using Java deserialization
mobile iOS Penetration-test
Repacking iOS applications
A quick and easy guide for binary patching and repacking iOS apps during security audits
Java Offensive Debugging
jarjarbigs
Merge jar files to simplify remote debugging of closed source java applications
vulnerability spotlight exploit development oxid PHP
Vulnerability spotlight: CVE-2016-5072
Analysis of a vulnerability in the open source shop system OXID
Vulnerability research dotCMS Java
Static JWT signing Key in dotCMS
Please let me sign that for you
bsides CANAPE workshop
CANAPE workshop slides
Slides and examples from our CANAPE workshop at BSides Munich 2018.