Vulnerability Spotlight: CVE-2023-0264

Details for an user impersonation vulnerability within Keycloak

Look Mama, no TemplatesImpl

Exploiting deserialization vulnerabilities in Java 17 and beyond, using JDBC connections

Exploiting Laravel based applications with leaked APP_KEYs and Queues

So you got access to a Laravel .env file, now what?

Vulnerability Spotlight: RCE in Ajax.NET Professional

Vulnerability / exploitation details for CVE-2021-23758

Vulnerability notes: Log4Shell

Everything you should know about the Log4Shell vulnerability (CVE-2021-44228)

Vulnerability digging with CodeQL

Using CodeQL based variant analysis to find vulnerabilties

Exploiting insecure RCCMD installations

Owning systems through remote control software

An Trinhs RMI Registry Bypass

A closer look at the RMI Registry whitelist bypass gadget from An Trinhs Blackhat Europe 2019 presentation

(Ab)using Linux SNMP for RCE

How to use a SNMP write community to gain (remote) code execution as root on Linux systems

Attacking RMI based JMX services

An attack primer on how to hack into RMI based JMX services

Attacking Java RMI services after JEP 290

An attack primer on how to attack Java RMI services using Java deserialization

Repacking iOS applications

A quick and easy guide for binary patching and repacking iOS apps during security audits

jarjarbigs

Merge jar files to simplify remote debugging of closed source java applications

Vulnerability spotlight: CVE-2016-5072

Analysis of a vulnerability in the open source shop system OXID

Static JWT signing Key in dotCMS

Please let me sign that for you

CANAPE workshop slides

Slides and examples from our CANAPE workshop at BSides Munich 2018.