Posts with tag: deserialization

| 12 min read

Look Mama, no TemplatesImpl

Exploiting deserialization vulnerabilities in Java 17 and beyond, using JDBC connections

deserialization Java JDBC Connection pools

Open blog post

| 8 min read

Vulnerability notes: Log4Shell

Everything you should know about the Log4Shell vulnerability (CVE-2021-44228)

Java JNDI deserialization CVE-2021-44228 Penetration test

Open blog post

| 14 min read

An Trinhs RMI Registry Bypass

A closer look at the RMI Registry whitelist bypass gadget from An Trinhs Blackhat Europe 2019 presentation

Java RMI deserialization Gadgets Penetration-test

Open blog post

| 17 min read

Attacking RMI based JMX services

An attack primer on how to hack into RMI based JMX services

Java RMI JMX deserialization Penetration test

Open blog post

| 24 min read

Attacking Java RMI services after JEP 290

An attack primer on how to attack Java RMI services using Java deserialization

Java RMI deserialization bsides Penetration test

Open blog post