Posts with tag: Java

| 12 min read

JNDI Mind Tricks

More shells in Java based applications through ROGUE JNDI NG

Java JNDI Offensive

| 12 min read

Look Mama, no TemplatesImpl

Exploiting deserialization vulnerabilities in Java 17 and beyond, using JDBC connections

deserialization Java JDBC Connection pools

| 8 min read

Vulnerability notes: Log4Shell

Everything you should know about the Log4Shell vulnerability (CVE-2021-44228)

Java JNDI deserialization CVE-2021-44228 Penetration test

| 13 min read

Vulnerability digging with CodeQL

Using CodeQL based variant analysis to find vulnerabilties

Java RMI JMX CodeQL

| 14 min read

An Trinhs RMI Registry Bypass

A closer look at the RMI Registry whitelist bypass gadget from An Trinhs Blackhat Europe 2019 presentation

Java RMI deserialization Gadgets Penetration-test

| 17 min read

Attacking RMI based JMX services

An attack primer on how to hack into RMI based JMX services

Java RMI JMX deserialization Penetration test

| 24 min read

Attacking Java RMI services after JEP 290

An attack primer on how to attack Java RMI services using Java deserialization

Java RMI deserialization bsides Penetration test

| 3 min read

jarjarbigs

Merge jar files to simplify remote debugging of closed source java applications

Java Offensive Debugging

| 7 min read

Static JWT signing Key in dotCMS

Please let me sign that for you

Vulnerability research dotCMS Java