28 Feb 2025 | 17 min read
c3p0, you little rascal
The c3p0 library provides many useful exploitation primitives, deserving more attention
deserialization Java JNDI JSON
18 Dec 2024 | 12 min read
JNDI Mind Tricks
More shells in Java based applications through ROGUE JNDI NG
Java JNDI Offensive
10 Dec 2021 | 8 min read
Vulnerability notes: Log4Shell
Everything you should know about the Log4Shell vulnerability (CVE-2021-44228)
Java JNDI deserialization CVE-2021-44228 Penetration test