Twitter | Search | |
Search Refresh
Ajin Abraham 9 Feb 17
Just wrote a new blog on Exploiting Node.js deserialization bug for Remote Code Execution
Reply Retweet Like
Soroush Dalili 2 Aug 18
A new blog post: RCE using ASPNET resource files and deserialization + Attacking insecure file uploaders on IIS using .RESX or .RESOURCES files:
Reply Retweet Like
NCC Group plc Aug 23
In this blog post, shows abuse of XAMLX file capabilities to run commands on a server when such files can be uploaded within an IIS application.
Reply Retweet Like
Semmle Sep 3
. takes a deep dive into past Android vulnerabilities that exploited C++ pointers wrapped inside Java objects
Reply Retweet Like
Antonio Sanso 11 Nov 15
gist of the vulnerability taken directly from presentation /(no Proxy used)
Reply Retweet Like
x30r #NoWhere Aug 17
Resharing my writeup on exploiting nodejs deserialization vulnerability.
Reply Retweet Like
Aleksei Tiurin 19 Jun 18
Result of my research about current situation with vulns in /
Reply Retweet Like
Otto Ebeling 7 Jul 17
Exploiting a deserialization vuln despite a broken class loader in Apache Shiro
Reply Retweet Like
Black Flag Security 18 Sep 17
Reply Retweet Like
Apostolos Giannakidis Apr 16
The Oracle is out! 19 different products were patched against the popular, 3-year-old, vulnerability CVE-2016-1000031, a Java vulnerability caused by the Apache Commons FileUpload dependency.
Reply Retweet Like
OWASP Juice Shop 3 Jan 18
Hi! Actually, since v6.2.0 the only 2017 risk missing is and by lucky coincidence is working on that () right now! Input on how to make it exploitable w/o risking *really dangerous* RCEs is highly appreciated!
Reply Retweet Like
DeepSec Conference 13 Oct 16
2016 Talk: Vulnerabilities - The Forgotten Bug Class - Matthias Kaiser: …
Reply Retweet Like
Sam Stepanyan 7 Nov 18
Apache - Another Remote Code Execution () vulnerability discovered, in commons-fileupload library - do not become "the next Equifax" - patch immediately! -2016-1000031
Reply Retweet Like
Apostolos Giannakidis 5 Nov 18
Why are vulnerabilities so popular? What is actually causing vulnerabilities? Read my thoughts here:
Reply Retweet Like
C# Corner 27 Jun 16
Reply Retweet Like
GoSecure Jul 3
How many attack vectors can get you arbitrary code execution on modern Java applications? Here are four found by in different libraries.
Reply Retweet Like
Waratek May 29
Java Deserialization Vulnerability in WebSphere Application Server customers are protected. Contact us for help with and Protection
Reply Retweet Like
Abhay Bhargav 5 Sep 18
Adding some brand new material on and different approaches to protect against flaws, with top10 for my class . Register now if you haven’t already. It’s going to be a lot of fun :)
Reply Retweet Like
Bertrand Delacretaz 19 Nov 15
My contribution to Apache Commons was accepted, ValidatingObjectInputStream for controlled
Reply Retweet Like
GoSecure 5 Apr 16
Reply Retweet Like