CVE-2018-4939 - 10th April 2018
Adobe ColdFusion Unauthenticated RCE
CVE-2017-11284 - 12th September 2017
Adobe ColdFusion Unauthenticated RCE
CVE-2017-11283 - 12th September 2017
Adobe ColdFusion Unauthenticated RCE
CVE-2017-3241 - 17th January 2017
Java RMI Potential Deserialization RCE
SA-CONTRIB-2016-039 - 13th July 2016
Drupal ‘Coder’ Module Unauthenticated RCE
Freddy The (De)serialization Killer
A Burp Suite Pro extension to detect and exploit deserialization vulnerabilities.
BMC BladeLogic Server Automation RSCD Exploit
Unauthenticated remote command execution exploit for CVE-2016-1542.
BaRMIe Java RMI Assessment Tool
A tool for enumerating and exploiting Java RMI and JMX services.
Deep Dive into Deserialization -
We delivered a workshop on the latest new entry in the OWASP Top Ten at 44CON 2018.
Posted on Tuesday 5th March 2019
Earlier this year Cognitous were contacted by a company to help with a security breach. During our investigation we discovered that some strange JavaScript had been injected into every page of the victim’s website which ultimately enabled the hackers to compromise the company’s Office 365 tenancy.
Continue reading JavaScript Form Stealer Analysis…