CVE-2018-4939 - 10th April 2018

Adobe ColdFusion Unauthenticated RCE

CVE-2017-11284 - 12th September 2017

Adobe ColdFusion Unauthenticated RCE

CVE-2017-11283 - 12th September 2017

Adobe ColdFusion Unauthenticated RCE

CVE-2017-3241 - 17th January 2017

Java RMI Potential Deserialization RCE

SA-CONTRIB-2016-039 - 13th July 2016

Drupal ‘Coder’ Module Unauthenticated RCE

Tools & Exploits

Freddy The (De)serialization Killer

A Burp Suite Pro extension to detect and exploit deserialization vulnerabilities.

Tags: , , , , ,

BMC BladeLogic Server Automation RSCD Exploit

Unauthenticated remote command execution exploit for CVE-2016-1542.

Tags: , , ,

BaRMIe Java RMI Assessment Tool

A tool for enumerating and exploiting Java RMI and JMX services.

Tags: , , , , ,

Talks & Training

Deep Dive into Deserialization -

We delivered a workshop on the latest new entry in the OWASP Top Ten at 44CON 2018.

JavaScript Form Stealer Analysis

Earlier this year Cognitous were contacted by a company to help with a security breach. During our investigation we discovered that some strange JavaScript had been injected into every page of the victim’s website which ultimately enabled the hackers to compromise the company’s Office 365 tenancy.

Continue reading JavaScript Form Stealer Analysis