Research - Cognitous Ltd

The following is a list of public security work by Cognitous director Nicky Bloor (@NickstaDB).

Security Vulnerabilities & Advisories

Adobe: CVE-2017-11283 and CVE-2017-11284, remote code execution in Adobe ColdFusion (technical details).
Drupal: SA-CONTRIB-2016-039, remote code execution in Coder third-party module (Metasploit module by Mehmet Ince, Nessus plugin).
Oracle: CVE-2017-3241, remote code execution in Java RMI services (exploit).

Conference Talks

SteelCon 2017: Practical Serialization Attacks (corresponding blog post).
BSides Manchester 2017: Practical Serialization Attacks.
BSides Belfast 2017: Practical Serialization Attacks.
44CON 2017: BaRMIe – Poking Java’s Back Door.

Published Tools and Exploits

BaRMIe – Java RMI exploitation tool (technical details).
CVE-2016-1542/CVE-2016-1543 BMC Server Automation RSCD remote code execution Metasploit module (technical details #1, technical details #2).
JMX deserialization exploit for password-protected JMX services.
WordPress remote code execution exploit (RCE via auto-update).