Toggle navigation
Cognitous
Thoughtful security, tailored to your needs.
Home
Services
Training
Blog
Research
Contact Us
Research & Development
The following is a list of public security work by Cognitous director
Nicky Bloor
(
@NickstaDB
).
Security Vulnerabilities & Advisories
Adobe:
CVE-2017-11283 and CVE-2017-11284
, remote code execution in Adobe ColdFusion (
technical details
).
Drupal:
SA-CONTRIB-2016-039
, remote code execution in
Coder
third-party module (
Metasploit module
by
Mehmet Ince
,
Nessus plugin
).
Oracle:
CVE-2017-3241
, remote code execution in Java RMI services (
exploit
).
Conference Talks
SteelCon 2017:
Practical Serialization Attacks
(
corresponding blog post
).
BSides Manchester 2017: Practical Serialization Attacks.
BSides Belfast 2017: Practical Serialization Attacks.
44CON 2017:
BaRMIe – Poking Java’s Back Door
.
Published Tools and Exploits
BaRMIe
– Java RMI exploitation tool (
technical details
).
CVE-2016-1542/CVE-2016-1543
BMC Server Automation RSCD remote code execution Metasploit module (
technical details #1
,
technical details #2
).
JMX deserialization exploit
for password-protected JMX services.
WordPress remote code execution exploit
(RCE via auto-update).