Skip to content
Red Timmy Security

Red Timmy Security

Infosec decrypted

  • Home
  • Courses
    • Practical Web Application Hacking – Basic
    • Practical Web Application Hacking – Advanced
    • Hacking Java Web and Client Apps
    • Learning Crypto by defeating Crypto
  • Blog
  • About
  • Contact

Blog archive

  • Home
  • Blog archive
  • IoT/ICS Armageddon: hacking devices like there’s no tomorrow (part 1)
  • Challenges in the always moving cloud
  • The thin line between the cloud provider and the customer applications
  • When a Denial of Service matters: fighting with risk assessment guys
  • Bug bounty failure stories to learn from: how we ended up to hack a bank with no reward
  • Snooping on proprietary protocols with Frida
  • Fortinet SIEM vulnerability allows us to get RCE on internet exposed hosts
  • Critical Information Disclosure on WP Courses plugin exposes private course videos and materials [CVE-2020-26876]
  • Pulse Secure Windows Client <9.1.6 (CVE-2020-13162) - exploit
  • A Tale of Escaping a Hardened Docker container
  • Pulse Secure Client for Windows <9.1.6 TOCTOU Privilege Escalation (CVE-2020-13162)
  • How to hack a company by circumventing its WAF for fun and profit – part 3
  • Apache Tomcat RCE by deserialization (CVE-2020-9484) – write-up and exploit
  • Speeding up your penetration tests with the Jok3r framework – Review
  • Exploiting JD bugs in crypto contexts to achieve RCE and tampering with Java applets
  • How to hack a company by circumventing its WAF for fun and profit – part 2
  • Cloud pentesting in Azure: one access key to rule them all
  • Hacking the Oce Colorwave printer: when a quick security assessment determines the success of a Red Team exercise.
  • Richsploit: One tool to exploit all versions of RichFaces ever released
  • Blue Team vs Red Team: how to run your encrypted ELF binary in memory and go undetected
  • Interactive modification of Java Serialized Objects with SerialTweaker
  • How to hack a company by circumventing its WAF through the abuse of a different security appliance and win bug bounties
  • Remote Java classpath enumeration with EnumJavaLibs
  • Privilege Escalation via HP xglance using perf-exploiter
  • Jenkins Groovy scripts for Red Teamers and Penetration Testers
  • OAMBuster – Multithreaded exploit for CVE-2018-2879
  • JMX RMI – Multiple Applications (RCE)
  • Introducing shredpaper.py – Exploit for FlexPaper PHP Publish Service <= 2.3.6 (RCE)
  • FlexPaper <= 2.3.6 RCE

Become a Java hacking expert!

Our updated course Hacking Java Web and Client Applications is now available as virtual course.

Learn everything about Java deserialization attacks, advanced Burp tricks, crypto exploitation and more.

Latest Blog Posts

  • IoT/ICS Armageddon: hacking devices like there’s no tomorrow (part 1)
  • Challenges in the always moving cloud
  • The thin line between the cloud provider and the customer applications
  • When a Denial of Service matters: fighting with risk assessment guys
  • Bug bounty failure stories to learn from: how we ended up to hack a bank with no reward
  • Snooping on proprietary protocols with Frida
  • Fortinet SIEM vulnerability allows us to get RCE on internet exposed hosts
  • Critical Information Disclosure on WP Courses plugin exposes private course videos and materials [CVE-2020-26876]
  • Pulse Secure Windows Client <9.1.6 (CVE-2020-13162) - exploit
  • A Tale of Escaping a Hardened Docker container

Blog archive

See all posts

About This Site

This may be a good place to introduce yourself and your site or include some credits.

Our Courses

  • Practical Web Application Hacking – Basic
  • Practical Web Application Hacking – Advanced
  • Hacking Java Web and Client Apps (online)
  • Learning Crypto by defeating Crypto

Find Us

Address
123 Main Street
New York, NY 10001

Hours
Monday—Friday: 9:00AM–5:00PM
Saturday & Sunday: 11:00AM–3:00PM

Follow us

  • Twitter

Contact us

  • Contact form
  • Email

Blog categories

  • Binary exploitation
  • Bug Bounty
  • Cloud
  • Courses
  • Crypto
  • Docker
  • Java Hacking
  • Privilege Escalation
  • Red Teaming
  • Reverse engineering
  • Web Application Hacking

Read our Blog

  • IoT/ICS Armageddon: hacking devices like there’s no tomorrow (part 1)
  • Challenges in the always moving cloud
  • The thin line between the cloud provider and the customer applications
  • When a Denial of Service matters: fighting with risk assessment guys
  • Bug bounty failure stories to learn from: how we ended up to hack a bank with no reward