- Bug bounty failure stories to learn from: how we ended up to hack a bank with no reward
- Snooping on proprietary protocols with Frida
- Fortinet SIEM vulnerability allows us to get RCE on internet exposed hosts
- Critical Information Disclosure on WP Courses plugin exposes private course videos and materials [CVE-2020-26876]
- Pulse Secure Windows Client <9.1.6 (CVE-2020-13162) - exploit
- A Tale of Escaping a Hardened Docker container
- Pulse Secure Client for Windows <9.1.6 TOCTOU Privilege Escalation (CVE-2020-13162)
- How to hack a company by circumventing its WAF for fun and profit – part 3
- Apache Tomcat RCE by deserialization (CVE-2020-9484) – write-up and exploit
- Speeding up your penetration tests with the Jok3r framework – Review
- Exploiting JD bugs in crypto contexts to achieve RCE and tampering with Java applets
- How to hack a company by circumventing its WAF for fun and profit – part 2
- Cloud pentesting in Azure: one access key to rule them all
- Hacking the Oce Colorwave printer: when a quick security assessment determines the success of a Red Team exercise.
- Richsploit: One tool to exploit all versions of RichFaces ever released
- Blue Team vs Red Team: how to run your encrypted ELF binary in memory and go undetected
- Interactive modification of Java Serialized Objects with SerialTweaker
- How to hack a company by circumventing its WAF through the abuse of a different security appliance and win bug bounties
- Remote Java classpath enumeration with EnumJavaLibs
- Privilege Escalation via HP xglance using perf-exploiter
- Jenkins Groovy scripts for Red Teamers and Penetration Testers
- OAMBuster – Multithreaded exploit for CVE-2018-2879
- JMX RMI – Multiple Applications (RCE)
- Introducing shredpaper.py – Exploit for FlexPaper PHP Publish Service <= 2.3.6 (RCE)
- FlexPaper <= 2.3.6 RCE