Latest Posts

Exploring Java deserialization in GitHub

Java Deserialization

22 May 2016

Java deserialization vulnerabilities have become easy to exploit and allow an attacker to remotely compromise a server. How prevalent are these vulnerabilities in open-source projects? This post explores how often Java projects use serialization and walks through exploiting a 0-day vulnerability in Gradle.

Infinite streams and prime numbers

Scala

01 May 2016

Scala Streams are similar to Lists but evalute their elements lazily. This small detail makes the world of difference. This post explores Streams and how they can encapsulate infinate sets.

Exploit Exercises - Fusion level02 write up

Exploit Development

07 May 2015

Learn to develop a stack buffer overflow exploit from scratch. This is an intermediate difficulty walkthrough as ASLR and NX mitigations are enabled. The exploit is developed as a Metasploit module.

Latest Posts

1. Exploring Java deserialization in GitHub
2. Infinite streams and prime numbers
3. Exploit Exercises - Fusion level02 write up
4. Exploit Exercises - Fusion level01 write up
5. Exploit Exercises - Fusion level00 write up

Latest Posts

Exploring Java deserialization in GitHub

Infinite streams and prime numbers

Exploit Exercises - Fusion level02 write up

Latest Posts

Categories