Exploring Java deserialization in GitHub

22 May 2016

Java deserialization vulnerabilities have become easy to exploit and allow an attacker to remotely compromise a server. How prevalent are these vulnerabilities in open-source projects? This post explores how often Java projects use serialization and walks through exploiting a 0-day vulnerability in Gradle.

continue reading...

Infinite streams and prime numbers

01 May 2016

Scala Streams are similar to Lists but evalute their elements lazily. This small detail makes a world of difference. This post explores Streams and how they can encapsulate infinite sets.

continue reading...

Fusion level02 write up

07 May 2015

Learn to develop a stack buffer overflow exploit from scratch. This is an intermediate difficulty walkthrough as ASLR and NX mitigations are enabled. The exploit is developed as a Metasploit module.

continue reading...