Recent News
Reliable discovery and exploitation of Java deserialization vulnerabilities
Introduction Java deserialization vulnerabilities were discovered and disclosed in January 2015 by Gabriel Lawrence and Chris…
Fiddler: NTLM authentication when Burp Suite fails
Recently, we tested a Web application with NTLM authentication. The authentication works correctly with any browser,…
CVE-2016-8919 – IBM WebSphere deserialization of untrusted data
IBM WebSphere deserialization of untrusted data: http://lab.mediaservice.net/advisory/2016-03-websphere.txt [crayon-595095e58c771105927459/]
CVE-2016-7065 – Red Hat JBoss EAP deserialization of untrusted data
Red Hat JBoss EAP deserialization of untrusted data Advisory URL: http://lab.mediaservice.net/advisory/2016-05-jboss.txt [crayon-595095e58cb93289113416/]
Exploiting OGNL Injection
Recently during a penetration test Burp Suite reported a “Expression Language Injection” issue. Burp Suite…
Penetration testing on mobile applications – The hard way
In this period, I spend a huge portion of my working time doing penetration test…
CVE-2016-5983 – IBM WebSphere deserialization of untrusted data
IBM WebSphere deserialization of untrusted data Advisory url: http://lab.mediaservice.net/advisory/2016-02-websphere.txt [crayon-595095e58d609134886182/]