Index ¦ Archives ¦ Atom

Exploiting JVM deserialization vulns despite a broken class loader

A broken classloader made exploitation of a Java deserialization vulnerability more tricky, but it was still possible to exploit it to e.g. delete files on the server.


Process reconnaissance without /proc

Servers with /proc restrictions make it hard to see what processes other users executed and when. Can we we learn at least something of these other processes despite the restrictions?


Visualizing memory accesses of an executable

Memory visualizations can often give quick insight into code and its algorithms. See this post for example visualizations of memory accesses by pngcheck, printf and t206 and the tool to draw them.

© Otto Ebeling. Built using Pelican. Theme by Giulio Fidente on github.