CODE WHITE - Finest Hacking

Java Exploitation Restrictions in Modern JDK Times

JMX Exploitation Revisited

Attacks on Sysmon Revisited - SysmonEnte

Bypassing .NET Serialization Binders

.NET Remoting Revisited

RCE in Citrix ShareFile Storage Zones Controller (CVE-2021-22941) – A Walk-Through

About the Unsuccessful Quest for a Deserialization Gadget (or: How I found CVE-2021-21481)

Sophos XG - A Tale of the Unfortunate Re-engineering of an N-Day and the Lucky Find of a 0-Day

Liferay Portal JSON Web Service RCE Vulnerabilities

CVE-2019-19470: Rumble in the Pipe

Exploiting H2 Database with native libraries and JNI

Heap-based AMSI bypass for MS Excel VBA and others

Telerik Revisited

LethalHTA - A new lateral movement technique using DCOM and HTA

Marshalling to SYSTEM - An analysis of CVE-2018-0824

Poor RichFaces

Exploiting Adobe ColdFusion before CVE-2017-3066

Handcrafted Gadgets

SAP Customers: Make sure your SAPJVM is up-to-date!

AMF – Another Malicious Format

Return of the Rhino: An old gadget revisited

Infiltrate 2016 Slidedeck: Java Deserialization Vulnerabilities

Compromised by Endpoint Protection: Legacy Edition

Java and Command Line Injections in Windows

CVE-2015-3269: Apache Flex BlazeDS XXE Vulnerabilty

Compromised by Endpoint Protection

Reading/Writing files with MSSQL's OPENROWSET

CVE-2015-2079: Arbitrary Command Execution in Usermin

CVE-2015-0935: PHP Object Injection in Bomgar Remote Support Portal

$@|sh – Or: Getting a shell environment from Runtime.exec

Exploiting the hidden Saxon XSLT Parser in Ektron CMS

How I could (i)pass your client security