MOGWAI LABS GmbH's repositories
rmi-deserialization
Slides/Demos from the BSides Munich 2019 talk "Attacking Java RMI in 2019"
jarjarbigs
A python script to merge multiple jar files for easier debugging via JD-Eclipse
canape-workshop2018
Material from our CANAPE workshop
DNSrebinder
A python based minimal DNS server to test/verify DNS rebinding attacks
deserialization-filter-blacklists
Native Java serialization filter blacklist for common gadgets
CVE-2017-1000486
Proof of Concept Exploit for PrimeFaces 5.x EL Injection (CVE-2017-1000486)
dotCMSTokenGenerator
PoC JWT Token Generator, written by Timo Müller
Laravel-Queue-Exploit-Environment
Environment which demonstrates exploitation of Laravel Queues
dotCMSSigningKeyGenerator
Generates a new random signing key for dotCMS 4.3.3 installations. Written by Timo Müller