Hans-Martin Münch
@h0ng10
Followers
1K
Following
2K
Media
32
Statuses
2K
CEO of MOGWAI LABS GmbH. I play CTF with powerpuffpwn.
Neu-Ulm
Joined May 2010
Do you work with Entra? You *need* to read and understand the content of this post.
Understanding EVERY Token in Entra ID 🔎 Not all tokens are equal. There are many different types with different uses and benefits. In this blog, I break down each token and what they are used for and which tokens are the most "valuable" for an attacker to obtain. Full blog
1
25
127
Happy Monday! watchTowr Labs member @SinSinology deep dives into Veeam Backup & Response CVE-2024-40711 in our latest post 🚀 https://t.co/PfrgFyZyRI We hope you enjoy it! (as always, where there's smoke - there is fire 😉 for next time..)
labs.watchtowr.com
Every sysadmin is familiar with Veeam’s enterprise-oriented backup solution, ‘Veeam Backup & Replication’. Unfortunately, so is every ransomware operator, given it's somewhat 'privileged position' in...
5
56
135
Some time ago, I found a vulnerability in a customer's remote access (Citrix) configuration that allowed bypassing MFA under certain conditions. If you're interested, here are the details: https://t.co/vewnAZrrVs
edermi.github.io
Long time no see! After 3 years of no new blog posts and also no conference talks from my side, I decided it’s time to write again. I’ll start easy with a fun story that happened a while …
1
5
18
First part which covers the bug and finishes off with code allowing us for a controlled overflow in the Paged Pool is up: https://t.co/13qOP8686s
3sjay.github.io
This blog post is about a Windows Kernel Paged Pool Overflow going by the identifier CVE-2021-31956 and how to exploit it from a Low Integrity point of view. We don’t cover any novel exploitation...
1
40
183
We just added a new vulnerability to our "bug parade" page (CVE-2024-37361). If you are using Pentaho Data Integration, please ensure that you are on the latest patch level to avoid potential security risks. https://t.co/fwyDAS1NVy
0
1
1
Following on from our #GitHub action exploitation series, @hugow_vincent discovered a new exploitation technique that allowed us to push arbitrary code onto the spring-security project using the Dependabot GitHub app. https://t.co/y53ZVySc8C
synacktiv.com
GitHub Actions exploitation: Dependabot
1
26
71
Another product, another deserialization vulnerability, another RCE from @mwulftange: Patch your Telerik Report Server (CVE-2024-6327 & CVE-2024-6096)
code-white.com
Public list of vulnerabilities, found by CODE WHITE
2
35
100
In their latest blogpost, @hugow_vincent and @loadlow developed in-memory post-exploitation payloads to inject and hook common Java applications. Come and see the Java shenanigans involved to interact with the apps from the inside! https://t.co/uqbXWwS5sk
synacktiv.com
Injecting Java in-memory payloads for post-exploitation
2
52
147
Is there an existing smbserver implementation, that provides a different file on request X (similar to DNS rebinding)?
1
1
1
We have a long history of yearly artworks @sensepost, and this year I got to carry the baton forward. I'm excited to reveal our 2024 artwork: "make pr's, not war". An art piece almost literally from my heart. 🧵
4
14
50
My blog post about several findings in Dynamics 365 Business Central. I tried writing in a .NET primer style for code audit beginners. https://t.co/0FX2hOyf5i
frycos.github.io
Microsoft Dynamics 365 Business Central (formerly Microsoft Dynamics NAV) – ERP and CRM software-as-a-service product meant for small and mid-sized businesses.
5
61
172
We just added a new item to our bug parade a.k.a security advisory page: Unauthenticated remote code execution in Visual Planning 8:
0
2
6
Here is the PoC for MS SharePoint bugs fixed in this month's patch :) Responsible Disclosure is a joke https://t.co/gofa3pqflY
https://t.co/NvNyMpGUGN
2
74
239
Fun Fact: I found those signal bugs (sendmail and openssh) while writing the chapter on signals for TAOSSA. Writing stuff you think you know well helps you to discover your blind spots, and also consider new ideas!
6
43
295
We’re honoured to welcome the new team to the Gecko family 🦎
Dear all, We are thrilled to announce that @bfslabs is joining @Binary_Gecko ! The two labs will operate under the Geco brand, continuing our tradition of cutting-edge research and community contributions.
2
16
48
Apache HTTP Server just fixed 7 of my vulnerabilities! I'll be covering 5 of them in my Black Hat USA #BHUSA talk next month! (Still no hope for the VISA, tho 🤷♂️) Anyway, stay tuned! 🔥 >
Thanks @BlackHatEvents for the #BHUSA acceptance! It's pure web hacking research this time! 🔥 However, I'm still not sure if I can enter the US or not. In advance, I reapplied for the VISA and had the interview in March. Two months have passed, and my case is still under
11
114
614
As promised, here's how you can attack @roundcube using CVE-2024-2961. Not to be redundant with my @offensivecon talk, I go for a data-only attack, giving more insight into the PHP engine.
Iconv, set the charset to RCE (part 2): @cfreal_ exploits direct iconv() calls to hack the PHP engine, and its most popular webmail, @Roundcube (CVE-2024-2961).
0
30
102
See you in Munich 😉
BSides Munich would like to thank MOGWAI LABS ( https://t.co/goVX5XdxwN) for their ongoing support of our event and community throughout the years. We are proud to have you as a Silver sponsor! https://t.co/z5HMrWyVCT
0
1
3