Rhino Security Labs

Strategic & Technical Blog

Technical Strategic Technical & Strategic Both
Research

Java Deserialization Exploitation With
Customized Ysoserial Payloads

David Yesland
June 25, 2020

During a recent application assessment at Rhino we identified a Java deserialization vulnerability which ended up leading to unauthenticated remote code execution. Exploitation of the vulnerability turned out to not be as simple as…

Read more
Research

GKE Kubelet TLS Bootstrap Privilege Escalation

Research

Fuzzing Left4Dead 2 with CERT’s
Basic Fuzzing Framework

Technical Strategic Technical & Strategic Both
Categories
Clear Selection
API
Application Security
AWS
Azure
Buyer's Guide
Cloud Security
Compliance
Enterprise Security
GCP
Google Cloud
Internet of Things
Mobile Security
Network Security
News
Penetration Testing
Research
Social Engineering
Tool Development
Uncategorized
Research

Buffer Overflow Leading to
Code Execution in Left4Dead 2

Hunter Stanton
May 27, 2020

Left4Dead 2 is a video game released in 2009 by Valve Software for PC, Linux, Mac, and Xbox 360. Even though it is 11 years old, it is played by tens of thousands of players every day and is still being actively maintained by Valve.
It runs…

Read more