Rhino Security Labs

Strategic & Technical Blog

Java Deserialization Exploitation With
Customized Ysoserial Payloads

David Yesland

During a recent application assessment at Rhino we identified a Java deserialization vulnerability which ended up leading to unauthenticated remote code execution. Exploitation of the vulnerability turned out to not be as simple as…

GKE Kubelet TLS Bootstrap Privilege Escalation

Fuzzing Left4Dead 2 with CERT’s
Basic Fuzzing Framework

Buffer Overflow Leading to
Code Execution in Left4Dead 2

Hunter Stanton

Left4Dead 2 is a video game released in 2009 by Valve Software for PC, Linux, Mac, and Xbox 360. Even though it is 11 years old, it is played by tens of thousands of players every day and is still being actively maintained by Valve.
It runs…