Clik here to view.
Hacking Adobe Experience Manager sites
This presentations is about pentesting AEM web applications. It have been shown on PHDays security conference.
View ArticleClik here to view.
ORM2Pwn: Exploiting injections in Hibernate ORM
Presented on Zeronights 0x05 security confernce.
View ArticleClik here to view.
What should a hacker know about WebDav?
Presented on ZeroNights 0x05 security conference.
View ArticleClik here to view.
New methods for exploiting ORM injections in Java applications
Presentation from Hack In The Box 2016 AMS security conferense.
View ArticleClik here to view.
Entity provider selection confusion attacks in JAX-RS applications
Presentation which describes entity provider selection confusion attacks in JAX-RS applications for RESTEasy and Jersey frameworks.
View ArticleClik here to view.
Unsafe JAX-RS: Breaking REST API
Extended version of the slides presented on Troopers17 conference - https://www.troopers.de/troopers17/talks/750-unsafe-jax-rs-breaking-rest-api/.
View ArticleClik here to view.
CSRF-уязвимости все еще актуальны: как атакующие обходят CSRF-защиту в вашем...
Презентация с Highload2017 про эксплуатацию CSRF-уязвимостей в 2017.
View ArticleClik here to view.
Neat tricks to bypass CSRF-protection
Presentation from Zero Nights 2017 - https://2017.zeronights.ru/report/tryuki-dlya-obhoda-csrf-zashhity/.
View ArticleClik here to view.
AEM hacker - approaching Adobe Experience Manager webapps in bug bounty programs
Presentation from LevelUp 0x03 conference - https://forum.bugcrowd.com/t/levelup-0x03-aem-hacker-approaching-adobe-experience-manager-webapps-in-bug-bounty-programs-by-0ang3el/
View ArticleClik here to view.
Hunting for security bugs in AEM webapps
Presented on Hacktivity 2018 conference - https://www.hacktivity.com/bug-hunting-adobe-experience-manage.
View ArticleClik here to view.
Securing AEM webapps by hacking them
Slides from adaptTo() 2019 - https://adapt.to/2019/en/schedule/securing-aem-webapps-by-hacking-them.html.
View ArticleClik here to view.
What’s wrong with WebSocket APIs? Unveiling vulnerabilities in WebSocket APIs.
Slides from Hacktivity 2019 conference - https://hacktivity.com/index.php/presentations/.
View ArticleClik here to view.
A Hacker's perspective on AEM applications security
Adobe Experience Manager (AEM), is a comprehensive content management solution for building websites, managing marketing content and assets. I started to look into AEM security back in 2015. Since...
View Article
