Hans-Martin Münch's Avatar

Hans-Martin Münch

@h0ng10

CEO at MOGWAI LABS, part time CTF player and bboy

84
Followers 261
Following 18
Posts 06.01.2024
Joined
Posts Following

Latest posts by Hans-Martin Münch @h0ng10

Preview
Generex RCCMDTray Remote OS Command Execution

New security advisory: Generex RCCMDTray Remote OS Command Execution. mogwailabs.de/en/advisorie...

04.08.2025 12:36 👍 1 🔁 1 💬 0 📌 0
AppSec Ezine

AppSec Ezine - 595th pathonproject.com/zb/?0d340b7b... #AppSec #Security

11.07.2025 09:56 👍 0 🔁 0 💬 0 📌 0
Preview
Let Me Cook You a Vulnerability: Exploiting the Thermomix TM5 Hardware Analysis The Thermomix TM5 is a multifunctional kitchen appliance composed of two key electronic boards: the power board, which handles the motor and heating functions, and the main board, w

Ever thought your kitchen appliance could harbor a persistent threat?
We reverse-engineered the Thermomix TM5 and uncovered vulnerabilities allowing arbitrary code execution, persistence, and secure boot bypass.
Discover our step-by-step breakdown!
www.synacktiv.com/en/publicati...

11.07.2025 08:44 👍 6 🔁 6 💬 0 📌 0
AppSec Ezine

AppSec Ezine - 594th pathonproject.com/zb/?80aec227... #AppSec #Security

04.07.2025 06:55 👍 1 🔁 0 💬 0 📌 0
Preview
fwd:cloudsec fwd:cloudsec is a non-profit, conference on cloud security. At this conference you can expect discussions about all the major cloud platforms, both attack and defense research, limitations of security...

fwd:cloudsec2025 videos are up

www.youtube.com/@fwdcloudsec...

02.07.2025 06:27 👍 0 🔁 0 💬 0 📌 0
Preview
Beacon Object Files – Five Years On… When I was active in the red teaming space, one of my stated goals was to act on problems with solutions that would have utility 5-10 years from the time of their release. This long-term thinking w…

Beacon Object Files... Five Years On

aff-wg.org/2025/06/26/b...

I released BOFs with Cobalt Strike 4.1 five years ago. This is some history on the feature and what led to it. My thinking at the time. A few thoughts on current discourse.

26.06.2025 18:48 👍 12 🔁 5 💬 0 📌 0
Preview
4D Unauthenticated File Disclosure

We just added a new vulnerability to our "bug parade" page. If you are using 4D based applications, please ensure that you are on the latest patch level to avoid potential security risks.

mogwailabs.de/en/advisorie...

25.06.2025 09:07 👍 0 🔁 1 💬 0 📌 0
Zyxel NWA50AX Pro - Discovery of an Nday Variant Today was an eventful day thanks to many interesting blog posts, e.g. from my friends at watchTowr. So I thought, why not publish a small quick-and-dirty blog post myself about a story from last week?...

A quick-and-dirty late night blog post on discovering an nday variant in Zyxel NWA50AX Pro devices

frycos.github.io/vulns4free/2...

17.06.2025 21:12 👍 3 🔁 2 💬 0 📌 0
AppSec Ezine

AppSec Ezine - 591st edition #AppSec #Security

pathonproject.com/zb/?f5f861f4...

13.06.2025 10:29 👍 3 🔁 3 💬 0 📌 0
AppSec Ezine

AppSec Ezine - 589th edition #AppSec #Security

pathonproject.com/zb/?33afd768...

30.05.2025 09:43 👍 5 🔁 5 💬 0 📌 0
AppSec Ezine

AppSec Ezine - 588th edition #AppSec #Security

pathonproject.com/zb/?cb31cee2...

23.05.2025 11:25 👍 3 🔁 2 💬 0 📌 0
OffensiveCon25 - Cedric Halbronn and Jael Koh
OffensiveCon25 - Cedric Halbronn and Jael Koh YouTube video by OffensiveCon

OffensiveCon 25 videos are out. Thank you @offensivecon www.youtube.com/watch?v=goEb...

20.05.2025 08:54 👍 7 🔁 2 💬 0 📌 0
Security Risks of Postman Postman is an extremely popular application for developers testing remote web APIs. It lets you craft HTTP requests, interact with their responses, and go through the history of what you’ve sent and r...

We had several customers leaking secrets through Postman, for reference: For reference: www.leeholmes.com/security-ris...

19.05.2025 20:55 👍 1 🔁 1 💬 0 📌 0
AppSec Ezine

AppSec Ezine - 587th pathonproject.com/zb/?354c6db3... #AppSec #Security

16.05.2025 07:24 👍 1 🔁 0 💬 0 📌 0
CODE WHITE | Analyzing the Attack Surface of Ivanti's DSM Ivanti's Desktop & Server Management (DSM) product is an old acquaintance that we have encountered in numerous red team and internal assessments. The main purpose of the product is the centralized dis...

Yes, we're beating a dead horse. But that horse still runs in corporate networks - and quietly gives attackers the keys to the kingdom. We're publishing what’s long been exploitable. Time to talk about it. #DSM #Ivanti code-white.com/blog/ivanti-...

13.05.2025 06:45 👍 8 🔁 8 💬 0 📌 1
AppSec Ezine

AppSec Ezine - 586th edition #AppSec #Security

pathonproject.com/zb/?65eb4ad1...

09.05.2025 15:48 👍 5 🔁 2 💬 0 📌 0
Preview
HTML to PDF Renderer: A tale of local file access and shellcode execution In a recent engagement, we found an HTML to PDF converter API endpoint that allowed us to list local directories and files on a remote server. One of the PDF files we created, revealed that the conver...

From iframes and file reads to full RCE. 🔥

We found an HTML-to-PDF API allowing file reads and SSRF - then chained it into remote code execution via a Chromium 62 WebView exploit.

👉 Read the full write-up here: neodyme.io/en/blog/html...

02.05.2025 11:03 👍 3 🔁 3 💬 0 📌 0
AppSec Ezine

AppSec Ezine Edition #584
pathonproject.com/zb/?39a1a5b0...

25.04.2025 13:17 👍 3 🔁 1 💬 0 📌 0
Cisco Security Advisory: Multiple Cisco Products Unauthenticated Remote Code Execution in Erlang/OTP SSH Server: April 2025 On April 16, 2025, a critical vulnerability in the Erlang/OTP SSH server was disclosed. This vulnerability could allow an unauthenticated, remote attacker to perform remote code execution (RCE) on an…

A few quick notes on the Erlang OTP SSHd RCE (CVE-2025-32433) [1/3]

1. Cisco confirmed that their ConfD and NSO products are affected. The ConfD patch is planned for May. These often run on ports 830, 2022, and 2024 versus 22.

sec.cloudapps.cisco.com/security/cen...

24.04.2025 04:50 👍 12 🔁 6 💬 1 📌 0

The profile you need to create has been documented by the PortSwigger's support team 🔍

Scroll down to the end of the following thread and simply copy the provided config to /etc/apparmor.d/burpbrowser 💪

forum.portswigger.net/thread/burp-...

15.04.2025 08:20 👍 6 🔁 4 💬 1 📌 0
Preview
CVE-2025-30065 | AttackerKB Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code Users are recommended to u…

Good analysis of CVE-2025-30065 (Java Deserialization Vulnerability in Apache Parket). I would that (depending on the Java version) it possible to use a gadget that causes an outgoing JNDI call. attackerkb.com/topics/jAhVR...

11.04.2025 07:59 👍 1 🔁 0 💬 0 📌 0

unauth-rce++ 😊

09.04.2025 13:30 👍 1 🔁 0 💬 0 📌 0

Our crew members @mwulftange.bsky.social & @frycos.bsky.social discovered & responsibly disclosed several new RCE gadgets that bypass #Veeam 's blacklist for CVE-2024-40711 & CVE-2025-23120 + further entry points after @sinsinology.bsky.social & @chudypb.bsky.social 's blog. Replace BinaryFormatter!

28.03.2025 16:35 👍 9 🔁 6 💬 0 📌 2

Also an ideal candidate for beg-bounty hunters 🤷‍♂️

28.03.2025 11:57 👍 0 🔁 0 💬 0 📌 0
Millions Of Public Certificates Are Reusing Old Private Keys - Dylan Ayrey, Joseph Leon
Millions Of Public Certificates Are Reusing Old Private Keys - Dylan Ayrey, Joseph Leon YouTube video by OWASP Foundation

Private Key reuse for requesting https certificates is the new "outdated JavaScript libraries" for penetration testers.

- Large number of services affected
- Easy to find / verify
- Hard to actually exploit

Still nice research from the Truffle Security Team.

www.youtube.com/watch?v=gyyt...

28.03.2025 11:52 👍 2 🔁 0 💬 1 📌 0
Preview
GitHub - jduck/bs25-slides: Slides from "Musing from Decades of Linux Kernel Security Research" at BOOTSTRAP25 Slides from "Musing from Decades of Linux Kernel Security Research" at BOOTSTRAP25 - jduck/bs25-slides

Happy to share my slides from BOOTSTRAP25. Unfortunately the bug discussed is still not patched in Linux 6.14.0 despite it being reported explicitly. Slides are in markdown but there's a PDF in "releases" too github.com/jduck/bs25-s...

25.03.2025 19:26 👍 14 🔁 7 💬 1 📌 0
Post image

Today, Wiz (Woogle?) released an advisory detailing an attack chain they’ve dubbed IngressNightmare, which, if left exposed and unpatched, can be exploited to achieve remote code execution by unauthenticated attackers. Read more at www.runzero.com/blog/ingress...

25.03.2025 00:23 👍 6 🔁 2 💬 0 📌 0
Post image

Look Mom, smalidea (github.com/JesusFreke/s...) has new features: 1. Call-Hierarchy

21.03.2025 13:45 👍 3 🔁 1 💬 1 📌 0
Preview
Security Code Audit of Mullvad VPN · Zoom · Luma Join us for a presentation and meetup with Markus Vervier and Eric Sesterhenn of X41 D-Sec GmbH around their company's audit of Mullvad VPN. Markus Vervier is…

Our next meetup is a presentation from our friends at X41 D-Sec GmbH. Join us next Wednesday, March 26th, at 14:00 CDT for a presentation and discussion with Markus Vervier and Eric Sesterhenn on their audit of @mullvad.bsky.social. We can't wait for this one! RSVP at lu.ma/wreregye

17.03.2025 19:50 👍 3 🔁 3 💬 0 📌 0

unauth-rce++ 😊

17.03.2025 19:42 👍 2 🔁 0 💬 0 📌 0