HawkTrace Logo

Security Research

ibWebAdmin Unauthenticated RCE
Security ResearchMar 13, 2026

ibWebAdmin Unauthenticated RCE

A technical advisory for ibWebAdmin authentication bypass via session initialization and panel manipulation leading to remote code execution through command injection.

Batuhan Er• Security Researcher
CVE-2025-59287 WSUS Unauthenticated RCE
DeserializeOct 22, 2025

CVE-2025-59287 WSUS Unauthenticated RCE

A technical WSUS advisory for CVE-2025-59287: unauthenticated unsafe deserialization in Windows Server Update Services that allows remote code execution.

Batuhan Er• Security Researcher
CVE-2025-59287 WSUS Remote Code Execution
DeserializeOct 18, 2025

CVE-2025-59287 WSUS Remote Code Execution

A technical WSUS advisory for CVE-2025-59287: unsafe deserialization in Windows Server Update Services that allows remote code execution.

Batuhan Er• Security Researcher
CVE-2025-53772 IIS WebDeploy RCE
DeserializeSep 1, 2025

CVE-2025-53772 IIS WebDeploy RCE

A detailed technical analysis and research notes on the vulnerability in msdeployagentservice and msdeploy.axd endpoints of Microsoft Web Deploy, where unsafe deserialization of HTTP header contents allows an authenticated attacker to perform remote code execution.

Batuhan Er• Security Researcher
CVE-2024-12106 WhatsUpGold Pre-Auth
Security ResearchJan 1, 2025

CVE-2024-12106 WhatsUpGold Pre-Auth

Security research on WhatsUpGold LDAP authentication vulnerability enabling pre-authentication exploitation and credential theft.

Batuhan Er• Security Researcher
SQL Server Smart Admin Agent RCE
Database SecurityOct 11, 2024

SQL Server Smart Admin Agent RCE

Deep dive into SQL Server Smart Admin Agent internals and potential exploitation paths showing how TaskAgent mechanism can be abused for remote code execution.

Batuhan Er• Security Researcher

Showing 6 of 6 posts