filmov
tv
RuhrSec 2016: 'Java deserialization vulnerabilities - The forgotten bug class', Matthias Kaiser
Показать описание
RuhrSec is the annual English speaking non-profit IT security conference with cutting-edge security talks by renowned experts. RuhrSec is organized by Hackmanit.
🔽 More information ...
Abstract. Java deserialization vulnerabilities are a bug class on its own. Although several security researchers have published details in the past, still the bug class is fairly unknown. This talk is about finding and exploiting deserialization flaws in Java. Details on a new gadget will be disclosed, allowing Remote Code Execution. And several vulnerabilities discovered by Code White will be shown as Case Studies including a 0day.
Biography. Matthias is the Head of Vulnerability Research at Code White. He enjoys bug-hunting in Java Software because it's so easy. He found vulnerabilities in products of Oracle, IBM, SAP, Symantec, Apache, Adobe, Atlassian, etc. Currently, he enjoys researching deserialization and looking into COM/OLE.
Speaker: Matthias Kaiser
———
👉 Subscribe to our channel:
👉 Read more about interesting IT Security topics on our blog:
✍️ Want a deeper dive?
Training courses in Single Sign-On (SAML, OAuth and OpenID Connect), Secure Web Development, TLS and Web Services are available here:
———
———
Thanks for your attention and support. Stay secure.
#cybersecurity #java #ruhrsec #cyber #conference #talk
#itsecurity #itsicherheit #javabug #remotecodeexecution
🔽 More information ...
Abstract. Java deserialization vulnerabilities are a bug class on its own. Although several security researchers have published details in the past, still the bug class is fairly unknown. This talk is about finding and exploiting deserialization flaws in Java. Details on a new gadget will be disclosed, allowing Remote Code Execution. And several vulnerabilities discovered by Code White will be shown as Case Studies including a 0day.
Biography. Matthias is the Head of Vulnerability Research at Code White. He enjoys bug-hunting in Java Software because it's so easy. He found vulnerabilities in products of Oracle, IBM, SAP, Symantec, Apache, Adobe, Atlassian, etc. Currently, he enjoys researching deserialization and looking into COM/OLE.
Speaker: Matthias Kaiser
———
👉 Subscribe to our channel:
👉 Read more about interesting IT Security topics on our blog:
✍️ Want a deeper dive?
Training courses in Single Sign-On (SAML, OAuth and OpenID Connect), Secure Web Development, TLS and Web Services are available here:
———
———
Thanks for your attention and support. Stay secure.
#cybersecurity #java #ruhrsec #cyber #conference #talk
#itsecurity #itsicherheit #javabug #remotecodeexecution
0:43:13
RuhrSec 2016: 'Java deserialization vulnerabilities - The forgotten bug class', Matthias K...
0:05:41
Exploiting Java Deserialization Vulnerabilities (RCE) on JSF/Seam Applications with JexBoss
0:45:31
RuhrSec 2016: 'Hacking with Unicode in 2016', Mathias Bynens
0:47:38
Java Deserialization Vulnerabilities The Forgotten Bug Class DeepSec 2016
0:48:36
Pwning Your Java Messaging With Deserialization Vulnerabilities
0:08:18
Exploit Java Deserialization | Understanding Serialized Data
0:01:51
CVE-2010-0094 : Java RMIConnectionImpl Deserialization Privilege Escalation Exploit
0:50:09
Matthias Kaiser - Exploiting Deserialization Vulnerabilities in Java
0:32:20
Deserialization Vulnerability Remediation with Automated Gadget Chain Discovery - Ian Haken
0:10:28
RuhrSec 2016: Opening by Marcus Niemietz
0:45:21
RuhrSec 2016: 'An Abusive Relationship with AngularJS v2', Mario Heiderich
0:41:05
SyScan360'16 Singapore: Remote code execution via Java native deserialization
0:22:10
Preventing Deserialization attacks in Java applications
0:16:24
Java exploiting with ysoserial and how gadget chains work
0:57:49
Mystikcon 2020 - Java De-serialization vulnerability analysis
1:05:03
Joao Figueiredo - An overview of Deserialization Vulnerabilities in the JVM - H2HC 2017
0:01:57
CVE-2008-5353 : Sun Java Calendar Deserialization Exploit
0:34:28
Deserialization: what, how and why [not] - Alexei Kojenov - AppSecUSA 2018
0:04:18
Burp plugin Java deserializer BurpJDSer-ng
0:01:39
Metasploit - Exploiting Java RMI Server Configuration Code Execution
0:13:01
Nate Kettlewell - Java Deserialization and Other Bad Things
0:45:26
Unsafe Deserialization Attacks In Java - Apostolos Giannakidis
0:51:18
Marshalling Pickles - Chris Frohoff & Gabriel Lawrence - OWASP AppSec California 2015
0:01:54
CVE-2013-1493 Java CMM Remote Code Execution
Комментарии