A Journey From JNDI-LDAP Manipulation to Remote Code Execution Dream Land

A Journey From JNDI-LDAP Manipulation to Remote Code Execution Dream Land

Black Hat via YouTube Direct link

Previous Research: Click-to-play bypass

11 of 27

11 of 27

Previous Research: Click-to-play bypass

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

A Journey From JNDI-LDAP Manipulation to Remote Code Execution Dream Land

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 JNDI in a Nutshell
  3. 3 JNDI Architecture
  4. 4 JNDI In Action
  5. 5 JNDI Naming References
  6. 6 JNDI Remote Class Loading
  7. 7 Attack Process
  8. 8 Dynamic Protocol Switching
  9. 9 JNDI Vectors
  10. 10 RMI Vector: JNDI Reference Payload
  11. 11 Previous Research: Click-to-play bypass
  12. 12 Previous Research: Deserialization attack
  13. 13 CORBA Vector: IOR
  14. 14 CORBA Vector: Limitations & Bypasses
  15. 15 CORBA Vector: IIOP Listeners
  16. 16 CORBA Vector: Deserialization Attacks
  17. 17 LDAP Vector
  18. 18 Lookup (Naming) vs Search (Directory)
  19. 19 Object-Returning Searches
  20. 20 Java Object Decoding
  21. 21 Java Schema (RFC 2713)
  22. 22 Entry Poisoning with Serialized Objects
  23. 23 Entry Poisoning with JNDI References
  24. 24 Attack Scenarios: Entry Manipulation
  25. 25 Attack Scenarios: MITM Tampering
  26. 26 Recommendations
  27. 27 BlackHat Sound Bytes

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.