Completed
CORBA Vector: Deserialization Attacks
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
A Journey From JNDI-LDAP Manipulation to Remote Code Execution Dream Land
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 JNDI in a Nutshell
- 3 JNDI Architecture
- 4 JNDI In Action
- 5 JNDI Naming References
- 6 JNDI Remote Class Loading
- 7 Attack Process
- 8 Dynamic Protocol Switching
- 9 JNDI Vectors
- 10 RMI Vector: JNDI Reference Payload
- 11 Previous Research: Click-to-play bypass
- 12 Previous Research: Deserialization attack
- 13 CORBA Vector: IOR
- 14 CORBA Vector: Limitations & Bypasses
- 15 CORBA Vector: IIOP Listeners
- 16 CORBA Vector: Deserialization Attacks
- 17 LDAP Vector
- 18 Lookup (Naming) vs Search (Directory)
- 19 Object-Returning Searches
- 20 Java Object Decoding
- 21 Java Schema (RFC 2713)
- 22 Entry Poisoning with Serialized Objects
- 23 Entry Poisoning with JNDI References
- 24 Attack Scenarios: Entry Manipulation
- 25 Attack Scenarios: MITM Tampering
- 26 Recommendations
- 27 BlackHat Sound Bytes