Completed
Enumerate Sources Using Known Tricks
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
Automated Discovery of Deserialization Gadget Chains
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 Deserialization? That's so 2016...
- 3 Why are Deserialization Vulnerabilities so Bad? Magic methods get executed automatically by the deserializer, even before deserialization finishes!
- 4 Magic methods? • readObject() and readResolve() are the main ones...
- 5 Magic Methods to Gadget Chains
- 6 Example Payload
- 7 What (Java) Libraries are Vulnerable?
- 8 Finding Vulnerabilities
- 9 Remediation Options
- 10 Finding Exploits
- 11 Existing Gadget Chain Tools
- 12 Building a New Tool to Find Gadget Chains
- 13 Enumerate class/method hierarchy
- 14 Discover "Passthrough" Dataflow
- 15 Enumerate "Passthrough" Callgraph
- 16 Enumerate Sources Using Known Tricks
- 17 BFS on Call Graph for Chains Sources
- 18 Deserialization Library Flexibility
- 19 Results: OSS Library Scans
- 20 Results: Old Gadget Chains
- 21 New Gadget Chains: Clojure org.clojure clojure
- 22 New Gadget Chains: Scala
- 23 Results: Netflix Internal Webapp 2
- 24 Room for Improvement
- 25 Final Thoughts • Automatic discovery for gadget chains is new territory