Completed
Results: Netflix Internal Webapp 2
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
Automated Discovery of Deserialization Gadget Chains
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 Deserialization? That's so 2016...
- 3 Why are Deserialization Vulnerabilities so Bad? Magic methods get executed automatically by the deserializer, even before deserialization finishes!
- 4 Magic methods? • readObject() and readResolve() are the main ones...
- 5 Magic Methods to Gadget Chains
- 6 Example Payload
- 7 What (Java) Libraries are Vulnerable?
- 8 Finding Vulnerabilities
- 9 Remediation Options
- 10 Finding Exploits
- 11 Existing Gadget Chain Tools
- 12 Building a New Tool to Find Gadget Chains
- 13 Enumerate class/method hierarchy
- 14 Discover "Passthrough" Dataflow
- 15 Enumerate "Passthrough" Callgraph
- 16 Enumerate Sources Using Known Tricks
- 17 BFS on Call Graph for Chains Sources
- 18 Deserialization Library Flexibility
- 19 Results: OSS Library Scans
- 20 Results: Old Gadget Chains
- 21 New Gadget Chains: Clojure org.clojure clojure
- 22 New Gadget Chains: Scala
- 23 Results: Netflix Internal Webapp 2
- 24 Room for Improvement
- 25 Final Thoughts • Automatic discovery for gadget chains is new territory