Black Friday 2024: 25+ Ways to Save on Online Learning
Remote Code Execution via Java Native Deserialization

Remote Code Execution via Java Native Deserialization

SyScan360 via YouTube Direct link

Introduction

1 of 17
Next

1 of 17

Introduction

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

Remote Code Execution via Java Native Deserialization

Automatically move to the next video in the Classroom when playback concludes
  1. 1 Introduction
  2. 2 Outline
  3. 3 Java (de)serialization
  4. 4 RCE - XML deserialization
  5. 5 XMLDecoder
  6. 6 XStream in Jenkins
  7. 7 RCE - binary deserialization
  8. 8 CVE-2011-2894: Spring
  9. 9 commons-fileupload
  10. 10 Restlet + DFI
  11. 11 Dozer XML + Binary Mapper
  12. 12 Dozer CVE-2014-9515
  13. 13 MBeanServerinvocationHandler
  14. 14 Property-oriented programming
  15. 15 Gadget: commons-collection
  16. 16 Tools & future research
  17. 17 Where lies the vulnerability?

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.