Completed
Outline
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
Remote Code Execution via Java Native Deserialization
Automatically move to the next video in the Classroom when playback concludes
- 1 Introduction
- 2 Outline
- 3 Java (de)serialization
- 4 RCE - XML deserialization
- 5 XMLDecoder
- 6 XStream in Jenkins
- 7 RCE - binary deserialization
- 8 CVE-2011-2894: Spring
- 9 commons-fileupload
- 10 Restlet + DFI
- 11 Dozer XML + Binary Mapper
- 12 Dozer CVE-2014-9515
- 13 MBeanServerinvocationHandler
- 14 Property-oriented programming
- 15 Gadget: commons-collection
- 16 Tools & future research
- 17 Where lies the vulnerability?