Explore critical flaws in Java Remote Method Invocation (RMI) and Common Object Request Broker Architecture (CORBA) in this 45-minute Black Hat conference talk. Delve into the technical workflow of these widely deployed cross-process communication mechanisms, uncovering security vulnerabilities and vendor implementation failures. Learn about Java remote protocols, simple architecture, protocol analysis, past exploits, and JRE history. Discover techniques for attacking RMI, including registry whitelist bypass, custom services, and JMX flow. Examine specific cases like IBM Websphere Application Server and understand why vendors are unprepared for these threats. Investigate attacks on RMI 45 and 46, focusing on (in)Security Manager and RMI Registry. Analyze exploits, identify vulnerability patterns, and explore the CORBA Naming Service. Gain insights into mitigation strategies and exploit development techniques to enhance your understanding of Java remote protocol security.
Overview
Syllabus
Intro
Java remote protocol
Simple architecture
Protocol analysis
Past exploits
JRE History
Attacking RMI - Registry whitelist bypass
Custom services
JMX flow
IBM Websphere Application Server
Vendors are not prepared for this
Attacking RMI 45 - (in)Security Manager
Attacking RMI 46 - RMI Registry
Exploit analysis
Vulnerability pattern
CORBA Naming Service
Mitigations
Exploit Development
Taught by
Black Hat
