Explore a groundbreaking exploit technique in Java deserialization attacks presented at Black Hat. Delve into the findings from an extensive analysis of over 10,000 Java third-party libraries, uncovering vulnerabilities applicable to real-world attack scenarios. Learn about the principles and exploitation techniques behind these vulnerabilities, and discover how to compromise target servers using this novel approach. Understand how this technique not only enhances the impact of Java deserialization vulnerabilities but also amplifies other Java security issues. Discuss the far-reaching implications of this attack vector in the field of Java security. This 51-minute conference talk, delivered by Yongtao Wang, Lucas Zhang, and Kunzhe Chai, offers valuable insights for security professionals and Java developers alike.
New Exploit Technique in Java Deserialization Attack
Overview
Syllabus
New Exploit Technique In Java Deserialization Attack
Taught by
Black Hat
Related Courses
-
Pwning Your Java Messaging With Deserialization Vulnerabilities
-
Automated Discovery of Deserialization Gadget Chains
-
Deserialization Exploits in Java - Why Should I Care?
-
PDF Attack - A Journey From the Exploit Kit to the Shellcode Part 1
-
ODDFuzz - Hunting Java Deserialization Gadget Chains via Structure-Aware Directed Greybox Fuzzing
-
Hacking Jenkins
