Explore a groundbreaking exploit technique in Java deserialization attacks presented at Black Hat. Delve into the findings from an extensive analysis of over 10,000 Java third-party libraries, uncovering vulnerabilities applicable to real-world attack scenarios. Learn about the principles and exploitation techniques behind these vulnerabilities, and discover how to compromise target servers using this novel approach. Understand how this technique not only enhances the impact of Java deserialization vulnerabilities but also amplifies other Java security issues. Discuss the far-reaching implications of this attack vector in the field of Java security. This 51-minute conference talk, delivered by Yongtao Wang, Lucas Zhang, and Kunzhe Chai, offers valuable insights for security professionals and Java developers alike.
Overview
Syllabus
New Exploit Technique In Java Deserialization Attack
Taught by
Black Hat