Explore a novel approach to hunting Java deserialization gadget chains through a 34-minute Black Hat conference talk. Dive into the challenges of existing tools in addressing Java deserialization vulnerabilities, including difficulties in balancing precision and recall due to runtime polymorphism and dynamic language features. Learn about ODDFuzz, an innovative method for efficiently and precisely identifying gadget chains. Gain insights from security researchers Biao He, Haowen Mu, and Yu Ouyang as they present their findings on improving automated detection and validation of potential security threats in Java applications.
ODDFuzz - Hunting Java Deserialization Gadget Chains via Structure-Aware Directed Greybox Fuzzing
Overview
Syllabus
ODDFuzz: Hunting Java Deserialization Gadget Chains via Structure-Aware Directed Greybox Fuzzing
Taught by
Black Hat
Related Courses
-
Automated Discovery of Deserialization Gadget Chains
-
Automated Gadget Chain Discovery for Deserialization Vulnerability Remediation
-
Remote Code Execution via Java Native Deserialization
-
Pwning Your Java Messaging With Deserialization Vulnerabilities
-
Deserialization Exploits in Java - Why Should I Care?
-
New Exploit Technique in Java Deserialization Attack
