Explore the security vulnerabilities in Java messaging systems through this Black Hat conference talk. Delve into the widespread use of messaging in various applications, from mobile messengers to banking systems, and examine popular message brokers like RabbitMQ and WebSphere MQ. Learn about messaging standards such as AMQP, MQTT, and STOMP, and discover how Java's serialization plays a crucial role in the Java messaging ecosystem. Gain insights into recent advancements in exploiting Java deserialization vulnerabilities and their application to Java messaging. Investigate the attack surface of different Java messaging API implementations and their associated deserialization vulnerabilities. Get introduced to the Java Messaging Exploitation Tool (JMET) and learn how to identify and exploit message-consuming systems effectively.
Pwning Your Java Messaging With Deserialization Vulnerabilities
Overview
Syllabus
Pwning Your Java Messaging With Deserialization Vulnerabilities
Taught by
Black Hat
Related Courses
-
Deserialization Exploits in Java - Why Should I Care?
-
Modernize Enterprise Java Applications and Messaging with Java EE - Jakarta EE on Azure
-
Automated Discovery of Deserialization Gadget Chains
-
ODDFuzz - Hunting Java Deserialization Gadget Chains via Structure-Aware Directed Greybox Fuzzing
-
New Exploit Technique in Java Deserialization Attack
-
The Anatomy of Java Vulnerabilities
