Overview
Explore the security vulnerabilities in Java messaging systems through this Black Hat conference talk. Delve into the widespread use of messaging in various applications, from mobile messengers to banking systems, and examine popular message brokers like RabbitMQ and WebSphere MQ. Learn about messaging standards such as AMQP, MQTT, and STOMP, and discover how Java's serialization plays a crucial role in the Java messaging ecosystem. Gain insights into recent advancements in exploiting Java deserialization vulnerabilities and their application to Java messaging. Investigate the attack surface of different Java messaging API implementations and their associated deserialization vulnerabilities. Get introduced to the Java Messaging Exploitation Tool (JMET) and learn how to identify and exploit message-consuming systems effectively.
Syllabus
Pwning Your Java Messaging With Deserialization Vulnerabilities
Taught by
Black Hat