Presented at
DeepSec 2016 „Ten“,
Unknown date/time
(Unknown duration).
Java deserialization vulnerabilities are a bug class of its own. Although several security researchers have published details in the past, still the bug class is fairly unknown. This talk is about finding and exploiting deserialization flaws in Java.
Several vulnerabilities and gadgets discovered by Code White will be shown as case studies including a new 0day.
Presenters:
-
Matthias Kaiser
- Code White
Matthias is the Head of Vulnerability Research at Code White. He enjoys bug-hunting in Java Software because it's so easy. He found vulnerabilities in products of Oracle, IBM, VMware, SAP, Symantec, Apache, Adobe, etc. Currently, he has a good time researching Java deserialization vulnerabilities but also looking into COM.
Links:
Similar Presentations: