Black Hat USA 2018 - Automated Discovery of Deserialization Gadget Chains
Although vulnerabilities stemming from the deserialization of untrusted data have been understood for many years, unsafe deserialization continues to be a vulnerability class that isn't going away. Attention on Java deserialization vulnerabilities skyrocketed in 2015 when Frohoff and Lawrence published an RCE gadget chain in the Apache Commons library and as recently as last year's Black Hat, Muñoz and Miroshis presented a survey of dangerous JSON deserialization libraries. While much research and automated detection technology has so far focused on the discovery of vulnerable entry points (i.e. code that deserializes untrusted data), finding a "gadget chain" to actually make the vulnerability exploitable has thus far been a largely manual exercise. In this talk, I present a new technique for the automated discovery of deserialization gadget chains in Java, allowing defensive teams to quickly identify the significance of a deserialization vulnerability and allowing penetration testers to quickly develop working exploits. At the conclusion, I will also be releasing a FOSS toolkit which utilizes this methodology and has been used to successfully develop many deserialization exploits in both internal applications and open source projects.
Видео Black Hat USA 2018 - Automated Discovery of Deserialization Gadget Chains канала HackersOnBoard
Видео Black Hat USA 2018 - Automated Discovery of Deserialization Gadget Chains канала HackersOnBoard
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
DEF CON 26 - Rowan Phipps - ThinSIM based Attacks on Mobile Money SystemsDEF CON 27 - Michael Leibowitz - EDR Is Coming Hide Yo Sh!t32C3 - State of the OnionAn Inside Story of Mitigating Speculative Execution Side Channel VulnerabilitiesBlack Hat USA 2018 - The Air Gap JumpersDEF CON 25 - Yan Shoshitaishvili - 25 Years of Program AnalysisBlack Hat USA 2018 - Squeezing a Key through a Carry BitBlack Hat USA 2018 - Mainframe [z/OS] Reverse Engineering and Exploit DevelopmentDEF CON 27 - Campbell Murray - GSM We Can Hear Everyone Now[Linux.conf.au 2012] scaling web applications with message queuesDEF CON 22 Open Source Fairy Dust[Linux.conf.au 2012] Keynote Karen SandlerDEF CON 26 - Vincent Tan - Hacking BLE Bicycle Locks for Fun and a Small ProfitDEFCON 19 Dont Drop the SOAP Real World Web Service Testing for Web Hackers (w speaker)DEF CON 27 - Jesse Michael - Get Off the Kernel if You Cant Drive29c3 many tamagotchis were harmed in the making of this presentationDEF CON 27 - Nikhil Mittal - RACE - Minimal Rights and ACE for Active Directory DominanceDEFCON 20 Meet the Feds 2 - PolicyDEF CON 27 - Douglas McKee - HVACking Understand the Delta Between Security and RealityBlack Hat USA 2014 - Enterprise: Point of Sale System Architecture and Security