New Exploit Technique In Java Deserialization Attack
Kunzhe Chai, Lucas Zhang, Yongtao Wang at Black Hat Europe 2019
In our depth research, we analyzed more than 10000+ Java third-party libraries and found many cases which can be exploited in real-world attack scenarios. In this talk, we will bat around the principle and exploit technique of these vulnerabilities. Also, we will present how to pwn target server by our new exploit technique. It can not only improve the effect of java deserialization vulnerability but also enhance other Java security issues impact, and we will discuss profound impacts of the attack vector in the java security field.
Full Abstract & Presentation Materials: https://www.blackhat.com/eu-19/briefings/schedule/#new-exploit-technique-in-java-deserialization-attack-17321
Full Abstract & Presentation Materials: https://www.blackhat.com/eu-19/briefings/schedule/#new-exploit-technique-in-java-deserialization-attack-17321