Matthias Kaiser - Exploiting Deserialization Vulnerabilities in Java





The interactive transcript could not be loaded.


Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Published on Nov 3, 2015

== Abstract ==
Deserialization vulnerabilities in Java are lesser known and exploited
(compared to unserialize() in PHP). This talk will give insights how
this bug class can be turned into serverside Remote Code Execution.
Details and a demo will be given for one of my patched vulnerabilities
(CVE-2015-6576, Atlassian Bamboo RCE).

== About the Speaker ==
Matthias is the Head of Vulnerability Research at Code White in Ulm. He worked as a Java Dev and Software Architect in the past and started with technical security 6 years ago. He found vulnerabilities in products of
Oracle, IBM, SAP, Symantec, Apache, Adobe, Atlassian, etc.
He enjoys bug-hunting in Java Software because it's so easy.


When autoplay is enabled, a suggested video will automatically play next.

Up next

to add this to Watch Later

Add to

Loading playlists...