Might As Well JUMP - Exploit Development For Java Serialization

Explore advanced exploit development techniques for Java serialization vulnerabilities in this conference talk from the Hack In The Box Security Conference. Dive into a demonstration of a zero-day custom exploit targeting a simple application deployed in Apache MyFaces on the latest version of Tomcat. Learn how to create a Python exploit that breaks HMAC and MAC through cryptographic manipulation. Gain insights into reverse engineering popular security applications for vulnerabilities using a concise ASM command. Delve into the intricacies of Return-Oriented Programming (ROP) and egg hunting techniques, illustrated through a custom Firefox remote code execution vulnerability written in asm.js. This 23-minute session offers a comprehensive look at cutting-edge exploit development strategies, providing valuable knowledge for security professionals and researchers.

#HITBHaxpo D2 - Might As Well JUMP: Exploit Development For Java Serialization - Jameel Nabbo