Nytro Posted July 17, 2017 Report Posted July 17, 2017 Publicat pe 17 iul. 2017 Java Serialization is commonly used by large-scale enterprise applications and presents significant opportunities for attacks that often lead to unauthenticated remote command execution against the underlying application servers. While serialization exploits are not new, identifying and exploiting serialization vulnerabilities can be more involved than other common vulnerabilities. During this talk I’ll look at some real attacks against Java serialization and demonstrate how to identify and attack serialization vulnerabilities to reap the rewards of RCE. 1 Quote
