This session will present an 0day custom exploit in a simple application deployed in Apache MyFaces, and deployed on the latest version of Tomcat. The expected result after presenting and explaining how the exploitation techniques works is “A Python exploit that dives into crypto stuff and breaks the HMAC and MAC”.
This session will also cover reverse engineering popular security application for vulns with a fun one line ASM command – for educational proposes only of course. We will dive into the art of ROP and egg hunting for a custom Firefox Remote code execution vuln written in asm.js