HAXPO: Might As Well JUMP: Exploit Development for Java Serialization

This talk will be LIVE STREAMED on YouTube: http://youtube.com/hitbsecconf


 

This session will present an 0day custom exploit in a simple application deployed in Apache MyFaces, and deployed on the latest version of Tomcat. The expected result after presenting and explaining how the exploitation techniques works is “A Python exploit that dives into crypto stuff and breaks the HMAC and MAC”.

This session will also cover reverse engineering popular security application for vulns with a fun one line ASM command – for educational proposes only of course.  We will dive into the art of ROP and egg hunting for a custom Firefox Remote code execution vuln written in asm.js

HAXPO TRACK
Location: Track 4 / HAXPO Date: May 10, 2019 Time: 5:00 pm - 5:30 pm Jameel Nabbo