BaRMIe Poking Java's Back Door Nicky Bloor

Channel:
United States All Hacking Cons
Subscribers:
6,610
Published on ● Video Link: https://www.youtube.com/watch?v=T-VYiEIqIEY


Duration: 42:10
11 views
0

Java's Remote Method Invocation (RMI) enables developers to seamlessly interact with objects that reside within another Java Virtual Machine (JVM), potentially on a remote server. As is often the case, the trade-off for seamless remote method invocation is security. While many consider RMI to be outdated and uninteresting, many in-service implementations remain trivial to exploit, and there are many questions to consider. How common is RMI? How many RMI services are making the same mistakes when it comes to security? What else could I do with arbitrary RMI services? Can RMI services be secured, and if so, how? I set about finding answers to those questions. Along the way I wrote a tool to help with enumeration of RMI services, called BaRMIe, which eventually became an exploitation tool following the discovery of vulnerabilities within Java itself. During this talk I'll look at the work I did and present the results of my research including answers to my original questions and the exploitation tool I wrote, BaRMIe.


Presenters:
Nicky Bloor

44 con 2017 Hacking conference
#hacking, #hackers, #infosec, #opsec, #IT, #security



Other Videos By All Hacking Cons


2021-10-06Reverse Engineering Windows Malware 101 Workshop Amanda Rousseau Workshop
2021-10-06Red Team Revenge Attacking Microsoft ATA Nikhil Mittal
2021-10-06Persisting with Microsoft Office Abusing Extensibility Options William Knowles
2021-10-06The Internet of Us Don A Bailey
2021-10-06The Black Art of Wireless Post Exploitation Gabriel Ryan
2021-10-06Subgraph OS Hardening a Linux Desktop David Mirza Ahmad
2021-10-06Inside Android's SafetyNet Attestation Colin Mulliner
2021-10-06Lessons Learned Hunting IoT Malware Olivier Bilodeau
2021-10-06A Hands On Introduction To Software Defined Radio Didier Stevens Workshop
2021-10-06ARM Assembly and Shellcode Basics Saumil Shah Workshop
2021-10-06BaRMIe Poking Java's Back Door Nicky Bloor
2021-10-06Biting the Apple that feeds you Alex Plaskett and James Loureiro
2021-10-06Breaking Historical Ciphers with Modern Algorithms Klaus Schmeh
2021-10-06Checking BIOS protections offline with just the firmware updates Yuriy Bulygin
2021-10-06Chkrootkit Eating APTs for breakfast since 1997 Nelson Murilo
2021-10-06Cisco ASA Episode 2 Striking back Internals and Mitigations Cedric Halbronn
2021-10-06Cracking HiTag2 Crypto Kevin Sheldrake Workshop
2021-10-06Hypervisor Assisted Ring0 Debugging with radare2 Lars Haukli
2021-10-06How to Hack Radios RF Physical Layers Matt Knight and Marc Newlin Workshop
2021-10-06Hide Yo Keys, Hide Yo Car Aaron Guzman
2021-10-06Cracking HiTag2 Crypto Kevin Sheldrake


Tags:
data
hacker
security
computer
cyber
internet
technology
hacking
attack
digital
information
hack
online
crime
code
concept
thief
protection
network
malware
secure
identity
criminal
phishing
software
access
safety
theft
system
firewall
communication
business
privacy
binary
programmer
program
spyware
hacked
hacking conference
conference
learn
how to
2022
2021
cybersecurity
owned
break in
google
securing
exploit
exploitation
recon
social engineering
Nicky Bloor
Java
Java Virtual Machine