Recent Java Exploitation Trends and Malware

Channel:
United States All Hacking Cons
Subscribers:
5,970
Published on ● Video Link: https://www.youtube.com/watch?v=wWhrRXwf2Tg


Duration: 55:25
16 views
0

We are seeing more and more Java vulnerabilities exploited in the wild. While it might surprise many users, and even some people in the industry, to hear that Java is currently a major vector for malware propagation, attackers haven't forgotten that it is still installed and used on a huge number of systems and devices, including those running Microsoft Windows, Mac OSX and different flavors of Unix. Since Java supports multiple platforms, one Java vulnerability can sometimes lead to exploitation on multiple platforms.

Java vulnerabilities are often about evading the sandbox. With sandbox evasion vulnerabilities, the exploitation is much easier and multi-platform attacks are feasible - all those security measures against memory corruption issues won't help. The widely-exploited CVE-2012-0507 vulnerability, for example, was a sandbox breach. We saw active Mac OSX system breaches using this vulnerability, and before that, the vulnerability was used for widespread infection of Windows systems. The cost of writing multi-platform exploits is relatively low and the success rate of exploitation is high.

As we can see, Java vulnerabilities have become more and more popular. However, there is a lack of knowledge on how exploitation of these vulnerabilities actually works. Many Java vulnerabilities result in a sandbox breach, but the way the breach happens is quite a complex process. In this presentation, we will look at some recent Java vulnerabilities and show where these vulnerabilities occur. We will also show you how the exploitation happens and how the bad guys adapt them to use in their arsenal. Of course, Java exploits and malware are written in Java. That opens up an easy way for the attackers to obfuscate and hide their exploits inside complicated logic and code. On the other hand, it means a hard life for security researchers. We are also going to show you an example of an exploit that was obfuscated and modified in a way that made analysis and detection difficult. We share Java debugging techniques and our experience in dealing with these problems.
Presented By:
Jeong Wook Oh
Black Hat - USA - 2012 Hacking conference
#hacking, #hackers, #infosec, #opsec, #IT, #security



Other Videos By All Hacking Cons


2021-12-31SQL Injections
2021-12-31File Disinfection Framework Striking back at the Polymorphic Viruses
2021-12-31Easy Local Windows Kernel Exploitation
2021-12-31Blended Threats and JavaScript: a plan for permanent network compromise
2021-12-31The Info Leak Era Software Exploitation
2021-12-31How many bricks does it take to Crack a Microcell?
2021-12-31Windows 7 Phone Hacking & Exploitation
2021-12-31The Christopher Columbus Rule and DHS
2021-12-31Web Tracking for You
2021-12-31Smashing the Furure for Fun & Profit Presented By:Jeff Moss Bruce Schneier Adam Shostack
2021-12-31Recent Java Exploitation Trends and Malware
2021-12-31Are you my type? : Breaking NET Sandboxes through serialization
2021-12-31Changing the Security Paradigm... Taking back your network and bringing pain to the adversary
2021-12-30There's a party at ring0 Tavis Ormandy, Julien Tinnes
2021-12-30Ushering in the post GRC world applied threat modeling Alex Hutton, Allison Miller
2021-12-30USB Paul carugati
2021-12-30The future of DNS Security Panel
2021-12-30CuteCats exe and the Arab Spring
2021-12-30Hacking the Corporare Mind: using social engineering tactics to improve organizational security
2021-12-30Legal Aspects of Cyberspace Operations
2021-12-30Meeting Yaniv Karta


Tags:
data
hacker
security
computer
cyber
internet
technology
hacking
attack
information
hack
online
password
web
concept
thief
protection
network
scam
fraud
malware
secure
identity
criminal
phishing
software
access
safety
theft
system
firewall
communication
business
privacy
binary
account
spy
programmer
program
spyware
hacked
hacking conference
conference
learn
how to
2022
2021
cybersecurity
owned
break in
google
securing
exploit
exploitation
recon
social engineering
Jeong Wook Oh
java