Monday 22 January 2018
Contact US    |    Archive
3 months ago

Mitigating Java Deserialization attacks from within the JVM (improved version)


This deck contains a few improvements based on received feedback, such as the addition of links and reworded some points for clarity. A talk about the existing ways to mitigate Java deserialization attacks from the JVM. The talk was presented at the BSides Luxembourg conference on October 2017. It describes the use of Instrumentation Agents and Serialization Filtering and their limitations. It also talks about Runtime Virtualization and Runtime privilege de-escalation. At the talk there was also a PoC demo that demonstrated how an Instrumentation Agent could be tampered from a file upload vulnerability at the application level.

Read on the original site


هذه الصفحة هي مجرد قاریء تلقائي للأخبار باستخدام خدمة الـ RSS و بأن نشر هذه الأخبار هنا لاتعني تأییدها علی الإطلاق.

Next 48 Hours

- straitstimes
Hashtags:   

Mitigating

 | 

Java

 | 

Deserialization

 | 

attacks

 | 

from

 | 

within

 | 

the

 | 

JVM

 | 

improved

 | 

version

 | 
Most Popular (6 hours)

Next 48 Hours

- straitstimes

Most Popular (24 hours)

Most Popular (a week)

Categories - Countries
All News
Malaysia