Dailydave mailing list archives
AnonymousClassLoader Java Exploitation Technique
From: Esteban Guillardoy <esteban () immunityinc com>
Date: Fri, 23 Nov 2012 14:45:00 -0300
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 During the last couple of months a lot of Java vulnerabilities were fixed between JRE/JDK 7 updates 7 and 9. But not only Oracle fixed vulnerabilities, they also killed techniques. I had the chance to work on some Java stuff lately [1] [2], and this time I'm bringing you some interesting details on a Java exploitation technique that has not been public until recently that was used in a JAX-WS exploit (CVE-2012-5076) found in the wild. You can see the article here: http://immunityproducts.blogspot.com/2012/11/anonymousclassloader-java-exploitation.html If you are interested in more Java exploitation ticks, come on and join me in the Master Class [3] where we'll be having a complete day on the matter :) Cheers, Esteban 1 - http://immunityproducts.blogspot.com.ar/2012/08/java-0day-analysis-cve-2012-4681.html 2 - http://immunityproducts.blogspot.com.ar/2012/08/java-patched-at-least-4-bugs.html 3 - http://www.immunityinc.com/infiltrate/training.html#MasterClass -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iQEcBAEBAgAGBQJQr7YYAAoJEMDwvf75KRbjnLIH/iJURNQ6Qlai9JhhEvJ4X/DS MyX7QeK6JepVOWZ8hu1msM2wdcWVxBoHo5bzFTxaCXY1jqrOoq9oyUHgZvnnFGV/ Oz1wGk+ZWiic/EhpkOuwF7mDUT6QbXRKHhynRhHpVMVKsTVkzPezWZyiKhOrwls1 P76Eibx/1FNLo7eZSQtru5Im9W4h1FGFtK3Z3lP3FOC8fuZEvqxx240VKnbcODEf KcyZiDQy1dn5eTqzzfSCpmyCI7bjrLuxuZOWfdXVexQixM/sv8rE9UtcEcW4Rtq3 pXbxTfNRcqR1p8KtnYvEFrGD2MtUTZ6z0eZobppWlFgIacUAPugPFtPVf1j4AWg= =fGoT -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- AnonymousClassLoader Java Exploitation Technique Esteban Guillardoy (Nov 23)