Home page logo
/

dailydave logo Dailydave mailing list archives

AnonymousClassLoader Java Exploitation Technique
From: Esteban Guillardoy <esteban () immunityinc com>
Date: Fri, 23 Nov 2012 14:45:00 -0300

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

During the last couple of months a lot of Java vulnerabilities were
fixed between JRE/JDK 7 updates 7 and 9.

But not only Oracle fixed vulnerabilities, they also killed techniques.

I had the chance to work on some Java stuff lately [1] [2], and this
time I'm bringing you some interesting details on a Java exploitation
technique that has not been public until recently that was used in a
JAX-WS exploit (CVE-2012-5076) found in the wild.

You can see the article here:
http://immunityproducts.blogspot.com/2012/11/anonymousclassloader-java-exploitation.html

If you are interested in more Java exploitation ticks, come on and
join me in the Master Class [3] where we'll be having a complete day
on the matter :)

Cheers,
Esteban

1 -
http://immunityproducts.blogspot.com.ar/2012/08/java-0day-analysis-cve-2012-4681.html
2 -
http://immunityproducts.blogspot.com.ar/2012/08/java-patched-at-least-4-bugs.html
3 - http://www.immunityinc.com/infiltrate/training.html#MasterClass

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQEcBAEBAgAGBQJQr7YYAAoJEMDwvf75KRbjnLIH/iJURNQ6Qlai9JhhEvJ4X/DS
MyX7QeK6JepVOWZ8hu1msM2wdcWVxBoHo5bzFTxaCXY1jqrOoq9oyUHgZvnnFGV/
Oz1wGk+ZWiic/EhpkOuwF7mDUT6QbXRKHhynRhHpVMVKsTVkzPezWZyiKhOrwls1
P76Eibx/1FNLo7eZSQtru5Im9W4h1FGFtK3Z3lP3FOC8fuZEvqxx240VKnbcODEf
KcyZiDQy1dn5eTqzzfSCpmyCI7bjrLuxuZOWfdXVexQixM/sv8rE9UtcEcW4Rtq3
pXbxTfNRcqR1p8KtnYvEFrGD2MtUTZ6z0eZobppWlFgIacUAPugPFtPVf1j4AWg=
=fGoT
-----END PGP SIGNATURE-----
_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave


  By Date           By Thread  

Current thread:
  • AnonymousClassLoader Java Exploitation Technique Esteban Guillardoy (Nov 23)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault