[Dailydave] AnonymousClassLoader Java Exploitation Technique

Esteban Guillardoy esteban at immunityinc.com
Fri Nov 23 12:45:00 EST 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

During the last couple of months a lot of Java vulnerabilities were
fixed between JRE/JDK 7 updates 7 and 9.

But not only Oracle fixed vulnerabilities, they also killed techniques.

I had the chance to work on some Java stuff lately [1] [2], and this
time I'm bringing you some interesting details on a Java exploitation
technique that has not been public until recently that was used in a
JAX-WS exploit (CVE-2012-5076) found in the wild.

You can see the article here:
http://immunityproducts.blogspot.com/2012/11/anonymousclassloader-java-exploitation.html

If you are interested in more Java exploitation ticks, come on and
join me in the Master Class [3] where we'll be having a complete day
on the matter :)

Cheers,
Esteban

1 -
http://immunityproducts.blogspot.com.ar/2012/08/java-0day-analysis-cve-2012-4681.html
2 -
http://immunityproducts.blogspot.com.ar/2012/08/java-patched-at-least-4-bugs.html
3 - http://www.immunityinc.com/infiltrate/training.html#MasterClass

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQEcBAEBAgAGBQJQr7YYAAoJEMDwvf75KRbjnLIH/iJURNQ6Qlai9JhhEvJ4X/DS
MyX7QeK6JepVOWZ8hu1msM2wdcWVxBoHo5bzFTxaCXY1jqrOoq9oyUHgZvnnFGV/
Oz1wGk+ZWiic/EhpkOuwF7mDUT6QbXRKHhynRhHpVMVKsTVkzPezWZyiKhOrwls1
P76Eibx/1FNLo7eZSQtru5Im9W4h1FGFtK3Z3lP3FOC8fuZEvqxx240VKnbcODEf
KcyZiDQy1dn5eTqzzfSCpmyCI7bjrLuxuZOWfdXVexQixM/sv8rE9UtcEcW4Rtq3
pXbxTfNRcqR1p8KtnYvEFrGD2MtUTZ6z0eZobppWlFgIacUAPugPFtPVf1j4AWg=
=fGoT
-----END PGP SIGNATURE-----


More information about the Dailydave mailing list