Completed
Introduction
Class Central Classrooms beta
YouTube playlists curated by Class Central.
Classroom Contents
Remote Code Execution via Java Native Deserialization
Automatically move to the next video in the Classroom when playback concludes
- 1 Introduction
- 2 Outline
- 3 Java (de)serialization
- 4 RCE - XML deserialization
- 5 XMLDecoder
- 6 XStream in Jenkins
- 7 RCE - binary deserialization
- 8 CVE-2011-2894: Spring
- 9 commons-fileupload
- 10 Restlet + DFI
- 11 Dozer XML + Binary Mapper
- 12 Dozer CVE-2014-9515
- 13 MBeanServerinvocationHandler
- 14 Property-oriented programming
- 15 Gadget: commons-collection
- 16 Tools & future research
- 17 Where lies the vulnerability?
