Pwning Your Java Messaging with Deserialization Vulnerabilities

Black Hat USA 2016

Presented by: Matthias Kaiser
Date: Wednesday August 03, 2016
Time: 15:00 - 15:50
Location: Mandalay Bay BCD

Messaging can be found everywhere. It's used by your favourite Mobile Messenger as well as in your bank's backend system. Message Brokers such as Pivotal's RabbitMQ, IBM's WebSphere MQ and others often form a key component of a modern backend system's architecture. Furthermore, there are various messaging standards in place like AMQP, MQTT, and STOMP. When it comes to the Java World it is rather unknown that Messaging in the Java ecosystem relies heavily on Java's serialization. Recent advances in the exploitation of Java deserialization vulnerabilities can be applied to exploit applications using Java messaging. This talk will show the attack surface of various Java messaging API implementations and their deserialization vulnerabilities. Last but not least, the Java Messaging Exploitation Tool (JMET) will be presented to help you identify and exploit message-consuming systems like a boss.

Matthias Kaiser

Matthias Kaiser is the Head of Vulnerability Research at Code White. He enjoysbug-hunting in Java Software because it's so easy. He found vulnerabilities inproducts of Oracle, IBM, SAP, Symantec, Apache, Adobe, Atlassian, etc.Currently, he enjoys researching java deserialization bugs and gadgets.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats