Скачать или смотреть Unsafe Reflection - Episode 81 - RDPS

Roniel and DaRon demonstrate exploiting unsafe reflection, using the "Super Vulnerable Java Application" (available here: https://github.com/theronielanddaronp...) that they created for demonstrating this and other vulnerabilities. As will always be the case, our discussion is unscripted, organic, and completely off the cuff.

Visit us on Twitter @TheRDPS (  / therdps  )

\\ Main Video Content \\
00:00:00 - Introduction
00:04:04 - Confusing Unsafe Reflection and Insecure Deserialisation
00:07:40 - Deserialisation and Reflection Are Often Seen as Magic
00:09:24 - Examining the Code
00:18:38 - Attacking With a Static Method
00:23:49 - Understanding Why Your Attack Isn't Working
00:27:09 - Abusing Multiple Deserialisers
00:28:44 - Calling a Non-Static Method Using the Default Constructor
00:29:29 - How Reflection Can Thwart Your Code Structure
00:35:25 - Reflection Against an Instance Method
00:37:29 - Using the JRE to Write Arbitrary Files
00:39:32 - Conclusion

\\ SPONSORS \\
Interested in sponsoring my videos? Reach out to our team here: [email protected]

Use of Externally-Controlled Input to Select Classes or Code (CWE-470)
Unsafe reflection (CWE-470)
Unsafe use of reflection
Unbounded reflection
Insecure reflection
Exploiting reflection
Webapp hacking
Webapp pen testing
App pen testing
WebApp vulnerabilities
________________________________________________________________
#Cybersecurity #Hacking #webapp #HackingWebApps #applicationsecurity #appsec #unsafereflection #reflection #insecurereflection #unboundedreflection