Description: This presentation consists of two parts; first of which will be explaining backdooring of Java archive formats and secondly on how Java to .NET enumeration and injection takes place. With these methods archives can be backdoored while retaining their original functionality and in-memory code injection can be used to migrate out of these processes without dropping of payloads to the operating system's disk. Using these methods java applications hosted on servers can be used to elevate privilege once a client allows them to run.
aricon is a part-time security researcher living in the Washington DC area. He currently works for a government agency preforming operational security. Past research includes HTML5 vulnerability abuse, trusted command abuse and post exploitation automation.
Latest from the SecurityTube Blog:
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
Original Source: http://www.youtube.com/watch?v=BVsVJ4mY_04