Sydney 2013

Sydney, Australia | Mon, Nov 11 - Sat, Nov 23, 2013

Playing with JBoss JMXInvokerServlet

  • Guillaume Thiaux
  • Thursday, November 21st, 6:30pm - 8:00pm

Cocktails start at 6:30pm

Talk at 7:00pm

Everyone knows that an exposed JMXInvokerServlet on a JBoss server will lead to a remote shell. Most of you might use metasploit or similar automated toolkits to exploit this interface, but what can you do when they fail? This presentation will describe a few useful tips that will help you leverage JBoss mechanisms to ensure a successful exploitation.

About Guillaume Thiaux:

Guillaume Thiaux is a security consultant with Trustwave's Spiderlabs in Sydney. Originally interested by UNIX, virtualization and system development, he joined EADS to work on operating system hardening. There he worked on defence contracts as well as research and development to produce state of the art multi-level platforms. Securing systems was fun but not as much as playing the on offensive side, so after a few years, he joined the HSC, a renowned French security consulting company. Besides penetration testing, code review and forensics assignments, he was teaching both FOR510 and SEC660. When not behind a computer, he enjoys travelling the world.

Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
Wednesday, November 20
Session Speaker Time Type
Advanced Exploit Writing: Use-After-Free Vulnerabilities Stephen Sims, SANS Senior Instructor Wednesday, November 20th, 5:45pm - 7:45pm SANS@Night
Thursday, November 21
Session Speaker Time Type
Playing with JBoss JMXInvokerServlet Guillaume Thiaux Thursday, November 21st, 6:30pm - 8:00pm SANS@Night