Playing with JBoss JMXInvokerServlet
- Guillaume Thiaux
- Thursday, November 21st, 6:30pm - 8:00pm
Cocktails start at 6:30pm
Talk at 7:00pm
Everyone knows that an exposed JMXInvokerServlet on a JBoss server will lead to a remote shell. Most of you might use metasploit or similar automated toolkits to exploit this interface, but what can you do when they fail? This presentation will describe a few useful tips that will help you leverage JBoss mechanisms to ensure a successful exploitation.
About Guillaume Thiaux:
Guillaume Thiaux is a security consultant with Trustwave's Spiderlabs in Sydney. Originally interested by UNIX, virtualization and system development, he joined EADS to work on operating system hardening. There he worked on defence contracts as well as research and development to produce state of the art multi-level platforms. Securing systems was fun but not as much as playing the on offensive side, so after a few years, he joined the HSC, a renowned French security consulting company. Besides penetration testing, code review and forensics assignments, he was teaching both FOR510 and SEC660. When not behind a computer, he enjoys travelling the world.
The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:
- SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
Wednesday, November 20
|Advanced Exploit Writing: Use-After-Free Vulnerabilities||Stephen Sims, SANS Senior Instructor||Wednesday, November 20th, 5:45pm - 7:45pm||SANS@Night|
Thursday, November 21
|Playing with JBoss JMXInvokerServlet||Guillaume Thiaux||Thursday, November 21st, 6:30pm - 8:00pm||SANS@Night|