all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

ODDFuzz: Hunting Java Deserialization Gadget Chains via Structure-Aware Directed Greybox Fuzzing

Add to bookmarks
Dec. 5, 2023, 11:24 a.m. | Black Hat

Black Hat www.youtube.com

Although the Java deserialization vulnerability has been widely known for many years, it still poses a severe threat to security. The attackers and defenders both focus on hunting gadget chains, which are the key to actually exploiting the vulnerability.

There are some available tools that can be used to hunt for gadget chains automatically. Unfortunately, these tools struggle to address the following challenges: (1) Existing tools have difficulty making trade-offs between precision and recall, because runtime polymorphism and other dynamic …

attackers aware defenders deserialization exploiting focus fuzzing gadget hunting java java deserialization key security structure the key threat tools vulnerability

Visit resource

More from www.youtube.com / Black Hat

Startup Spotlight Competition at Black Hat 4 days, 5 hours ago | www.youtube.com
bhusa blackhat cybersecurity infosec +1
Locknote: Conclusions and Key Takeaways from Day 2 3 weeks, 2 days ago | www.youtube.com
black hat black hat europe board board members +15
Locknote: Conclusions and Key Takeaways from Day 1 3 weeks, 2 days ago | www.youtube.com
black hat black hat europe board board members +16
Keynote: My Lessons from the Uber Case 3 weeks, 2 days ago | www.youtube.com
addition best practices case convicted +16
Keynote: Industrialising Cyber Defence in an Asymmetric World 3 weeks, 3 days ago | www.youtube.com
adversaries challenge cyber cyber defence +10
The Black Hat Europe Network Operations Center (NOC) Report 3 weeks, 3 days ago | www.youtube.com
back black hat black hat europe center +14
My Invisible Adversary: Burnout 4 weeks ago | www.youtube.com
adversary attackers attacks burnout +11
The Magnetic Pull of Mutable Protection: Worked Examples in Cryptographic Agility 4 weeks ago | www.youtube.com
analysis ask bad codeql +10
A World-View of IP Spoofing in L4 Volumetric DoS Attacks - and a Call to … 4 weeks, 1 day ago | www.youtube.com
attacks call cloudflare detection +10

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Senior Security Specialist, Forsah Technical and Vocational Education and Training (Forsah TVET) (NEW)

@ IREX | Ramallah, West Bank, Palestinian National Authority
View on infosec-jobs.com

Consultant(e) Junior Cybersécurité

@ Sia Partners | Paris, France
View on infosec-jobs.com

Senior Network Security Engineer

@ NielsenIQ | Mexico City, Mexico
View on infosec-jobs.com

Senior Consultant, Payment Intelligence

@ Visa | Washington, DC, United States
View on infosec-jobs.com

Corporate Counsel, Compliance

@ Okta | San Francisco, CA; Bellevue, WA; Chicago, IL; New York City; Washington, DC; Austin, TX
View on infosec-jobs.com

Security Operations Engineer

@ Samsara | Remote - US
View on infosec-jobs.com
View more jobs