Far Sides of Java Remote Protocols

Conference:  BlackHat EU 2019



The presentation discusses vulnerabilities in various software products and protocols, and the need for improved security measures.
  • Various software products and protocols have vulnerabilities that can be exploited by attackers
  • Improvements in network layer connections and application models can help minimize these vulnerabilities
  • There is room for improvement in Explorer development, particularly in making it compatible with different operating systems
  • The disclosure process with vendors can be complicated, but it is important to disclose vulnerabilities to encourage updates and improve security measures
  • Examples of vulnerable software products and protocols include GMX, Kava, and WebSphere
The presenter discussed how they were able to modify a product to trigger a remote GND I gather matter and then used CV 2018 three one for an eye LDAP GND i remote claw clasp loading, which is commonly used in exploits. They also talked about how the GMX protocol can be bypassed through a security by obscurity method, and how improvements in Explorer development can make it more compatible with different operating systems.


Java Remote Method Invocation (RMI) and Common Object Request Broker Architecture (CORBA) are widely deployed mechanisms for cross-process communications. In this talk, we will walk through the technical workflow of the technologies, revealing several critical flaws under the hood and showing how vendors are failing at securing their implementations of them.There are a number of previous works on the subject but we believe they have yet to capture the extend of their exploitability. We will disclose known, not widely known, and unknown exploitation techniques with overlooked 1-days and 0-days to present fruitful attack surfaces on the protocols' implementation. This will be demonstrated via a number of pre-authentication, remote Code Execution exploits on products of some of the biggest vendors out there.