Glassfish from (IN)Secure admin

Loading
Timeline Slides Search Info
Loading Click here to add:
Add to notification list

A talk presenting a way to bypass the “secure admin” feature of Glassfish to access the administration panel and deploy your own webshell. 

Jérémy Mousset 
Jérémy is a pentester and a Ron addict. He’s working at Vente-privee.com but this subject comes from his previous life of penetration tester in BT. He wrote an article on MISCregarding the JMX security in Tomcat and he’s currently interested by Glassfish.

Other media in the channel "2018 Lille"

136 views, 1 this month Shadow on the Wall - Risks and Flaws with Shadowsocks July 6th, 2018
44 views Open Hardware for (software) offensive security July 6th, 2018
33 views, 1 this month Freedom Fighting Mode - Open Source Hacking Harness July 6th, 2018
58 views, 3 this month Expl-iot: IoT Security Testing Framework July 6th, 2018
21 views Io(M)T Security: A year in review July 6th, 2018
33 views, 2 this month IoT Honeypot, new types of attacks July 6th, 2018