Serial Killer Silently Pwning Your Java Endpoints
04.03.2016 Views
Share Embed Flag

Serial Killer Silently Pwning Your Java Endpoints

asd-f03-serial-killer-silently-pwning-your-java-endpoints

asd-f03-serial-killer-silently-pwning-your-java-endpoints

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
pwntester

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

<strong>Java</strong> Deserializa;on in a Nutshell<br />

ObjectInputStream <strong>Serial</strong>izable Class Application Code Garbage Collector<br />

4. Resolve classes of stream<br />

resolveClass()<br />

5. Deserialize objects<br />

1. Get bytes<br />

2. Initialize ObjectInputStream<br />

3. Read object from stream<br />

• ois.readObject()<br />

6. Restore object member fields<br />

• readObject(ObjectInputStream)<br />

• readObjectNoData()<br />

7. Eventually replace restored object<br />

• readResolve()<br />

8. Optionally validate object<br />

• validateObject()<br />

9. Cast deserialized object to expected type<br />

10.Use deserialized object<br />

11.Call finalize() on GC<br />

6

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!