Fantastic conference, the presentation went really well. Already starting to see people referencing my RMI hacking presentation, thanks for all the feedback!
Gunter Ollman's Blog
Secshoggoth
It is great to see the search engine results changing in respects to RMI security. The start of all this happened 4 years ago during my Software Engineering degree and I was taught to develop my first RMI service. At the time, things didn't seem right from a security perspective but I didn't have the time nor skillset to pursue it at the time. I remember attempting to assess an RMI service at the time but couldn't get past step 1 of what I presented at the OWASP conference. However, my interest was sparked again during a security assessment, so over the last few weeks the RMI research began and things started to come together very quickly. I am looking forward to releasing alot of research and new tools over the coming weeks.
Cheers
EDIT: The video is now available via Google Videos
Hacking RMI services
Update: Unfortunately I will no longer be releasing the RMI Assessment tools. I have recently left Corsaire and will be joining Research In Motion (Blackberry). The research and tools are Corsaire's intellectual property.