Thursday, October 2, 2008

OWASP NYC

Fantastic conference, the presentation went really well. Already starting to see people referencing my RMI hacking presentation, thanks for all the feedback!

Gunter Ollman's Blog

Secshoggoth

It is great to see the search engine results changing in respects to RMI security. The start of all this happened 4 years ago during my Software Engineering degree and I was taught to develop my first RMI service. At the time, things didn't seem right from a security perspective but I didn't have the time nor skillset to pursue it at the time. I remember attempting to assess an RMI service at the time but couldn't get past step 1 of what I presented at the OWASP conference. However, my interest was sparked again during a security assessment, so over the last few weeks the RMI research began and things started to come together very quickly. I am looking forward to releasing alot of research and new tools over the coming weeks.

Cheers

EDIT: The video is now available via Google Videos

Hacking RMI services

Update: Unfortunately I will no longer be releasing the RMI Assessment tools. I have recently left Corsaire and will be joining Research In Motion (Blackberry). The research and tools are Corsaire's intellectual property.

2 comments:

Marcin said...

When do you plan to post your slides?

Unknown said...

They should be available shortly via OWASP, aswell as the video of the presentation. Did you attend the talk?

Cheers