SecTalks Perth 0x71 - Spring in your step
Details
SecTalks Perth 0x71 - Spring in your step
Please make sure to reach out if you want to Submit a talk, you can either;
Reach out to a Sectalks Organiser directly
-----------------------
# 0 - Spring Boot/Tomcat attack Chain - Chris Elliot
During a Red Team exercise, I discovered a Spring Boot Admin console managing hundreds of containers. Jolokia was enabled on most of them, exposing several suspiciously dangerous MBeans.
The problem was getting a shared object onto disk. There was no file upload functionality, no writable web root, and no usable CVEs.
This sent me down a rabbit hole of Tomcat internals, race conditions, and creative abuse of features working exactly as designed. This talk covers how I chained overlooked behaviours into remote code execution using first principles thinking.
---
Chris is a Principal Red Teamer who, when not chaining Java misconfigurations together, is usually 3D printing something, tinkering with a Falcon ute that has done far too many kilometres, or fixing a lawn mower he found on the side of the road.
# 1 - Bar?
After some chit chat from the talk, let's head to the bar downstairs, mingle, and chat (we still don't have a better idea for a bar)