The Java Agent: Modifying Bytecode at Runtime to Protect Against Log4J • Joe Beeton • GOTO 2022
This presentation was recorded at GOTO Copenhagen 2022. #GOTOcon #GOTOcph
https://gotocph.com
Joe Beeton - Senior Application Security Researcher at Contrast Security
RESOURCES
https://github.com/eclipse/jbom
https://github.com/JoeBeeton/cornflak...
https://github.com/welk1n/JNDI-Inject...
https://www.contrastsecurity.com/deve...
https://www.contrastsecurity.com/cont...
Joe
/ josephbeeton
https://github.com/JoeBeeton
/ joe-beeton-34b083231
ABSTRACT
Java Agents are a powerful tool to instrument or modify your application at runtime. But how do they work?
In this talk, I'll be going through how they work when configured at startup as well as attaching an agent to a running process.
I'll show how the underlying Java Agent API works, how it can be used to both analyse an application and modify the application using a simple example of Bytecode modification to protect against Log4J and other vulnerabilities [...]
TIMECODES
00:00 Intro
00:35 java.langinstrumentation
02:21 Dynamically attaching
08:14 JBOM Demo
21:21 Static attaching
21:46 RASPs
22:29 Log4J interpolation
23:58 What is JNDI
24:54 What a malicious JNDI server can do
29:10 Patching Log4J at runtime
30:00 Vulnerability Demo
38:12 Links
38:43 Outro
Download slides and read the full abstract here:
https://gotocph.com/2022/sessions/2195
RECOMMENDED BOOKS
Kevlin Henney & Trisha Gee • 97 Things Every Java Programmer Should Know • https://amzn.to/3kiTwJJ
Markus Eisele & Natale Vinto • Modernizing Enterprise Java • https://amzn.to/3EsEtZ3
Joshua Bloch • Effective Java • https://amzn.to/3ygmQJt
/ gotocon
/ goto-
/ gotoconferences
#Java #Security #JavaSecurity #JBOM #JavaAgent #Bytecode #JavaEcosystem #RASP #JVM #JCP #Java8 #JDK #Log4j #npm #Gradle #Maven #JoeBeeton
Looking for a unique learning experience?
Attend the next GOTO conference near you! Get your ticket at https://gotopia.tech
Sign up for updates and specials at https://gotopia.tech/newsletter
SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily.
https://www.youtube.com/user/GotoConf...
Watch video The Java Agent: Modifying Bytecode at Runtime to Protect Against Log4J • Joe Beeton • GOTO 2022 online without registration, duration hours minute second in high quality. This video was added by user GOTO Conferences 23 May 2023, don't forget to share it with your friends and acquaintances, it has been viewed on our site 36,16 once and liked it 9 people.