Hi [[ session.user.profile.firstName ]]

Java Serialization: A Practical Exploitation Guide

Java Serialized Objects (JSOs) are a mechanism to allow for data exchange between Java services. Because they also give attackers a stable and reliable vector for gaining remote control of systems running Java applications, they are increasingly responsible for vulnerabilities and public exploits against internet-accessible services. Join Tod and Jon as they discuss the exposure of Java Serialized Objects and the recent uptick in vulnerability research around JSO exploitation, culminating in Rapid7’s most recent research report, Java Serialization: A Practical Exploitation Guide.
Recorded May 28 2019 48 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Tod Beardsley, Research Director at Rapid7 and Jon Hart, Principal Security Researcher at Rapid7
Presentation preview: Java Serialization: A Practical Exploitation Guide

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Cloud Security Isn’t Just Security on Someone Else’s Computer Recorded: Jun 11 2019 56 mins
    Wade Woolwine, Director of Technology for Rapid7’s Managed Services
    How many times have you heard the phrase “the cloud is just someone else’s computer”? While this is mostly true, this kind of thinking sets a dangerous mindset when it comes to securing your assets in cloud-based services.

    Join Wade Woolwine, Director of Technology for Rapid7’s Managed Services as he discusses various threat prevention, detection, and response strategies for Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS). At the conclusion of this webinar, you’ll be equipped with use cases including:

    1. Monitoring strategies for Microsoft O365
    2. Secure SDLC strategies for web applications and APIs in AWS
    3. Defense in depth and least privilege strategies for hosted infrastructure
  • Groundhog Day - Waking Up from the Security Nightmare Recorded: Jun 11 2019 46 mins
    Brian Carey, Manager of Advisory Services, Rapid7
    Do you feel sometimes that you are living the movie Groundhog Day? That each day, week, month or quarter you are waking up to the same cybersecurity problems and challenges? Are you struggling to make progress on key projects or initiatives?

    If this sounds familiar, join Rapid7’s Brian Carey as he discusses leveraging the CIS Top 20 Controls for success. Some of the topics Brian will cover include:

    1. Strategies for understanding your environment
    2. Protecting your environment
    3. Preparing your organization for the challenges that lay ahead
  • Building a Security Strategy to Encompass the Internet of Vulnerable Things Recorded: Jun 10 2019 24 mins
    Deral Heiland, IoT Research Lead, Rapid7
    With IoT expanding into every corner of our world it becomes critical to create a strategy to successfully secure your organization. But, where should you start when creating an IoT strategy for your organization?

    Join Rapid7’s IoT research lead, Deral Heiland, to learn how to protect your organization in today’s IoT-centric world. Some of the topics Deral will discuss include:

    1. IoT guidelines that have been created or are currently under construction by civilian and government standards organizations
    2. What these guidelines mean for citizens and organizations
    3. How these various recommendation can be effectively used to build a robust IoT security strategy for your organization
  • [PANEL] IoT Security Strategy Best Practices Recorded: Jun 10 2019 42 mins
    Deral Heiland, Rapid7 | Sandy Carielli, Entrust Datacard
    As the world becomes increasingly connected, we have become more vulnerable to IoT threats and attacks. Having a comprehensive and strong security strategy in place is vital to organisational success.

    Join this exclusive panel of industry experts as they discuss:
    - IoT Security Maturity Model
    - Trends in cyber-attacks and breaches affecting the IoT
    - How to proactively prevent breaches and attacks
    - New in IoT Security
    - Security Strategy recommendations for CISOs

    Panelist confirmed:
    - Deral Heiland, IoT Research Lead, Rapid7
    - Sandy Carielli, Director of Security Technologies, Entrust Datacard
  • Live Dragons and Incident Response Plans Recorded: Jun 6 2019 54 mins
    Jeremiah Dewey, Senior Director, Global Consulting, Rapid7
    J. R. R. Tolkien may not be the obvious starting point for incident response planning, but he definitely had a good deal to say about the perils of dragons. As his character, Gandalf correctly states in the story of the Hobbit “It does not do to leave a live dragon out of your calculations, if you live near him.” – very wise words indeed. Unless you’re reading this from Middle Earth, we’re pretty sure there aren’t any actual dragons living in your neighborhood, so during this webcast we’ll be focussing on how you can be well prepared in case of analogous ones by having a solid and relevant incident response plan. Join Jeremiah Dewey, seasoned incident response wizard (not his actual job title, although it probably should be), to ensure your organization’s IR plans are analogous-dragon-ready.

    In this session, you’ll hear about:

    1. What your incident response plans should cover (and what they should not)
    2. Who you should involve in the IR planning process
    3. How you can use threat modeling and business impact as your guide
    4. When you should review and update your IR plans
    5. Why you should put your IR plans through their paces outside of a real incident
  • Java Serialization: A Practical Exploitation Guide Recorded: May 28 2019 48 mins
    Tod Beardsley, Research Director at Rapid7 and Jon Hart, Principal Security Researcher at Rapid7
    Java Serialized Objects (JSOs) are a mechanism to allow for data exchange between Java services. Because they also give attackers a stable and reliable vector for gaining remote control of systems running Java applications, they are increasingly responsible for vulnerabilities and public exploits against internet-accessible services. Join Tod and Jon as they discuss the exposure of Java Serialized Objects and the recent uptick in vulnerability research around JSO exploitation, culminating in Rapid7’s most recent research report, Java Serialization: A Practical Exploitation Guide.
  • The CISO's Role in Technology Decisions Recorded: May 23 2019 60 mins
    Scott King, Senior Director of Advisory Services at Rapid7
    Every security leader runs into this challenge at multiple points in their career. How can you support your team and their technology needs, while ensuring alignment with the business and not overreaching to make vendor selections? This issue can easily put security leaders at odds with their teams charged with engineering and operating the technology that manages risk and enables the protection of company data and systems.

    Join Rapid7’s Scott King for an interactive webcast where he will share his personal experiences as the security leader for one of America’s largest energy companies and how he navigated these potentially treacherous waters.
  • Have no Fear, Security Automation is Here Recorded: May 16 2019 25 mins
    Sydney Coffaro, InsightConnect Product Specialist
    Security automation is a hot topic today, as security teams are looking to effectively leverage technology to make their security operations run more smoothly. With automation all the rage, comments like “we should be automating more” are becoming an ongoing theme. Dedicating time and resources to implement automation is often viewed as a huge level of effort, but adding automation to your most time-intensive security processes doesn’t have to be an intimidating undertaking. Did you know that with a small investment, you can realize tremendous ROI and value from automation, faster than ever before?

    In this demo of InsightConnect, you will learn about:
    1. Overview of automation workflow building blocks
    2. Real use cases teams struggle with today, including phishing, SIEM investigation and response, patching, and more
    3. How you can integrate security automation and orchestration into your existing SecOps programs
    4. How automation will improve efficiency across the processes and tools you’re executing manually today
  • Shoot for the...Cloud? Getting started with security in AWS Recorded: May 2 2019 52 mins
    Josh Frantz, Senior Security Consultant
    Is your organization moving to Amazon Web Services? Or are you a seasoned AWS pro, but need to know where to start to secure it?

    It’s a fact—Cloud environments aren’t going away anytime soon. Cloud adoption is expected to grow at 12.4% annually until 2025. When you need to get started in a new cloud environment, or secure an existing one, vulnerability management is the place to start.

    Join Josh Frantz to learn the fundamentals of setting up vulnerability management in your cloud environment and common pitfalls to watch out for. You may even pick up a few good wise cracks along the way.

    In this webinar we will cover:

    1. The future of the cloud infrastructure landscape
    2. Some common misconceptions. Did you know AWS doesn’t secure your environment for you?
    3. Vulnerability Management best practices
    4. How Rapid7 and InsightVM can help
  • Slaying the Beast! Getting your arms around your vuln management program. Recorded: Apr 16 2019 48 mins
    Caspian Kilkelly, Senior Advisory Services Consultant
    Security isn't just about boundaries and defenses. Maintenance, especially in the form of patching, mitigation and threat reduction, are often just as important as a solid set of firewall rules for reducing an attacker's ability to compromise your systems or networks.

    For most security departments, this maintenance comes in the form of a vulnerability management program. Typically, these include patching, scanning, testing, mitigation- when they're done properly, they can prevent incidents before they happen. Vulnerability management is the key to a strong security program in any enterprise, but it's also a lot of work.

    In this webcast, we'll talk about why most security teams need vulnerability management, who to work with to get it done, and strategies to reduce the workload.
  • Trends in Advanced Threat Detection & Vulnerability Management Recorded: Apr 16 2019 61 mins
    Wade Woolwine, Rapid7, Ajay Uggirala, Juniper Networks & O'Shea Bowens, Null Hat Security & Paul Crichard, BT Global Services
    As cyber attacks become increasingly common, it is vital for organisations to be armed with the most effective tools and knowledge to prevent, detect and respond to cyber threats.

    Join this interactive Q&A panel with top security experts across the ecosystem to learn more about:

    - Trends in Advanced Threat Detection & Vulnerability Management
    - How to use analytics to fight against cyber attacks – patching, detection and response
    - What are the common mistakes made when it comes to Advanced Threat Detection implementation
    - Best practices and recommendations for improving your security posture

    Panel moderated by:
    Michele Drolet, CEO, Towerwall

    Wade Woolwine, Director of Managed Services, Rapid7
    Ajay Uggirala, Sr. Manager, Product Marketing, Juniper Networks
    O'Shea Bowens, CEO & Founder, Null Hat Security
    Paul Crichard, Security CTO, BT Global Services
  • Vulnerability Management - Why Programs Fail and What You Can Do About It Recorded: Apr 2 2019 60 mins
    Brian Carey, Manager, Security Consulting, Rapid7
    Vulnerability Management should be at the core of every Information Security program (it’s CIS Control #3) and yet it is often one of the most misunderstood elements. Requiring strong leadership and many foundational elements to be successful, programs often topple because the legs of the table we have built are not sturdy to hold the weight of our scanning tools, and the data these tools produce.

    Join Rapid7’s Brian Carey for a discussion on some of the more common reasons Vulnerability Management programs fail, and more importantly what we can all do to ensure that doesn’t happen.

    Some of the topics we’ll cover include:

    1. The leadership void - setting goals and expectations from the top.
    2. Roles & Responsibilities
    3. Asset Management
    4. Classification & Prioritization
    5. Remediation
    6. Reporting to your Executive Teams & Board
  • All-in on AppSec: The concepts, technologies, and approaches you need to know. Recorded: Mar 28 2019 43 mins
    Jay Paz, Director, Penetration Testing & Ben Glass, Manager, Product Consulting
    Web applications have vulnerabilities—period, full stop. Most “AppSec” efforts focus on creating more secure applications, or attempt to deploy network appliances to protect those in production. The rapid growth of DevOps, microservices, and cloud deployments have made it more essential to secure apps before they get to production, and security software vendors seem to be introducing new, shiny solutions every month. But where do you start? What approach should you take?

    Join Rapid7’s application security experts as they take you through:

    1. Navigating the application security technology landscape
    2. Prioritizing your application security efforts
    3. Ensuring security doesn’t hinder productivity
  • Balancing Prevention, Detection & Response: Your Guide to Success Recorded: Mar 21 2019 45 mins
    Alan Foster, Senior Solutions Engineer & Justin Buchanan, Senior Solutions Manager
    Security teams today understand the need to invest across threat prevention, detection, and incident response. But with strained teams, siloed technologies, and ever-looming compliance audits, where do you start?

    Join us for a special session with Justin and Alan, who will share prioritization guidance from working with hundreds of security teams, as well as key findings from an all-new Rapid7 Threat Report. We’ll cover:

    1. How teams are bringing automation to their vulnerability management program
    2. How to prioritize prevention across your modern network, from remote workers to cloud environments
    3. Top alerts & attacker trends, based on findings from Rapid7’s 24/7 Managed Detection and Response service
    4. Using the MITRE ATT&CK framework to assess your current detection capabilities
  • Threat Intelligence Driven Incident Response Recorded: Feb 20 2019 27 mins
    Tim Stiller, Senior Incident Response Consultant
    Threat intelligence is a core component of any Incident Response engagement or SOC investigation. While threat intel comes in many forms, shapes, and sizes—when used properly—it adds critical context that enables quick and accurate investigation decisions. If you understand the different types of threat intelligence used across your organization, your team can respond quickly to threats, and prioritize a detection strategy to stop future attackers.

    In this session, Tim will share:
    1. Key types of threat intelligence
    2. How each type should be used effectively
    3. Recycling: translating investigations into detections
  • Leveraging Your SIEM to Implement Security Best Practices Recorded: Feb 19 2019 28 mins
    Rohit Chettiar, Detection & Response Solutions Engineer, Rapid7
    The biggest challenge that security analytics addresses is the volume and diversity of information that can be analyzed at a given point to assist security professionals in detecting, responding to and mitigating cyber threats. But how do you leverage that data to implement security best practices?

    InsightIDR is a single solution that provides visibility across your traditional on-premise environment, but also extends monitoring to your remote endpoints and cloud services. Join us to learn how InsightIDR provides visibility into your network and highlight useful metrics to implement security best practices.

    In this webcast, we will discuss:

    1. How to make security analytics more consumable
    2. The data sources you need to collect and analyze
    3. How InsightIDR leverages pre-built analytics to detect top attack vectors
  • Checkmate: A Lesson in Vulnerability Management Strategy Recorded: Feb 12 2019 54 mins
    Nadean Tanner, Lead Technical Education Specialist, Rapid7
    The game of Chess originated in India around the 6th century AD. The purpose was believed to be for developing battle strategies, which is exactly what we do in cyber security. Chess helps improve mental abilities such as problem solving, critical thinking, pattern recognition, planning ahead, focus and concentration. This is the same mindset we strive for as IT professionals, specifically in vulnerability management. The vulnerability management goal is easy. It’s the surrounding problems, patterns and planning that makes it difficult.

    In this webinar, we will discuss thinking strategically of your vulnerability management program as a chess game. Our expert speaker, Nadean Tanner, will share actionable advice for building your vulnerability management program.
  • The Power of Employer Brand for Hiring and Retention Recorded: Feb 5 2019 60 mins
    Bart Macdonald - Sapling, Christina Luconi - Rapid7, Craig Forman - Culture Amp, Jamie Hitchens - Glassdoor
    When it comes to hiring and retention, your employer brand is huge. It’s your company’s value proposition combined with overall reputation that prospective and current employees use to evaluate whether or not your company is the right place to work. Employers need to meet high expectations and find innovative ways to communicate their culture to these audiences.

    In this panel webinar, HR leaders from Glassdoor, Sapling, Rapid7, and Culture Amp, will discuss how to leverage your employer brand to attract and retain top talent. Expert panelists from high-performance, hyper-growth organizations will answer your questions and share their practical experience, starting with how to ensure that your company values act as a rallying force for each team member in your company.

    The conversation will also cover these key aspects of building a powerful employer brand:

    - The best employee perks to boost your employer brand
    - How to define and showcase your employer value proposition
    - How to use your organization’s core beliefs as a rallying force for attracting and retaining your top talent
  • What Does 2019 Have in Store for Cybersecurity? A CISOs Perspective. Recorded: Jan 15 2019 45 mins
    Scott King, Rapid7; Shawn Valle, Rapid7; Gary Hayslip, Webroot; Vito Sardanopoli, Vantage CyberRisk Partners
    With the ever-changing threat environment and increasing prevalence of data breaches, today’s CISOs face a daunting task of securing their organization from a variety of threats. But, with so many priorities and a finite budget, it can sometimes feel like an impossible task to decide where to focus. So, what does 2019 have in store for cybersecurity and what are CISOs’ top priorities?

    Join Rapid7 and our panel of expert CISOs for our 2019 predictions. Some of the topics our panel will cover include:

    1. What are the top cybersecurity predictions for 2019?
    2. How will CISOs’ priorities change in 2019? What will become new areas of focus and what will decrease in priority?
    3. How will CISO’s investments change in 2019? What areas of cybersecurity do they see receiving more funding?
    4. Actionable insights for how to improve your organization’s cybersecurity strategy in 2019
  • Threats on the Horizon – What to Look for & How to Prepare Recorded: Dec 12 2018 47 mins
    Bob Rudis, Chief Data Scientist & Michelle Martinez, Senior Threat Intelligence Analyst
    Wondering what the top threats are for 2019? Join Rapid7 experts for a discussion of the top threats our team is tracking for the new year. Through extensive research and the engagements of our managed detection and response team, Bob Rudis and Michelle Martinez will share their research to help you protect your organization in the new year. 

    Some of the topics our experts will cover include: 

    1. The most prevalent threats we are tracking for 2019
    2. Top cybersecurity incidents of 2018 and how we expect those to impact 2019
    3. Key takeaways to help you put our research into practice at your organization
Powering the Practice of SecOps
Rapid7 (NASDAQ:RPD) powers the practice of SecOps by delivering shared visibility, analytics, and automation that unites security, IT, and DevOps teams. The Rapid7 Insight platform empowers these teams to jointly manage and reduce risk, detect and contain attackers, and analyze and optimize operations. Rapid7 technology, services, and research drive vulnerability management, application security, incident detection and response, and log management for more than 7,000 organizations across more than 120 countries, including 52% of the Fortune 100.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Java Serialization: A Practical Exploitation Guide
  • Live at: May 28 2019 6:00 pm
  • Presented by: Tod Beardsley, Research Director at Rapid7 and Jon Hart, Principal Security Researcher at Rapid7
  • From:
Your email has been sent.
or close