The most advanced course on Java hacking available today


Get FULL ACCESS to our online training course



Hacking Java Web and Client Apps

Developing your skills in Java security means that you are able to find vulnerabilities in all kinds of Java applications. Whether that's for the purpose of penetration testing, hunting for bug bounties, or defending your company infrastructure against Java related attacks.

Start your journey to become a Java hacking expert today.


Java - A universal language


Java is the number one programming language by number of projects and lines of code, and it has been occupying this position for decades.

Still, there isn't a single course fully dedicated to security issues specifically affecting Java.

Until now.

This course has been taught
at Black Hat USA 2019

What you’ll learn


We will take time for both practical exploitation and theoretical understanding of the each presented exploit. Root cause analysis and code review sessions are mixed with explanation of possible detection and bypass techniques.

  • Exploitation of Java deserialization vulnerabilities
  • Expression Language Injection
  • How to find security bugs in Java code

"Overall, an outstanding course. I liked the depth of the subjects. The lab exercises helped with understanding some of the more dense theory. I highly recommend it."

- Black Hat student (anonymous)

Questions on Hacking Java Web and Client Apps?


No problem! We will answer any questions you might have within 24 hours.




Course syllabus

We will take time for both practical exploitation and theoretical understanding of the each presented exploit. Root cause analysis and code review sessions are mixed with explanation of possible detection and bypass techniques.

  • Java Essentials
  • Serialization and deserialization
  • Deserialization under the hood
  • Building gadget chains
  • Finding trampolines
  • RCE via deserialization attacks
  • Expression Language basics
  • RCE via Expression Language
  • Understanding Java stack traces
  • Apache MyFaces exploitation
  • Decrypting viewstates
  • RichFaces and JSF
  • Java Debug Wire Protocol
  • RCE with JDWP
  • JMX/RMI basics
  • Exploitation of JMX/RMI services
  • Bypassing authentication mechanisms
  • Much more..

BONUS: Dissection of the Commons Collections gadget chain exploit


Did you ever wonder how a ysoserial payload works under the hood?

We recently added a bonus section in which we go step-by-step through the code of the payload for Apache Commons Collections.

In an elaborate demo video, we explain in detail how each part of the chain works together to eventually cause an RCE condition.

Student requirements

  • While prior Java programming experience is not a strict requirement, familiarity with main concepts of object oriented programming (OOP) will be greatly beneficial.
  • For the less advanced students it is worth noting that the course itself will cover the basics and theory behind each presented technique and attack, before the practical part is covered.

Your instructors


Meet our most experienced security professionals


Marco Ortisi has been working in the cybersecurity field for 20+ years. He has a wide experience as penetration tester and Red Team leader, as well as with teaching security courses. He attended both as speaker and as trainer at many international conferences and events such as Blackhat Las Vegas, BruCON, Confidence, Hackinbo, etc...


Stefan Broeder works as senior penetration tester in the financial industry. His main focus is on in-depth code review of web applications and research on Java vulnerabilities. He holds a M.Sc. degree in Computer Science and has several certifications such as OSCP, GXPN, GCED, GWEB, GFOR and RHCSA.

DEMO VERSION


of
Hacking Java Web and Client Apps

FREE


3 lessons


FULL ACCESS


to
Hacking Java Web and Client Apps

€599


25 lessons

15 lab exercises

Quizzes at the end of each
module to test your knowledge

E-Book 'Java Deserialization Bible'

BONUS module:
Apache Commons Collections
payload analysis

Lifetime access

FREE course updates

Premium support


Premium Support

We provide support via e-mail and our dedicated Red Timmy channel on Slack.

Technical questions are answered within 24 hours.

Red Timmy Security
© Copyright 2020