Java giving more shells on everything

Back in 2018 I blogged about how java gives a shell for everything, and also how to compile in memory as an AV Evasion technique. Some of these techniques have now been added into gtfo bins, and heroes even integrated them into metasploit. In this post I go through the most recent JDK/JRE and look… Continue reading Java giving more shells on everything

Java Stager without the Stager

I have been doing a lot of playing with Java recently. In fact, this will be the 3rd blog post in a month. - Where I showed a stager in Java which can download a custom payload file, compile it in memory, and then execute it. - Where I highlighted the potential for… Continue reading Java Stager without the Stager

Java gives a Shell for everything

Java gives a Shell for everything

Did you know that Java has shipped with a JavaScript engine which executes in memory and has been around for years? Well it does and it has. This rambling tale is about how I came about it over two engagements. Tl;dr - the highlights of this post are: Universal scripting capability via Java Runtime Environment… Continue reading Java gives a Shell for everything

Java-Stager – Hide from AV in Memory

== Update 08/08/2018 == The day after I posted it was Glasgow Defcon. I found a spare 30 minutes to make some slides so I did a lightning talk. I know lots of people like to have slides when slides exist so here they are: Though personally I think the blog post is going… Continue reading Java-Stager – Hide from AV in Memory