BSides Singapore 2019 Schedule

Conference Schedule 2019

BSides Singapore


Popping 0days Out of a Thick Java Application: A Dive into Zimbra

Time: 05:00 PM - 05:45 PM

Zimbra, one of the most popular email products, is a thick Java-based application with very large codebase and a mature security history. In this talk, the researcher will walk through the process he took to dig into Zimbra internals and uncover a series of major vulnerabilities in it. The process combine several important aspect of any vulnerability research such as static analysis, dynamic analysis and exploitation tricks. They eventually lead to the discovery of several Remote Code Execution exploit chains.



Speaker 1
An Trinh

An is enthusiastic about offensive security and has been a self-taught pentester for 3 years. He has special interest in discovering and developing exploit chains, especially on server-side. Lately he invests more on vulnerability research in Java world.