Time: 05:00 PM - 05:45 PM
Zimbra, one of the most popular email products, is a thick Java-based application with very large codebase and a mature security history. In this talk, the researcher will walk through the process he took to dig into Zimbra internals and uncover a series of major vulnerabilities in it. The process combine several important aspect of any vulnerability research such as static analysis, dynamic analysis and exploitation tricks. They eventually lead to the discovery of several Remote Code Execution exploit chains.
An is enthusiastic about offensive security and has been a self-taught pentester for 3 years. He has special interest in discovering and developing exploit chains, especially on server-side. Lately he invests more on vulnerability research in Java world.