Java Remote Method Invocation (RMI) and Common Object Request Broker Architecture (CORBA) are widely deployed mechanisms for cross-process communications. In this talk, we will walk through the technical workflow of the technologies, revealing several critical flaws under the hood and showing how vendors are failing at securing their implementations of them.
There are a number of previous works on the subject but we believe they have yet to capture the extent of their exploitability. We will disclose known, not widely known, and unknown exploitation techniques with overlooked 1-days and 0-days to present fruitful attack surfaces on the protocols’ implementation. This will be demonstrated via a number of pre-authentication, remote Code Execution exploits on products of some of the biggest vendors out there.