14th and 15th February, 2025
Kaapelitehdas, Helsinki Finland
Playing hide and seek in Java land - Extra Spicy edition!
Johnny Withad
Christoffer Jerkeby
We'll take you on a journey from conventional Java exploitation to the emerging threat of supply-chain attacks in the land of Java.
You'll learn about attack patterns in Java and why (and how) they're easily detectable. You'll also learn about exploits that are much stealthier (and why). Further, we'll transition into the latest and hottest trend in software security: Supply-chain attacks.
As a grand finale, we'll talk about Cross-Build Injection as a pivot point and advanced persistence in the Java build pipeline. As a parting gift, we provide you with an open-source tool we wrote for Red Teams to simulate these kinds of attacks in a viable way.
If you work with organizations/clients that build Java code, then you need to see this.
You'll learn about attack patterns in Java and why (and how) they're easily detectable. You'll also learn about exploits that are much stealthier (and why). Further, we'll transition into the latest and hottest trend in software security: Supply-chain attacks.
As a grand finale, we'll talk about Cross-Build Injection as a pivot point and advanced persistence in the Java build pipeline. As a parting gift, we provide you with an open-source tool we wrote for Red Teams to simulate these kinds of attacks in a viable way.
If you work with organizations/clients that build Java code, then you need to see this.
Johnny Withad
Security researcher.
Christoffer Jerkeby
Christoffer Kugg is a freelance security consultant based in Stockholm.
For the past 20 years, kugg has focused on application and product security. Aiming to support secure builds while finding the unexpected corner cases that make software unreliable.
Read his [security research blog](https://www.jerkeby.se).
