Tobias Neitzel presents open source tool at Black Hat USA 2021

4. August 2021

On 5 August, Tobias Neitzel, Managing Consultant IT Security at usd HeroLab, will present his tool "remote-method-guesser: A Java RMI Vulnerability Scanner" at Black Hat USA 2021.

The international security conference is one of the largest events for IT security experts and security managers worldwide. Speakers and participants from all over the world come together annually in Las Vegas in order to exchange information on new security vulnerabilities, defense mechanisms and trends in the IT security industry. This year, the Black Hat Main Conference will take place on 4 and 5 August as a hybrid event.

We had a chat with Tobias Neitzel about his presentation:

Tobias, how does it feel to present at Black Hat?

Tobias Neitzel: It's just an incredibly good feeling to be able to present at such a big event. Black Hat is one of the most important conferences for IT security experts and to be a part of it is a great honor for me. Two years ago, we already attended the event in Las Vegas as participants. Now to be a part of it as a speaker is a big dream come true.

What is your presentation about?

TN: My presentation is categorized in the Black Hat topic area "Arsenal". That' s where the latest open source tools and products are presented. In my presentation I will demonstrate my tool "remote-method-guesser (rmg)": a Java RMI vulnerability scanner that looks for misconfigurations in Java RMI endpoints. It combines well-known techniques for identifying RMI vulnerabilities with lesser-known attack vectors that are often overlooked. In addition to detecting RMI vulnerabilities, the remote-method-guesser can perform attack operations for any supported vulnerability type.

Why do you assume your tool was selected?

TN: Java RMI has a long history of known vulnerabilities, of which unfortunately only a few are documented in detail. It is therefore difficult for end users to understand which vulnerabilities their own components may be vulnerable to and what impact this has. Tools already exist for some vulnerabilities, but these usually focus on exploiting a specific vulnerability and are less suitable for the targeted identification of vulnerabilities. The remote-method-guesser allows analysts and users to easily and efficiently scan their RMI endpoints for common vulnerabilities. This adds real value to IT security.

You will present remote from Germany instead of live in Las Vegas. How can we picture that?

TN: All presentations will take place on a virtual event platform. At the announced time, my presentation will be available to participants on the platform in the form of a pre-recorded video. Anyone interested can watch the presentation on demand at their own pace. At the same time, I will be available for questions from the community in a live chat.

Why is your presentation a must-see?

TN: Although the central topic of the presentation is of course the remote-method-guesser tool, I focused the talk mostly on Java RMI vulnerabilities. Identifying vulnerabilities is important, but understanding them is far more important. During my talk, participants will learn the basics of Java RMI as well as the most important RMI related vulnerabilities. Those who run Java RMI endpoints themselves or test them regularly will be able to put this knowledge to good use.

For those who were not able to attend Black Hat USA 2021, watch the recording here.

Also interesting:

Top 3 Vulnerabilities in Mobile App Pentests

Top 3 Vulnerabilities in Mobile App Pentests

During their penetration tests (pentests), our security analysts at usd HeroLab repeatedly uncover vulnerabilities that pose significant risks to corporate security. They increasingly encounter the same vulnerabilities. Our blog series "Top 3 Vulnerabilities" presents...

Security Advisories for SONIX and SAP

Security Advisories for SONIX and SAP

The pentest professionals at usd HeroLab examined SONIX Technology Webcam and SAP Fiori Sample Shop during their pentests. Our professionals discovered that systems with a SONIX Technology Webcam using the SonixDeviceMFT.dll driver in their default configuration are...