Stay safe, grab a drink and join us virtually for our upcoming "The Hacking Game - A Road to Post Exploitation" meetup to learn how hackers can compromise the software supply chain, advanced data protection methods on WebLogic Server and how to use AI in order to protect your software. Agenda: 17:00 - 17:10 - 'Opening words' - by Gidi Farkash (CISO at Pipl Security) 17:10 - 17:40 - 'Tracking Attackers in Open Source Supply Chain - Lessons Learned' - by Jossef Harush Kadouri (Head of Software Supply Chain Security at Checkmarx) 17:40 - 18:20 - 'WebLogic - The Road to Post Exploitation' - by Amit German (Cyber Security Researcher at Pentera) 18:20 - 19:00 - 'AI In The Hands of Application Security' - by Brit Glazer (Head of Information Security at Unit)

1. Join Us:
https://www.linkedin.com/company/
application-security-virtual-meetups
QR Link:

2. The Dark Side of AI: The Hidden
Risks in Open-Source AI Models
Jossef Harush Kadouri
Head of SCS
Checkmarx
@jossefharush
3

3. Agenda
• Software Supply Chain
• Attacks in Software Supply Chain
• Open Source AI Models
• AI Models Vulnerabilities
• Takeaways and Summary
4

4. 2023 Checkmarx. All Rights reserved. 5

5. 6

6. 7

7. 8

8. 2023 Checkmarx. All Rights reserved. 9

9. 2023 Checkmarx. All Rights reserved. 10

10. • Ducati trip
11

11. 12

12. Fighting Supply Chain Attackers
My Team’s Mission:

13. Software Supply Chain
14

14. Software Supply Chain Risks
15

19. 20

20. 21

25. Attacks in Software Supply Chain

45. List of Popular Packages Gone Bad
• PyTorch
• ua-parser-js
• coa
• rc
• node-ipc
• colors, faker
• styled-components
• …

63. 64

64. 65

65. 66

66. 67

67. 68

68. 69

69. 70

70. 71

72. 73

73. 74

74. 2023 Checkmarx. All Rights reserved. 75

75. 2023 Checkmarx. All Rights reserved. 76

76. 2023 Checkmarx. All Rights reserved. 77

77. 78

81. Hiding Malicious Code In
Model
82

82. Pickle
• Built-in Python module
• Helps storing complex Python objects into binary files
• Used in many applications, specifically when saving and loading
machine learning models

83. 84
import pickle

84. 85
import pickle
data = {'a': 100, 'b': 200, 'c': 300, 'd': 400}

85. 86
import pickle
data = {'a': 100, 'b': 200, 'c': 300, 'd': 400}
with open('data.pickle', 'wb') as f:
pickle.dump(data, f)

86. 87
import pickle
with open('data.pickle', 'rb') as f:
data = pickle.load(f)
print(data)
{'a': 100, 'b': 200, 'c': 300, 'd': 400}

87. 88
import pickle
class MyObject:
def __init__(self, name):
self.name = name
data = MyObject('test’)
with open('data.pickle', 'wb') as f:
pickle.dump(data, f)

88. Pickle is A Weak Format
• An attacker can execute arbitrary code during unpickling
89

89. 90
import pickle
class MyObject:
def __init__(self, name):
self.name = name
def __reduce__(self):
return exec, ('print("hello from pickle")',)
data = MyObject('test’)
with open('data.pickle', 'wb') as f:
pickle.dump(data, f)

90. 91
import pickle
with open('data.pickle', 'rb') as f:
data = pickle.load(f)
print(data)
hello from pickle
None

91. 92
80%+ of HuggingFace models use insecure format
*stats from 2023

92. Creating a malicious model
93

96. 97

102. Model Poisoning
103

103. Clone
legitimate
model
Train
model to
suggest
malicious
code
New
model
produce
malicious
code
Model
with data
poisoning

104. How the training looks like
105

105. 106

106. 107

108. 2023 Checkmarx. All Rights reserved. 109

109. 2023 Checkmarx. All Rights reserved. 110

110. 2023 Checkmarx. All Rights reserved. 111

111. 2023 Checkmarx. All Rights reserved. 112

112. 2023 Checkmarx. All Rights reserved. 113

113. 2023 Checkmarx. All Rights reserved. 114

114. Takeaways

115. Picklescan
• Command-line tool
• Python Pickle Malware Scanner
• Open source, MIT License

116. SafeTensors
• Better and secure format
117

117. Overlay
• Browser extension to help evaluate open source packages
• Data Sources: Snyk Advisor, Debricked, Socket.dev, Deps.dev.
• Metrics:
• Popularity, quality, security, maintenance, compatibility.
• Detailed Info:
• License, dependencies, vulnerabilities, issues, releases, etc.
• Open source, Apache 2.0 License

122. Takeaways
• Reduce the excessive trust in open source
• Vet your open source
• Avoid pickle models, use SafeTensors models

123. medium.com/
checkmarx-security

124. Thank You
https://github.com/os-scar/overlay
https://github.com/jossef/malicious-ai-demos
https://medium.com/checkmarx-security

125. Fighting Supply Chain Attackers
My Team’s Mission:

127. PAGE
Amit German
Pentera Research Group
130
WebLogic - A Road to
Post Exploitation

128. PAGE
131
Agenda
● Whoami
● Motivation
● What is WebLogic?
● Why WebLogic?
● CVE-2020-14883 + CVE-2020-14882
● Post-Exploitation (and a lot of it)
● Mitigations
● Summary

129. PAGE
Whoami
● Amit German, 25
○ 🇮🇱 Living in Israel 🇮🇱
○ Working @ Pentera as an Offensive Security Researcher
● Originally a Blue Teamer
132

130. PAGE
Relevancy
133

131. PAGE
Motivation (An over over simplification)
134
Database Backend Frontend
(Website)

132. PAGE
What is WebLogic?
● An enterprise-level application server developed by Oracle
● Based on Java Enterprise Edition (Java EE)
● Operates as a middleware – a bridge between Backend and Frontend
○ Capable of hosting multiple applications
○ Supports database connections
135
● Nightmare to update :)

133. PAGE
What is WebLogic?
● An enterprise-level application server developed by Oracle
● Based on Java Enterprise Edition (Java EE)
● Operates as a middleware – a bridge between Backend and Frontend
○ Capable of hosting multiple applications
○ Supports database connections
136
● Nightmare to update :)

134. PAGE
Why WebLogic?
137
Database Backend Frontend
(Website)

135. PAGE
Why WebLogic?
138

136. PAGE
Why WebLogic?
139

137. PAGE
140
Why WebLogic?

138. PAGE
Time to take a look!
• The the world of WebLogic!
141

139. PAGE
What now?
● Goals
● Remote Code Execution (RCE) on the WebLogic Server
● Collect useful data
● Deploy a backdoor
● Requirements
○ Authentication Bypass
○ Remote Code Execution (RCE)
○ CVE-2020-14883 + CVE-2020-14882
143
! There are 274 known vulnerabilities
!

140. PAGE
CVE-2020-14883
● Authentication bypass
● Super easy to execute
● console/css/%252e%252e%252fconsole.portal
144
../

141. PAGE
CVE-2020-14882
● Authenticated remote code execution
● Exploits weaknesses in WebLogic’s HTTP request handling
● Chained together with CVE-2020-14883 = unauthenticated RCE!
● Two methods
○ Shell Method
○ Remote XML Method
147

142. PAGE
CVE-2020-14882
● Shell Method
○ Very easy to execute
○ Sending a command using a handle to a library used by WebLogic’s web server
○ Only works for newer versions of WebLogic
○ 12.2.1.3.0 and newer
○ Not working on 10.3.6.0.0 and 12.1.3.0.0
○ Gimme passwords!
148

143. PAGE
149
CVE-2020-14882 – Shell Method
● Shell Method
○ Very easy to execute
○ Sending a command using a handle to a library used by WebLogic’s web server
○ Only works for newer versions of WebLogic
○12.2.1.3.0 and newer
○Not working on 10.3.6.0.0 and 12.1.3.0.0
○ Gimme passwords!

144. PAGE
CVE-2020-14882 – Remote XML Method
● Remote XML Method
○ “ShellSession” does not exist on older versions
○ We’ll use “FileSystemXmlApplicationContext”, which exists on every WebLogic version
• Harder than the Shell Method – and less likely to succeed
• Has many limitations
150

145. PAGE
CVE-2020-14882 – Remote XML Method
151
WebLogic Console
WebLogic Server
Malicious
Server
Attacker
Malicious URL

146. PAGE
CVE-2020-14882
• Step 1. Craft a malicious XML
152

147. PAGE
CVE-2020-14882
• Step 2. Execute it on the WebLogic server
153

148. PAGE
Now what??? - Post-Exploitation
● We have achieved unauthenticated remote code execution!
● Time to move on to the next goals
○ Find interesting, useful data
○ Upload a webshell
154

149. PAGE
WebLogic Management API
• A.K.A - WLS RESTful Management Interface
“WebLogic RESTful management services provide a comprehensive public interface for
configuring, monitoring, deploying and administering WebLogic Server in all supported
environments.”
155

150. PAGE
WebLogic Management API
• Management API
156

151. PAGE
Back to planning!
● New GOALS
○ Extract WebLogic console user credentials
○ Find interesting, useful data
○ Webshell
158

152. PAGE
Tell me your password WebLogic
● WebLogic saves its encrypted password in the following scenarios
○ WebLogic is running in development mode
■ config.xml
○ WebLogic has been configured with “quick startup” - no credentials are needed if server
restarts
■ boot.properties
● WebLogic always saves it’s encryption key in a file
○ SerializedSystemIni.dat
159

153. PAGE
Getting the files :)
• We already have RCE so can easily extract the files!
160

154. PAGE
Getting the files :)
● Extracting config.xml
161

155. PAGE
Getting the files :)
• Extracting boot.properties
162

156. PAGE
Getting the files :)
● Extracting SerializedSystemIni.dat
163
A blob of base64 data

157. PAGE
Getting the files :)
164
• Smashing ‘em all together into one payload
• And execute using the Shell Method

158. PAGE
Getting the files :)
165
• Smashing ‘em all together into one payload
• And execute using the Shell Method

159. PAGE
Time to decrypt!

160. PAGE
Time to decrypt!
Using a decryption script by gquere -

161. PAGE
Management API - Here we come!
• Management API
168

162. PAGE
170
Management API - Here we come!
● Finding databases
● …/management/weblogic/latest/serverConfig/JDBCSystemResources
● Databases
○ Press to CYBER

163. PAGE
173
Management API - Here we come!
● Finding deployed applications
● …/management/weblogic/latest/domainRuntime/deploymentManager/appDeploymentRuntimes
● Deployed Apps
○ App

164. PAGE
It’s WebShell time!
● Plan
● Download -> Modify -> Upload -> Victory
176

165. PAGE
It’s WebShell time!
● Step 1
Get the path for the deployed application
● …/management/weblogic/latest/edit/appDeployments/benefits
• App Path
177

166. PAGE
It’s WebShell time!
● Step 2
Download the file using CVE-2020-14882
● We get a WAR (Web Application Resource or Web Application Archive)
file that we can easily unzip
179

167. PAGE
It’s WebShell time!
● Step 3.
You must do AI stuff to be cool these days
● Ask ChatGPT to write a JSP WebShell
180

168. PAGE
181
It’s WebShell time!
● Step 4
Place the WebShell and rezip the WAR file

169. PAGE
182
It’s WebShell time!
● Step 5
Redeploy the application using the malicious WAR file

170. PAGE
183
It’s WebShell time!
● Step 6
Access the malicious JSP file
● …/benefits/webshell.jsp
● WebShell

171. PAGE
186
It’s WebShell time!
● Step 7
Write an article or present at a meetup or something idk :-)

172. PAGE
Summary
• We achieved unauthenticated remote code execution
• Using CVE-2020-14883 and CVE-2020-14882
• Shell Method
• Remote XML Method
• We obtained and decrypted WebLogic’s admin user credentials
• Using the admin credentials, we accessed the management API
• We decrypted database passwords
• We uploaded a malicious webshell to a legit application
187

173. PAGE
Mitigation
• Limit access to the admin port
• Monitor access to sensitive files
• config.xml, SerializedSystemIni.dat, boot.properties
• Monitor commands running using the server’s user
• Web Application Firewall (WAF)
• Multi Factor Authentication (MFA)
• Patch!!!
188

174. PAGE
Questions?
189

175. AI's Role in enhancing
Application Security
Brit Glazer

176. Linkedin - https://www.linkedin.com/in/brit-glazer-38b3779a/
About Me
Brit Glazer
Head of Information Security @ Unit Finance
InfoSec professional with over 13 years of
experience

177. Agenda
What is Machine Learning
1
Leverage AI for Enhanced
Protection in Application Security
2
Case Studies
3
Advantages of AI-Driven Systems
Over Traditional Methods
4
Safely Embracing AI
5

178. What is Machine Learning
Enhanced Productivity
1
Data Analysis and Insights
2
Cost Reduction
3
Scalability
4
A process of training algorithms to recognize patterns and relationships in data,
which can then be used to make predictions about new, unseen data.

179. Leverage AI for Enhanced Protection in
Application Security
Pattern
Recognition &
Anomaly
Detection
Immediate
Reaction to
Threats
Predictive
Analytics
Evolving with
Threats

181. Case Studies
AI In Financial
Services
‘BankSecure’

182. Case Studies
AI In E-
Commerce
‘ShopSmart’

183. Advantages of AI-Driven Systems Over
Traditional Methods
Speed
Learn &
Adapt
Cost -
Effective

184. Safely Embracing AI
Safeguard Data
Privacy &
Confidentiality
Comply with
Regulatory
Standards
Identify
Vulnerabilities &
Bias
Understand the
Technology
Prioritize Reputable
Sources

186. Q&A

187. Thank You!
Questions?
To be continued…
https://www.linkedin.com/company/application-security-virtual-meetups