Explore Java's Remote Method Invocation (RMI) security vulnerabilities in this 42-minute conference talk from 44CON 2017. Delve into the prevalence of RMI, common security mistakes, potential exploits, and methods for securing RMI services. Learn about BaRMIe, a tool developed for RMI service enumeration and exploitation, and discover vulnerabilities within Java itself. Gain insights into RMI registry services, implementation, security concerns, and insecure usage. Witness demonstrations of RMI enumeration, exploitation techniques, and full RMI proxying. Understand the implications of deserialization attacks and their impact on popular software like Apache JMeter and Adobe ColdFusion.