Explore critical flaws in Java Remote Method Invocation (RMI) and Common Object Request Broker Architecture (CORBA) in this 45-minute Black Hat conference talk. Delve into the technical workflow of these widely deployed cross-process communication mechanisms, uncovering security vulnerabilities and vendor implementation failures. Learn about Java remote protocols, simple architecture, protocol analysis, past exploits, and JRE history. Discover techniques for attacking RMI, including registry whitelist bypass, custom services, and JMX flow. Examine specific cases like IBM Websphere Application Server and understand why vendors are unprepared for these threats. Investigate attacks on RMI 45 and 46, focusing on (in)Security Manager and RMI Registry. Analyze exploits, identify vulnerability patterns, and explore the CORBA Naming Service. Gain insights into mitigation strategies and exploit development techniques to enhance your understanding of Java remote protocol security.