Saladin launched further conquests in northern Syria and Upper Mesopotamia, escaping two attempts on his life by the Assassins, before returning to Egypt in 1177 to address local issues there. By mid-1175, Saladin had conquered Hama and Homs, inviting the animosity of other Zengid lords, who were the official rulers of Syria's principalities he subsequently defeated the Zengids at the Battle of the Horns of Hama in 1175, and was thereafter proclaimed the ' Sultan of Egypt and Syria' by the Abbasid caliph al-Mustadi. Not long after Nur ad-Din's death in 1174, Saladin launched his conquest of Syria, peacefully entering Damascus at the request of its governor. In the following years, he led forays against the Crusaders in Palestine, commissioned the successful conquest of Yemen, and staved off pro-Fatimid rebellions in Egypt. During his tenure, Saladin, a Sunni Muslim, began to undermine the Fatimid establishment following al-Adid's death in 1171, he abolished the Cairo-based Isma'ili Shia Muslim Fatimid Caliphate and realigned Egypt with the Baghdad-based Sunni Abbasid Caliphate. After Shawar was assassinated and Shirkuh died in 1169, al-Adid appointed Saladin as vizier. Saladin, meanwhile, climbed the ranks of the Fatimid government by virtue of his military successes against Crusader assaults as well as his personal closeness to al-Adid. With their original purpose being to help restore Shawar as the vizier to the teenage Fatimid caliph al-Adid, a power struggle ensued between Shirkuh and Shawar after the latter was reinstated. At the height of his power, the Ayyubid realm spanned Egypt, Syria, Upper Mesopotamia, the Hejaz, Yemen, and Nubia.Īlongside his uncle Shirkuh, a general of the Zengid dynasty, Saladin was sent to Fatimid Egypt in 1164, on the orders of the Zengid ruler Nur ad-Din. An important figure of the Third Crusade, he spearheaded the Muslim military effort against the Crusader states in the Levant. Hailing from a Kurdish family, he was the first sultan of both Egypt and Syria. 1137 – 4 March 1193), commonly known as Saladin, was the founder of the Ayyubid dynasty. This is why Pierre Ernst came up with the seminal “Look-ahead Java deserialization” concept in 2013.ĭuring this talk, the current look-ahead implementation will be bypassed with a live demo, and a more robust mitigation will be presented.Salah ad-Din Yusuf ibn Ayyub ( c. While the root cause of the issue lies with a lenient Java API (not allowing to specify which class is to be deserialized), we need an immediate fix. When it comes to fixing this class of vulnerabilities, it is hard to reach a consensus: some library maintainers consider that there is no point fixing the “gadgets” and that all application should simply stop accepting serialized input. These deserialization vulnerabilities can be divided into 2 groups: endpoints allowing deserialization of arbitrary classes known to the application, or serialization “gadgets” allowing to weaponize malicious input for these endpoints. More recently, several vulnerabilities exploiting this flaw have been published. His favorite research topics include: weaponizing XML External Entity (XXE) attacks and XPath injections, finding novel ways of triggering hash table collisions and exploiting all sorts of deserialization technologies.ĭeserializing untrusted input with Java has been known to be a risky proposition for at least 10 years. In his spare time, he still enjoys finding high-value vulnerabilities and tries to make open source components more secure using his weapon of choice: code review. His current focus is helping organisations improve their security posture by playing both offense and defense. Pierre Ernst has 20 years of professional experience in building and breaking applications. Talk given by Pierre Ernst, Product Security Lead at Salesforce, at Hack Fest 2016 on November 2016
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |