JVM App exploit
Bytecode level: for break in.
Model is attack a normal running Java process or a going to run Java applet. Maybe something like Inject.
1) escape sandbox (SecurityManager) from Applet, or from constraint, for example Load From Uncontrolled source with custom policy;
2) classLoader hijack;
3) Unserialize Object;
4) Reflection;
5) Module (jar, osgi-bundle);
6) Expression Language inject (OGNL, SPEL, JSTL_EL, MVEL, ...);
7) bytecode verify escape?
System level: for persist control.
1) web shell;
2) jni module hijack;
3) so hijack, like libc.so;
4) rt.jar hijack;
5) user space rootkit, binutils hijack;
6) kernel space rookit, LKM.