Utilities
Tools in deployed environments
Making non-graphical Java monitoring and development tools is probably a good idea in at least lower environments. Whilst the tools allow substantial information exposure and could be exploited for lateral movement, any ability to perform code execution in a networked environment may be used to install and launch the binaries.
Profilers
Profilers may use JVMTI sockets or native communication with a JVM to extract events. In either case, remember that the JVM hosting the profiler must be configured appropriately to cope with the volume of events raised by the application under profiling.
Sampling Java profilers that don't use the AsyncGetCallTrace
interface are prone to misrepresenting the relative cost of method calls due to safepoint bias, since they're only able to inspect threads' stacks when they're in safepoints. These occur when a thread is:
- Blocked on a synchronisation event.
- Blocked on a monitor.
- Blocked on an I/O wait.
- Parked.
- Executing JNI and not locking GC.
- Honouring a JVM request to enter a safepoint during a memory allocation, or loop or method transition in compiled code.
Heap analysis
Eclipse MAT post-processes
Children