Are You My Type? Breaking .NET Sandboxes Through Serialization

Explore a comprehensive analysis of .NET serialization vulnerabilities and their exploitation in this Black Hat USA 2012 conference talk. Delve into the process of identifying security issues that led to Microsoft's largest .NET update, and learn how these vulnerabilities can be used to attack .NET applications both locally and remotely. Discover techniques for breaking out of partial trust sandboxes used in technologies like ClickOnce and XAML Browser Applications. Gain insights into various aspects of serialization, including binary serialization, the ISerializable interface, and NET Remoting Architecture. Examine active attack methods, such as path normalization and bypassing type filtering, while understanding protective measures. Investigate partial trust sandboxes, code access security, and XBAP exception handling. Uncover advanced exploitation techniques involving delegate multicasting, type confusion, reflection attacks, and hashtable serialization. Enhance your understanding of .NET security vulnerabilities and their potential impact on application integrity.