Explore novel attacks against .NET serialization that bypass current state-of-the-art mitigations in this 24-minute Black Hat conference talk. Delve into serialization exploits of platforms not using well-known .NET serializers, "mutation" attacks exploiting deserialization even with untampered serialized data, and techniques for bypassing serialization binders. Witness demonstrations of new remote code execution vulnerabilities in MongoDB, LiteDB, ServiceStack.Redis, RavenDB, MartenDB, JSON.Net, and the .NET JavaScriptSerializer. Gain valuable insights from security expert Will Pearce on these cutting-edge vulnerabilities and their implications for .NET developers and security professionals.
Second Breakfast - Implicit and Mutation-Based Serialization Vulnerabilities in .NET
Overview
Syllabus
Second Breakfast: Implicit and Mutation-Based Serialization Vulnerabilities in .NET
Taught by
Black Hat
Related Courses
-
Implicit and Mutation-Based Serialization Vulnerabilities in .NET
-
Are You My Type? Breaking .NET Sandboxes Through Serialization
-
Pwning Your Java Messaging With Deserialization Vulnerabilities
-
Windows 2003 - .NET from the Hacker's Perspective
-
Practical HTTP Header Smuggling - Sneaking Past Reverse Proxies to Attack AWS and Beyond
-
It's a PHP Unserialization Vulnerability Jim, but Not as We Know It
