all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Finding Deserialization Bugs in the SolarWind Platform

Add to bookmarks
Sept. 21, 2023, 4:12 p.m. | Piotr Bazydło

Zero Day Initiative - Blog www.zerodayinitiative.com

It’s been a while since I have written a blog post, please accept my sincerest apologies. This is because a lot of fun stuff that I’ve recently done is going to be presented during conferences.

Please treat this post as a small introduction to my upcoming Hexacon 2023 talk titled “Exploiting Hardened .NET Deserialization: New Exploitation Ideas and Abuse of Insecure Serialization”. The entire talk and research was inspired by two small research projects, one of which focused on issues …

accept blog blog post bugs conferences deserialization exploiting fun introduction platform upcoming written

Visit resource

More from www.zerodayinitiative.com / Zero Day Initiative - Blog

CVE-2024-30043: Abusing URL Parsing Confusion to Exploit XXE on SharePoint Server and Cloud 2 days, 12 hours ago | www.zerodayinitiative.com
abusing blog blog post bug +23
MindShaRE: Decapping Chips for Electromagnetic Fault Injection (EMFI) 1 week, 2 days ago | www.zerodayinitiative.com
attack automotive blog blog post +12
The May 2024 Security Update Review 2 weeks, 4 days ago | www.zerodayinitiative.com
adobe blog post can check +16
CVE-2024-21115: An Oracle VirtualBox LPE Used to Win Pwn2Own 3 weeks, 2 days ago | www.zerodayinitiative.com
april blog blog post bug +18
CVE-2024-2887: A Pwn2Own Winning Bug in Google Chrome 4 weeks, 2 days ago | www.zerodayinitiative.com
blog blog post browsers bug +20
CVE-2024-20697: Windows Libarchive Remote Code Execution Vulnerability 1 month, 2 weeks ago | www.zerodayinitiative.com
amp blog post bug code +25
The April 2024 Security Updates Review 1 month, 3 weeks ago | www.zerodayinitiative.com
adobe april blog post can +12
Pwn2Own Vancouver 2024 - Day Two Results 2 months, 1 week ago | www.zerodayinitiative.com
blog post chrome edge event +10
Pwn2Own Vancouver 2024 - Day One Results 2 months, 1 week ago | www.zerodayinitiative.com
blog blog post browser day one +11

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland
View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City
View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL
View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US
View on infosec-jobs.com

Corporate Intern - Information Security (Year Round)

@ Associated Bank | US WI Remote
View on infosec-jobs.com

Senior Offensive Security Engineer

@ CoStar Group | US-DC Washington, DC
View on infosec-jobs.com