all InfoSec news
Second Breakfast: Implicit and Mutation-Based Serialization Vulnerabilities in .NET
Jan. 16, 2024, 6:48 p.m. | Black Hat
Black Hat www.youtube.com
These attacks include serialization exploits of platforms that don't use well-known .NET serializers, "mutation" attacks that can exploit deserialization even when the serialized data cannot be tampered with, and techniques for bypassing serialization binders. New remote code execution vulnerabilities in MongoDB, LiteDB, ServiceStack.Redis, RavenDB, MartenDB, JSON.Net and the .NET JavaScriptSerializer are all demonstrated....
By: Will Pearce
Full Abstract and Presentation Materials:
https://www.blackhat.com/us-23/briefings/schedule/#second-breakfast--implicit-and-mutation-based-serialization-vulnerabilities-in-net-32128
art attacks bypass bypassing can code code execution current data deserialization don exploit exploits mitigations novel platforms remote code remote code execution serialization state techniques vulnerabilities well-known
More from www.youtube.com / Black Hat
Black Hat Asia 2024 Highlights
2 weeks, 3 days ago |
www.youtube.com
Locknote: Conclusions and Key Takeaways from Day 2
1 month, 3 weeks ago |
www.youtube.com
Locknote: Conclusions and Key Takeaways from Day 1
1 month, 3 weeks ago |
www.youtube.com
Keynote: My Lessons from the Uber Case
1 month, 3 weeks ago |
www.youtube.com
The Black Hat Europe Network Operations Center (NOC) Report
1 month, 3 weeks ago |
www.youtube.com
My Invisible Adversary: Burnout
1 month, 3 weeks ago |
www.youtube.com
Jobs in InfoSec / Cybersecurity
CyberSOC Technical Lead
@ Integrity360 | Sandyford, Dublin, Ireland
Cyber Security Strategy Consultant
@ Capco | New York City
Cyber Security Senior Consultant
@ Capco | Chicago, IL
Sr. Product Manager
@ MixMode | Remote, US
Corporate Intern - Information Security (Year Round)
@ Associated Bank | US WI Remote
Senior Offensive Security Engineer
@ CoStar Group | US-DC Washington, DC