all InfoSec news
Pwn2Owning Two Hosts at the Same Time: Abusing Inductive Automation Ignition’s Custom Deserialization
Malware Analysis, News and Indicators - Latest topics malware.news
Pwn2Own Miami 2022 was a fine competition. At the contest, I successfully exploited three different targets. In this blog post, I would like to show you my personal best research of the competition: the custom deserialization issue in Inductive Automation Ignition.
There are several things that make this vulnerability interesting, including the following:
· It exists in a custom deserialization routine, which seems to derive some inspiration from the Java XMLDecoder.
· It allows you to gain Remote Code Execution …
abusing automation blog blog post competition contest deserialization exploited ignition issue miami personal pwn2own pwn2own miami 2022 research things vulnerability