all InfoSec news
Second Breakfast: Implicit and Mutation-Based Serialization Vulnerabilities in .NET
Jan. 16, 2024, 6:48 p.m. | Black Hat
Black Hat www.youtube.com
These attacks include serialization exploits of platforms that don't use well-known .NET serializers, "mutation" attacks that can exploit deserialization even when the serialized data cannot be tampered with, and techniques for bypassing serialization binders. New remote code execution vulnerabilities in MongoDB, LiteDB, ServiceStack.Redis, RavenDB, MartenDB, JSON.Net and the .NET JavaScriptSerializer are all demonstrated....
By: Will Pearce
Full Abstract and Presentation Materials:
https://www.blackhat.com/us-23/briefings/schedule/#second-breakfast--implicit-and-mutation-based-serialization-vulnerabilities-in-net-32128
art attacks bypass bypassing can code code execution current data deserialization don exploit exploits mitigations novel platforms remote code remote code execution serialization state techniques vulnerabilities well-known
More from www.youtube.com / Black Hat
Startup Spotlight Competition at Black Hat
4 days, 6 hours ago |
www.youtube.com
Locknote: Conclusions and Key Takeaways from Day 2
3 weeks, 2 days ago |
www.youtube.com
Locknote: Conclusions and Key Takeaways from Day 1
3 weeks, 2 days ago |
www.youtube.com
Keynote: My Lessons from the Uber Case
3 weeks, 2 days ago |
www.youtube.com
The Black Hat Europe Network Operations Center (NOC) Report
3 weeks, 3 days ago |
www.youtube.com
Jobs in InfoSec / Cybersecurity
Senior Security Engineer - Detection and Response
@ Fastly, Inc. | US (Remote)
Application Security Engineer
@ Solidigm | Zapopan, Mexico
Defensive Cyber Operations Engineer-Mid
@ ISYS Technologies | Aurora, CO, United States
Manager, Information Security GRC
@ OneTrust | Atlanta, Georgia
Senior Information Security Analyst | IAM
@ EBANX | Curitiba or São Paulo
Senior Information Security Engineer, Cloud Vulnerability Research
@ Google | New York City, USA; New York, USA