Save 40% on Coursera Plus Annual

Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

How I Used a JSON Deserialization 0day to Steal Your Money on the Blockchain

Black Hat via YouTube

Start learning Write review
Coursera Ad

Google AI Professional Certificate - Learn AI Skills That Get You Hired

Learn More → Unihackers Ad

Launch Your Cybersecurity Career in 6 Months

Learn More →

Overview

Coursera Spring Sale
40% Off Coursera Plus Annual!
Grab it
Explore a Black Hat conference talk that delves into exploiting a JSON deserialization vulnerability in Fastjson, a popular open-source JSON parser. Learn how the speakers bypassed security checks and mitigations by leveraging inheritance processes of basic classes to achieve remote code execution. Discover the step-by-step process, from introduction and demo to visualizing the serialized process, autotype support and bypass, magic method derivation, JSONpath, GenTron, and ReadWriteLevelDB. Gain insights into post-penetration techniques and understand the potential impact on blockchain security and financial transactions.

Syllabus

Introduction
Demo
Visualizing the serialized process
Autotype support
Autotype bypass
Magic Method
Derivation
JSONpath
Gen
Tron
ReadWrite
LevelDB
Red File
Read Files
Post Penetration

Taught by

Black Hat

Reviews

Start your review of How I Used a JSON Deserialization 0day to Steal Your Money on the Blockchain

Start learning

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.