NY State-Licensed Certificates in Design, Coding & AI — Online
Master Production-Ready Machine Learning, Step by Step
Overview
Build a Learning Habit
Download Class Central's free printable study calendar
Download for Free
Explore novel attacks against .NET serialization that bypass current state-of-the-art mitigations in this 44-minute conference talk from NDC Security in Oslo, Norway. Delve into serialization exploits of platforms not using well-known .NET serializers, "mutation" attacks exploiting deserialization even with untampered serialized data, and techniques for bypassing serialization binders. Witness demonstrations of new remote code execution vulnerabilities in MongoDB, LiteDB, ServiceStack.Redis, RavenDB, MartenDB, JSON.Net, and the .NET JavaScriptSerializer. Learn why applications using these platforms and technologies are likely vulnerable due to violations of typical serializer security assumptions. Discover techniques for detecting and mitigating these vulnerabilities, along with best practices for avoidance, as limited platform-level fixes often require additional application-level security measures.
Syllabus
Second Breakfast: Implicit and Mutation-Based Serialization Vulnerabilities in .NET - Jonathan Birch
Taught by
NDC Conferences