Master AI and Machine Learning: From Neural Networks to Applications
Lead AI Strategy with UCSB's Agentic AI Program — Microsoft Certified
Overview
Google, IBM & Meta Certificates – 40% Off
One plan covers every Professional Certificate on Coursera.
Unlock All Certificates
Explore novel attacks against .NET serialization that bypass current state-of-the-art mitigations in this 44-minute conference talk from NDC Security in Oslo, Norway. Delve into serialization exploits of platforms not using well-known .NET serializers, "mutation" attacks exploiting deserialization even with untampered serialized data, and techniques for bypassing serialization binders. Witness demonstrations of new remote code execution vulnerabilities in MongoDB, LiteDB, ServiceStack.Redis, RavenDB, MartenDB, JSON.Net, and the .NET JavaScriptSerializer. Learn why applications using these platforms and technologies are likely vulnerable due to violations of typical serializer security assumptions. Discover techniques for detecting and mitigating these vulnerabilities, along with best practices for avoidance, as limited platform-level fixes often require additional application-level security measures.
Syllabus
Second Breakfast: Implicit and Mutation-Based Serialization Vulnerabilities in .NET - Jonathan Birch
Taught by
NDC Conferences