Session
Remote Code Execution with Serialization Vulnerabilities
Microsoft announced that the BinaryFormatter class is insecure and cannot be made secure, but how bad can it be?
This can be exploited to launch a remote code execution exploit. We'll demo this attack and show this vulnerability using JSON and Newtonsoft.
Demos and code samples are in C#, but this exploit is possible in any insecure deserialization process. By the end of this talk, you'll know what to look for in your company's code and how to prevent the attack.
John Iwasz
Partner Technologist at AVEVA
Philadelphia, Pennsylvania, United States
Links
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top