logo
allArticlesConferencesPresentations

Second Breakfast: Implicit and Mutation-Based Serialization Vulnerabilities in .NET

Conference:  Defcon 31

2023-08-01

Authors:   Jonathan Birch Principal Security Software Engineer, Microsoft

Abstract

Exploits of insecure serialization leading to remote code execution have been a common attack against .NET applications for some time. But it's generally assumed that exploiting serialization requires that an application directly uses a serializer and that it unsafely reads data that an attacker can tamper with. This talk demonstrates attacks that violate both of these assumptions. This includes serialization exploits of platforms that don't use well-known .NET serializers and methods to exploit deserialization even when the serialized data cannot be tampered with. Remote code execution vulnerabilities in MongoDB, LiteDB, ServiceStack.Redis, RavenDB, MartenDB, JSON.Net and the .NET JavaScriptSerializer are all demonstrated. Techniques to both scan for and mitigate these vulnerabilities are also discussed, along with methods and obstacles for exploiting serialization in .NET 6+.
Materials:
Slides
Tags:
Serialization
Insecure
remote code execution
MongoDB
LiteDB

Post a comment

Related work

How I use a JSON Deserialization 0day to Steal Your Money On The Blockchain

Conference:  Defcon 29
Authors:
2021-08-01

The Undeniable Truth: How Remote Attestation Circumvents Deniability Guarantees in Secure Messaging Protocols

Conference:  BlackHat EU 2018
Authors:
2018-12-05

High-Stakes Updates | BIOS RCE OMG WTF BBQ

Conference:  Defcon 29
Authors:
2021-08-01

Discovering Hidden Properties to Attack the Node.js Ecosystem

Conference:  BlackHat USA 2020
Authors:
2020-08-05

Discovering Hidden Properties to Attack Node.js ecosystem

Conference:  Defcon 28
Authors:
2020-08-01

Internal Server Error: Exploiting Inter-Process Communication in SAP's HTTP Server

Conference:  Black Hat USA 2022
Authors:
2022-08-10