Conference:  Defcon 31

Authors: Jonathan Birch Principal Security Software Engineer, Microsoft

2023-08-01

Exploits of insecure serialization leading to remote code execution have been a common attack against .NET applications for some time. But it's generally assumed that exploiting serialization requires that an application directly uses a serializer and that it unsafely reads data that an attacker can tamper with. This talk demonstrates attacks that violate both of these assumptions. This includes serialization exploits of platforms that don't use well-known .NET serializers and methods to exploit deserialization even when the serialized data cannot be tampered with. Remote code execution vulnerabilities in MongoDB, LiteDB, ServiceStack.Redis, RavenDB, MartenDB, JSON.Net and the .NET JavaScriptSerializer are all demonstrated. Techniques to both scan for and mitigate these vulnerabilities are also discussed, along with methods and obstacles for exploiting serialization in .NET 6+.

Conference:  Global AppSec Dublin 2023

Authors: Mehmet Önder Key

2023-02-16

In my research, besides the use of a new technique as compressed file(hpi,deb,jar etc.) manipulation in the field of remote code execution; this includes implementing this on popular web apps and publishing this 0day at the time of presentation.In most web applications, uploading harmful files is allowed with the precautions taken in the file upload section. One of these protection methods is file hash,extension,head,type etc control mechanisms. However, in this presentation, you will see how we can add a file to the system that we can run the code remotely with compressed file manipulation, how we can become an authorized user in the system, and how to increase the privileges of the seized application user on a popular applications. You will be able to see both a new method and 0Day in the presentation.