Iffy Books | 404 S. 20th St., PHL
hacking, free culture, gardening, zines
Microsoft announced that the BinaryFormatter class is insecure and cannot be made secure, but how bad can it be?
How about a remote code execution exploit?
Join us at DC215 where youโll see a demo of this attack and how itโs also exposed through JSON and Newtonsoft.
Demos and code samples are in C#, but this exploit is possible in any insecure deserialization process. By the end of this talk, you’ll know what to look for in your code and how to prevent it. If you’re a red teamer or pen tester you’ll add another attack vector to your toolkit.