Second Breakfast: Implicit and Mutation-Based Serialization Vulnerabilities in .NET

Security

.NET serialization vulnerabilities can lead to remote code execution (RCE), with examples in LightDB and JSON.net, and common attack vectors including polymorphic serialization and mutation attacks. Learn how to prevent these attacks with best practices.

Key takeaways
  • .NET serialization vulnerabilities are a major issue and can lead to remote code execution (RCE).
  • LightDB is a .NET NoSQL driver that is vulnerable to RCE due to its use of polymorphic serializers.
  • JSON.net is also vulnerable due to its lack of strict type checking and ability to deserialize arbitrary types.
  • Polymorphic serializers can be used to bypass serialization binds and inject arbitrary code.
  • Mutation attacks can be used to modify serialized data and inject malicious code.
  • Implicit serialization vulnerabilities are present in many .NET serializers and can lead to RCE.
  • Best practices to prevent these attacks include: don't use polymorphic serializers, don't use unsafe serializers, and ensure that data being serialized is properly validated.
  • Articles and research papers on .NET serialization vulnerabilities are available online for reference.

More talks

Small Leaks, Billions Of Dollars: Practical Cryptographic Exploits That Undermine Crypto Wallets

XMPP Stanza Smuggling or How I Hacked Zoom

Building games in .NET MAUI - Shaun Lawrence - NDC London 2023

Connect remotely like a pro! Hack VPNs, avoid firewalls, connect even when your machine is down

SAINTCON 2016 - Michael Spicer (d4rkm4tter) - WiFi Surveillance at DEF CON 24

Wargames - Java vulnerabilities and why you should care by Gerrit Grunwald

Prakshi Yadav - Data lake: Design for schema evolution

PHP UK 2023 - Track 3 (King Vault)