Room 4 

13:40 - 14:40 


Talk (60 min)

Second Breakfast: Implicit and Mutation-Based Serialization Vulnerabilities in .NET

This talk describes novel attacks against .NET serialization that bypass current state-of-the-art mitigations.

Application Security

These attacks include serialization exploits of platforms that don't use well-known .NET serializers, "mutation" attacks that can exploit deserialization even when the serialized data cannot be tampered with, and techniques for bypassing serialization binders. New remote code execution vulnerabilities in MongoDB, LiteDB, ServiceStack.Redis, RavenDB, MartenDB, JSON.Net and the .NET JavaScriptSerializer are all demonstrated.

Because these attacks violate typical assumptions regarding serializer security, applications that use these platforms and technologies are very likely to be vulnerable. Mitigations made to the vulnerable platforms discussed in this talk are limited, and application-level fixes will still be required in many cases. This talk describes techniques to detect and mitigate these vulnerabilities, along with best practices for avoiding them.

Jonathan Birch

Jonathan Birch is a Principal Software Security Engineer at Microsoft, where he provides security guidance and penetration testing for the development of Microsoft Office. He has previously presented at Black Hat USA in 2019 with his talk "Host/Split: Exploitable Antipatterns in Unicode Normalization". He has also presented at Microsoft's BlueHat Security Conference on research he conducted regarding serialization security (2017) and unintended authentication (2016).