13:40 - 14:40
Talk (60 min)
Second Breakfast: Implicit and Mutation-Based Serialization Vulnerabilities in .NET
This talk describes novel attacks against .NET serialization that bypass current state-of-the-art mitigations.
Because these attacks violate typical assumptions regarding serializer security, applications that use these platforms and technologies are very likely to be vulnerable. Mitigations made to the vulnerable platforms discussed in this talk are limited, and application-level fixes will still be required in many cases. This talk describes techniques to detect and mitigate these vulnerabilities, along with best practices for avoiding them.