Are you my type? : Breaking NET Sandboxes through serialization

Channel:
United States All Hacking Cons
Subscribers:
5,970
Published on ● Video Link: https://www.youtube.com/watch?v=Wnxw54srdA0


Duration: 44:51
1 views
0

In May, Microsoft issued a security update for .NET due to a number of serious issues I found. This release was the biggest update in the product's history, it aimed to correct a number of specific issues due to unsafe serialization usage as well as changing some of the core functionality to mitigate anything which could not be easily fixed without significant compatibility issues.

This presentation will cover the process through which I identified these vulnerabilities and provide information on how they can be used to attack .NET applications, both locally and remotely, as well as demonstrating breaking out of the partial trust sandboxes used in technologies such as ClickOnce and XAML Browser Applications.
Presented By:
James Forshaw
Black Hat - USA - 2012 Hacking conference
#hacking, #hackers, #infosec, #opsec, #IT, #security



Other Videos By All Hacking Cons


2021-12-31File Disinfection Framework Striking back at the Polymorphic Viruses
2021-12-31Easy Local Windows Kernel Exploitation
2021-12-31Blended Threats and JavaScript: a plan for permanent network compromise
2021-12-31The Info Leak Era Software Exploitation
2021-12-31How many bricks does it take to Crack a Microcell?
2021-12-31Windows 7 Phone Hacking & Exploitation
2021-12-31The Christopher Columbus Rule and DHS
2021-12-31Web Tracking for You
2021-12-31Smashing the Furure for Fun & Profit Presented By:Jeff Moss Bruce Schneier Adam Shostack
2021-12-31Recent Java Exploitation Trends and Malware
2021-12-31Are you my type? : Breaking NET Sandboxes through serialization
2021-12-31Changing the Security Paradigm... Taking back your network and bringing pain to the adversary
2021-12-30There's a party at ring0 Tavis Ormandy, Julien Tinnes
2021-12-30Ushering in the post GRC world applied threat modeling Alex Hutton, Allison Miller
2021-12-30USB Paul carugati
2021-12-30The future of DNS Security Panel
2021-12-30CuteCats exe and the Arab Spring
2021-12-30Hacking the Corporare Mind: using social engineering tactics to improve organizational security
2021-12-30Legal Aspects of Cyberspace Operations
2021-12-30Meeting Yaniv Karta
2021-12-30A stitch in time saves nine: A Case of Multiple Operation System Vurnarability


Tags:
data
hacker
security
computer
cyber
internet
technology
hacking
attack
virus
information
hack
password
code
web
concept
thief
protection
network
scam
fraud
malware
secure
identity
criminal
phishing
software
access
safety
theft
system
firewall
communication
business
privacy
binary
account
spy
programmer
program
spyware
hacked
hacking conference
conference
learn
how to
2022
2021
cybersecurity
owned
break in
google
securing
exploit
exploitation
recon
social engineering
James Forshaw