10:30-10:44 AM - TRACK 2, ROOM 1400/1410 

CRAFTING MALICIOUS PAYLOADS FOR NEWTONSOFT EXPLOITATION (BY HAND) 

There are not many readily available resources online explaining how to exploit dangerous Newtonsoft deserialization contexts more complex than just baby’s first newtonsoft deserialization exploit. In this talk I will show off how to evaluate and exploit dangerous complex Newtonsoft deserialization usages which are not obvious even after learning the basics of Newtonsoft exploitation. Such as traversing the inheritance tree and exploiting collections utilizing System.Object rather than just exploiting basic System.Object occurrences