Max TOOR
10:30-10:44 AM - TRACK 2, ROOM 1400/1410
CRAFTING MALICIOUS PAYLOADS FOR NEWTONSOFT EXPLOITATION (BY HAND)
There are not many readily available resources online explaining how to exploit dangerous Newtonsoft deserialization contexts more complex than just baby’s first newtonsoft deserialization exploit. In this talk I will show off how to evaluate and exploit dangerous complex Newtonsoft deserialization usages which are not obvious even after learning the basics of Newtonsoft exploitation. Such as traversing the inheritance tree and exploiting collections utilizing System.Object rather than just exploiting basic System.Object occurrences
MAX TOOR
My name is Max Toor, I’m a big dumb nerd that likes sitting in front of a computer 24/7 and long walks on the beach (and security researcher for Microsoft)