Deep Dive into Deserialization

At 44CON 2018 we delivered a workshop on deserialization vulnerabilities, the latest new entry in the OWASP Top Ten most critical security risks. The workshop began with an introduction to this class of vulnerability before diving deep into more advanced exploitation techniques.

The topics covered included:

  • An introduction to deserialization vulnerabilities
  • Blind command execution and basic exploitation
  • Identifying and enumerating vulnerable targets
  • POP gadgets and gadget chains
  • Building a gadget chain
  • Modifying binary payloads to re-exploit “patched” targets
  • Advanced exploitation with shells and reverse shells

We’re able to offer this training both standalone and as part of a broader training programme. Get in touch to find out more about our training.