在Hexacon 2023 演讲中,有一个议题为“Exploiting Hardened .NET Deserialization: New Exploitation Ideas and Abuse of Insecure Serialization”,就是.net的反序列化的一些新思路和绕过补丁,非常精彩的议题和内容,议题内容也被作者整理成了白皮书,pdf上传在github。另外这次会议的其它议题也很精彩,推荐去看下
在这份白皮书中,展示了:
•可以在产品代码库中查找反序列化小工具。
•可以在第三方库中查找反序列化小工具。
•反序列化从不可利用变可利用
•.NET Framework中未被发现的小工具。
•使用任意getter调用小工具来大幅度增加攻击面
还提供了十几个反序列化/序列化小工具,并展示了一些
真实在野的漏洞,这些小工具曾经或可能在哪里使用。
利用这些知识来查找反序列化接收器中的安全漏洞
链接如下:
https://github.com/thezdi/presentations/blob/main/2023_Hexacon/whitepaper-net-deser.pdf
目录如下:
这会议的其它议题为:
A 3-Year Tale of Hacking a Pwn2Own Target: The Attacks, Vendor Evolution, and Lesson Learned
Orange Tsai
Finding and exploiting an old XNU logic bug
Eloi Benoist-Vanderbeken
A Comprehensive Review on the Less-Traveled Road: 9 Years of Overlooked MikroTik Pre-Auth RCE
NiNi
The Hazards of Technological Variety and Parallelism: An Avocado Nightmare
Stefan Schiller
Back to the Future with Platform Security
Krzysztof Okupski
Exploiting Hardened .NET Deserialization: New Exploitation Ideas and Abuse of Insecure Serialization
Piotr Bazydło
Unveiling Hidden Paths: Unearthing Vulnerabilities and Exploiting Modern Windows Kernel
Junoh Lee, JeongOh Kyea
A Year Fuzzing XNU Mach IPC
Nguyen Vu Hoang
Bypassing the Secure Kernel/Core Isolation (HVCI) memory protection
Viviane Zwanger, Henning Braun
Don't Lookaside or you'll miss it: Turning a Hyper-V cache miss into 200k cash
Leo Adrien
You have become the very thing you swore to destroy: Remotely exploiting an Antivirus engine
Simon Scannell
Bug Tales: Life and Death in the Sahara
Seamus Burke, Aaron Willey
The two-sided mirror, perspective on infosec from both a defensive and an offensive point of view
xerub
Breaking Out of the Box: Technical analysis of VirtualBox VM escape with Windows LPE
Thomas Bouzerar, Thomas Imbert
XORtigate: zero-effort, zero-expense, 0-day on Fortinet SSL VPN
Charles Fol
原文始发于微信公众号(军机故阁):.net反序列化的新利用
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论