#binaryformatter — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #binaryformatter, aggregated by home.social.
-
With the release of PowerShell Studio 2025, we updated our Windows Form generated code to remove the BinaryFormatter class when loading image data for Images, Icons, and ImageLists.
Read more on our SAPIEN Blog 👉 https://www.sapien.com/blog/2025/01/27/powershell-studio-and-binaryformatter-class/
-
With the release of PowerShell Studio 2025, we updated our Windows Form generated code to remove the BinaryFormatter class when loading image data for Images, Icons, and ImageLists.
Read more on our SAPIEN Blog 👉 https://www.sapien.com/blog/2025/01/27/powershell-studio-and-binaryformatter-class/
-
With the release of PowerShell Studio 2025, we updated our Windows Form generated code to remove the BinaryFormatter class when loading image data for Images, Icons, and ImageLists.
Read more on our SAPIEN Blog 👉 https://www.sapien.com/blog/2025/01/27/powershell-studio-and-binaryformatter-class/
-
Krytyczna podatność w Citrix Virtual Apps and Desktops
Rozwiązania takie jak Citrix Virtual Apps and Desktops pozwalają zmienić paradygmat pracy, dzięki scentralizowanej platformie, która odpowiada za wirtualizację, pracownicy mogą kontynuować wykonywanie swoich zadań od miejsca, w którym je skończyli na zupełnie innym urządzeniu. Centralizacja pozwala na ułatwienie zarządzania czy monitorowania, co może mieć pozytywny wpływ na bezpieczeństwo. Przeniesienie...
#WBiegu #Binaryformatter #Citrix #Deserializacja #Msmq #Rce
https://sekurak.pl/krytyczna-podatnosc-w-citrix-virtual-apps-and-desktops/
-
Krytyczna podatność w Citrix Virtual Apps and Desktops
Rozwiązania takie jak Citrix Virtual Apps and Desktops pozwalają zmienić paradygmat pracy, dzięki scentralizowanej platformie, która odpowiada za wirtualizację, pracownicy mogą kontynuować wykonywanie swoich zadań od miejsca, w którym je skończyli na zupełnie innym urządzeniu. Centralizacja pozwala na ułatwienie zarządzania czy monitorowania, co może mieć pozytywny wpływ na bezpieczeństwo. Przeniesienie...
#WBiegu #Binaryformatter #Citrix #Deserializacja #Msmq #Rce
https://sekurak.pl/krytyczna-podatnosc-w-citrix-virtual-apps-and-desktops/
-
Krytyczna podatność w Citrix Virtual Apps and Desktops
Rozwiązania takie jak Citrix Virtual Apps and Desktops pozwalają zmienić paradygmat pracy, dzięki scentralizowanej platformie, która odpowiada za wirtualizację, pracownicy mogą kontynuować wykonywanie swoich zadań od miejsca, w którym je skończyli na zupełnie innym urządzeniu. Centralizacja pozwala na ułatwienie zarządzania czy monitorowania, co może mieć pozytywny wpływ na bezpieczeństwo. Przeniesienie...
#WBiegu #Binaryformatter #Citrix #Deserializacja #Msmq #Rce
https://sekurak.pl/krytyczna-podatnosc-w-citrix-virtual-apps-and-desktops/
-
Krytyczna podatność w Citrix Virtual Apps and Desktops
Rozwiązania takie jak Citrix Virtual Apps and Desktops pozwalają zmienić paradygmat pracy, dzięki scentralizowanej platformie, która odpowiada za wirtualizację, pracownicy mogą kontynuować wykonywanie swoich zadań od miejsca, w którym je skończyli na zupełnie innym urządzeniu. Centralizacja pozwala na ułatwienie zarządzania czy monitorowania, co może mieć pozytywny wpływ na bezpieczeństwo. Przeniesienie...
#WBiegu #Binaryformatter #Citrix #Deserializacja #Msmq #Rce
https://sekurak.pl/krytyczna-podatnosc-w-citrix-virtual-apps-and-desktops/
-
Krytyczna podatność w Citrix Virtual Apps and Desktops
Rozwiązania takie jak Citrix Virtual Apps and Desktops pozwalają zmienić paradygmat pracy, dzięki scentralizowanej platformie, która odpowiada za wirtualizację, pracownicy mogą kontynuować wykonywanie swoich zadań od miejsca, w którym je skończyli na zupełnie innym urządzeniu. Centralizacja pozwala na ułatwienie zarządzania czy monitorowania, co może mieć pozytywny wpływ na bezpieczeństwo. Przeniesienie...
#WBiegu #Binaryformatter #Citrix #Deserializacja #Msmq #Rce
https://sekurak.pl/krytyczna-podatnosc-w-citrix-virtual-apps-and-desktops/
-
This took me longer to put together than I'd planned, but here's a gist showing how to use #BinaryFormatter mutation to bypass a #serialization binder: https://gist.github.com/Seibai/d1f52141a800b0538138f9644b855c5f
The binder in this example just outputs the name of each type it sees to the console. During the first deserialization, the only type the binder sees is Tuple<IComparable, Object>. When that object is serialized and then deserialized again though, it becomes a payload that launches calc.
This scenario shows up more often that you might expect: putting an object into ViewState or into a DB or message queue that uses BinaryFormatter can be sufficient for the second, uncontrolled serialization.
-
This took me longer to put together than I'd planned, but here's a gist showing how to use #BinaryFormatter mutation to bypass a #serialization binder: https://gist.github.com/Seibai/d1f52141a800b0538138f9644b855c5f
The binder in this example just outputs the name of each type it sees to the console. During the first deserialization, the only type the binder sees is Tuple<IComparable, Object>. When that object is serialized and then deserialized again though, it becomes a payload that launches calc.
This scenario shows up more often that you might expect: putting an object into ViewState or into a DB or message queue that uses BinaryFormatter can be sufficient for the second, uncontrolled serialization.
-
This took me longer to put together than I'd planned, but here's a gist showing how to use #BinaryFormatter mutation to bypass a #serialization binder: https://gist.github.com/Seibai/d1f52141a800b0538138f9644b855c5f
The binder in this example just outputs the name of each type it sees to the console. During the first deserialization, the only type the binder sees is Tuple<IComparable, Object>. When that object is serialized and then deserialized again though, it becomes a payload that launches calc.
This scenario shows up more often that you might expect: putting an object into ViewState or into a DB or message queue that uses BinaryFormatter can be sufficient for the second, uncontrolled serialization.
-
This took me longer to put together than I'd planned, but here's a gist showing how to use #BinaryFormatter mutation to bypass a #serialization binder: https://gist.github.com/Seibai/d1f52141a800b0538138f9644b855c5f
The binder in this example just outputs the name of each type it sees to the console. During the first deserialization, the only type the binder sees is Tuple<IComparable, Object>. When that object is serialized and then deserialized again though, it becomes a payload that launches calc.
This scenario shows up more often that you might expect: putting an object into ViewState or into a DB or message queue that uses BinaryFormatter can be sufficient for the second, uncontrolled serialization.
-
This took me longer to put together than I'd planned, but here's a gist showing how to use #BinaryFormatter mutation to bypass a #serialization binder: https://gist.github.com/Seibai/d1f52141a800b0538138f9644b855c5f
The binder in this example just outputs the name of each type it sees to the console. During the first deserialization, the only type the binder sees is Tuple<IComparable, Object>. When that object is serialized and then deserialized again though, it becomes a payload that launches calc.
This scenario shows up more often that you might expect: putting an object into ViewState or into a DB or message queue that uses BinaryFormatter can be sufficient for the second, uncontrolled serialization.
-
My talk on implicit and mutation-based #serialization attacks at #NDCSecurity is now up on YouTube: https://www.youtube.com/watch?v=cD3FiTQ5Lhk
The part on #BinaryFormatter mutation, which I'd never discussed before, starts here: https://www.youtube.com/watch?v=cD3FiTQ5Lhk&t=1694s
I plan to post some additional resources associated with that talk in the near future, including some sample code.
-
My talk on implicit and mutation-based #serialization attacks at #NDCSecurity is now up on YouTube: https://www.youtube.com/watch?v=cD3FiTQ5Lhk
The part on #BinaryFormatter mutation, which I'd never discussed before, starts here: https://www.youtube.com/watch?v=cD3FiTQ5Lhk&t=1694s
I plan to post some additional resources associated with that talk in the near future, including some sample code.
-
My talk on implicit and mutation-based #serialization attacks at #NDCSecurity is now up on YouTube: https://www.youtube.com/watch?v=cD3FiTQ5Lhk
The part on #BinaryFormatter mutation, which I'd never discussed before, starts here: https://www.youtube.com/watch?v=cD3FiTQ5Lhk&t=1694s
I plan to post some additional resources associated with that talk in the near future, including some sample code.
-
My talk on implicit and mutation-based #serialization attacks at #NDCSecurity is now up on YouTube: https://www.youtube.com/watch?v=cD3FiTQ5Lhk
The part on #BinaryFormatter mutation, which I'd never discussed before, starts here: https://www.youtube.com/watch?v=cD3FiTQ5Lhk&t=1694s
I plan to post some additional resources associated with that talk in the near future, including some sample code.
-
My talk on implicit and mutation-based #serialization attacks at #NDCSecurity is now up on YouTube: https://www.youtube.com/watch?v=cD3FiTQ5Lhk
The part on #BinaryFormatter mutation, which I'd never discussed before, starts here: https://www.youtube.com/watch?v=cD3FiTQ5Lhk&t=1694s
I plan to post some additional resources associated with that talk in the near future, including some sample code.
-
I'm flying to Norway tomorrow morning for #NDCSecurity .
I'll be talking about #serialization , and much of my talk will resemble the talk I gave at DEFCON last year, though I'm also going to describe a new set of techniques for exploiting #BinaryFormatter .
-
I'm flying to Norway tomorrow morning for #NDCSecurity .
I'll be talking about #serialization , and much of my talk will resemble the talk I gave at DEFCON last year, though I'm also going to describe a new set of techniques for exploiting #BinaryFormatter .
-
I'm flying to Norway tomorrow morning for #NDCSecurity .
I'll be talking about #serialization , and much of my talk will resemble the talk I gave at DEFCON last year, though I'm also going to describe a new set of techniques for exploiting #BinaryFormatter .
-
I'm flying to Norway tomorrow morning for #NDCSecurity .
I'll be talking about #serialization , and much of my talk will resemble the talk I gave at DEFCON last year, though I'm also going to describe a new set of techniques for exploiting #BinaryFormatter .
-
I'm flying to Norway tomorrow morning for #NDCSecurity .
I'll be talking about #serialization , and much of my talk will resemble the talk I gave at DEFCON last year, though I'm also going to describe a new set of techniques for exploiting #BinaryFormatter .