Tuesday
Room 2
16:20 - 17:20
(UTC+01)
Talk (60 min)
From JSON to RCE: Modern .NET Serialization Attacks
Serialization vulnerabilities remain the #1 attack vector against .NET applications, accounting for 43% of critical CVEs in 2024. Even with BinaryFormatter removed in .NET 9, serialization attacks are evolving, not disappearing. From JSON.NET TypeNameHandling exploits to ViewState weaponization.
We'll explore the complete landscape of modern .NET serialization attacks. Through live demonstrations and vulnerable code examples, you'll learn to recognize dangerous patterns, understand how attackers craft exploit payloads, and implement secure serialization practices. We'll go beyond the usual warnings to explore modern attack vectors in System.Text.Json, gRPC, and cloud-native scenarios.
Hampton Paulk
The bio you expect:
Hampton has over 25 years of experience in code and over 10 years creating technical content spanning software development, data engineering, cybersecurity, and AI/ML. As a Principal Author and Researcher for Pluralsight he's developed content for OpenAI and Anthropic, with his latest area of focus being ethics, issues, and regulation of deep learning models, including generative AI.
The bio you want:
Hampton is an old fart dev that works with what's new and uses it to educate others and break things. Hey pays the bills by making content full time for Pluralsight. You're bound to learn something - likely through hands on examples and subjective opinion. He's an acquired taste, sweet on the inside with a stoic-ish exterior.