In this talk Mohammed will discuss, analyze and demo Deserialization vulnerabilities and exploits in multiple programming languages, including analysis of some high profile vulnerabilities like CVE-2019-0604.
Mohammed will discuss deserialization attacks in dotnet, Java, python and php, with live demos and analysis of real world vulnerabilities, as well as showcasing tools to exploit such vulnerabilities, like yososerial, Desharialize and others.