More research on .NET deserialization

View whitepaper’s PDF

I have recently published a whitepaper and a blog post as part of work research in NCC Group’s website. A number of plugins have also been added to the ysoserial.net project.

The whitepaper can aid security researchers as well as developers to find more deserialisation issues in .NET applications by identifying built-in methods or classes that can be abused in this process.

In the blog post, I have also explained one of the most interesting findings of the research with which code could be executed upon pasting an object from the clipboard: