How I Used a JSON Deserialization 0day to Steal Your Money on the Blockchain
Offered By: Black Hat via YouTube
Course Description
Overview
Explore a Black Hat conference talk that delves into exploiting a JSON deserialization vulnerability in Fastjson, a popular open-source JSON parser. Learn how the speakers bypassed security checks and mitigations by leveraging inheritance processes of basic classes to achieve remote code execution. Discover the step-by-step process, from introduction and demo to visualizing the serialized process, autotype support and bypass, magic method derivation, JSONpath, GenTron, and ReadWriteLevelDB. Gain insights into post-penetration techniques and understand the potential impact on blockchain security and financial transactions.
Syllabus
Introduction
Demo
Visualizing the serialized process
Autotype support
Autotype bypass
Magic Method
Derivation
JSONpath
Gen
Tron
ReadWrite
LevelDB
Red File
Read Files
Post Penetration
Taught by
Black Hat
Related Courses
Computer SecurityStanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network