dRuby Security Internals

Explore the security vulnerabilities of dRuby, a distributed object system for Ruby, in this comprehensive conference talk. Delve into the inner workings of dRuby, its API, and underlying wire protocol to uncover previously unknown security risks. Learn about novel exploitation techniques targeting both dRuby servers and clients, and discover why dRuby is even more insecure than previously thought. Examine efforts to harden dRuby against identified issues and consider the implications of exploiting dRuby-based services for honeypotting. Gain insights from security experts Jeff Dileo and Addison Amiri as they share their findings on this critical aspect of Ruby security.

NSEC2021 - Jeff Dileo and Addison Amiri - dRuby Security Internals