OOM OOM Pow! Deserialization presented at BSidesOklahoma 2018

by Jason Gillam,

Summary : Do you still find object deserialization flaws to be some kind of inexplicable magic that mysteriously results in remote code execution? This talk traces the path of how popular features in Object Oriented languages resulted in these flaws with simplified demonstrations and sample code.