at a Fintech Fun-Time Bug-Bounty Hunter Life-long learner of System Architecture, Networking and Security Creating meme-fied content to educate tech to common people
Structures, Objects, functions into “Byte Streams” that makes it easier for transmission of data and related points. 05 From Bytes to Bug DESERIALIZATION De-serialization is the vice-versa process, to convert “Byte-Streams” data to actual Objects in the exact state as it was serialized
Bytes to Bug This is a “vulnerable” python code for testing Insecure Deserialization vulnerability. I’ve analyzed this code in Dynamic Analysis section This is a “vulnerable” Java code for Insecure Deserialization
pickle.loads marshal shelve Dill/cloudpickle MessagePack/Avro/ Protobuf JAVA ObjectOutputStream ObjectInputStream procedures .ser files Converting POJOs to files/texts in JSON Hessian - Binary web service serialization protocol. FST - Fast Serialization .NET JSON BinaryFormatter System.Text.Json or Newtonsoft.Json XML Serializer SOAP DataContractSerializer/ NetDataContractSerializer BSON - Binary JSON, used in MongoDB MessagePack CBOR - Binary JSON for IoT and constrained environments. Smile - Superset of JSON by AWS with type support and annotations. Amazon Ion - Superset of JSON by AWS with type support and annotations.
target for finding this issue is using user input fields USER INPUT FIELDS Look for how applications handle serialized data within network requests, such as SOAP requests, which can lead to remote code execution if insecure NETWORK REQUESTS From Bytes to Bug INTERNAL COMMUNICATIONS Any internal communication channels where data is serialized and deserialized can be a potential source of vulnerability if the data is not properly validated. THIRD-PARTY LIBRARIES Insecure deserialization can be introduced through third-party libraries, as an attacker can exploit gadget chains that exist within those libraries
- LOOK FOR EXACT FUNCTION/CLASS NAME From Bytes to Bug TAG SOURCE LOCATIONS - WHERE DATA COMES FROM BUILD TAINT/ DATAFLOW MAPS START RISK SCORING CONFIRM WITH LIGHTWEIGHT MANUAL REVIEW AUTOMATE DETECTION IN CI GENERATE A FOCUSED SEMGREP RULE PACK
Analysis :- Take the file and create a working folder Open the file and check for: direct calls to pickle.loads, pickle.load, pickle.loads(...) etc. calls that construct objects from external input methods that look like deserialization hooks: __setstate__, __reduce__, __getstate__, readObject (Java), ISerializable constructors (C# — not applicable here) any yaml.load, marshal.loads run Bandit (Python Scanner) run Ruff (linting) / Pyflakes / MyPy run Semgrep with a focused rule (yaml) AST-based scanner for obfuscated codes
colocated). Creates the "victim" pickle using demo.make_victim_pickle() Disassembles the pickle with pickletools.dis() so you can inspect GLOBAL opcodes. Uses a LoggingUnpickler (subclass of pickle.Unpickler) that logs every class name requested via find_class during unpickling. Temporarily monkeypatches pickle.loads to log caller stack trace when called (detects where unpickling occurs in code). Runs the vulnerable_deserialize() to observe logging + the harmless side-effect. Demonstrates a safe_unpickle_with_allowlist() wrapper which rejects unknown classes
script that works when ysoserial fails. Ysoserial generally fails to comply directly for finding insecure deserializations, for the parameter of Collections. Plus, ysosrial directly helps .exe formats more than .jar formats.
serialized blob from clients/networks; only accept structured data (JSON/protobuf) from untrusted sources. Use safe formats & DTOs - replace pickle/Java native serialization/ BinaryFormatter with JSON, protobuf, or explicit DTO objects and parse into validated types. Allowlist types — never blacklist - meaning, enforce an explicit allowlist in your deserializer (ObjectInputFilter for Java, custom Unpickler for Python, KnownTypes/binder for .NET) and reject everything else. Disable polymorphic type loading - turn off Jackson default typing / Newtonsoft $type handling / TypeNameHandling; if polymorphism is needed, register explicit subtypes only. From Bytes to Bug
or sign (RSA/ECDSA) all serialized payloads; verify signature BEFORE deserializing. Sandbox deserialization- run any unavoidable deserialization in a minimal- privilege process/container with no network, restricted filesystem, and resource limits (CPU/memory/pids). Remove/replace dangerous libs & APIs - eliminate pickle, yaml.load (use yaml.safe_load), BinaryFormatter, ObjectInputStream on network input — update to safe libs and latest versions. Log + monitor deserialization events - instrument deserializers to log caller stack, source IP, payload hash, and requested types; alert when unknown/ critical classes are requested. Build CI gates & tests - add Semgrep/Bandit rules and unit tests that fail builds on pickle.loads, yaml.load, ObjectInputStream reads from sockets, or new __setstate__/readObject hooks. From Bytes to Bug
Untrusted Sources 3.fingerprint Serialization formats 4.Inspect Libraries and Dependencies 5.Look for “Dynamic” Deserialization From Bytes to Bug 6. Try to Safe-Unsafe transformation 7. analyze Type and Property Handling 8. Test Edge Cases and Serialization limits 9. Monitor Error Messages and Responses 10. Automate and Fuzz Globally Python: pickle.loads, pickle.load, yaml.load, marshal.loads Java: ObjectInputStream, XMLDecoder, enableDefaultTyping() (Jackson) .NET: BinaryFormatter.Deserialize, NetDataContractSerializer Generic: dynamic factory lookups using class names in input (globals()[name], Class.forName, $type in JSON)
infosecresearcher
sonatard
maltzj
bermonpainter
tammyeverts
jnunemaker
holman
honnibal
paigeccino
jmmastey
tanoku
sachag
bluesmoon
