VBSDeserialization
VBScript .NET BinaryFormatter deserialization exploit. TextFormattingRunProperties ysoserial.net gadget chain. ObjectDataProvider XAML injection for RCE. Base64-chunked via Public Function obfuscation. System.Workflow.ComponentModel gadget. xABCDEFG obfuscated filename.
Threat Profile
Type
Exploit
Programming LanguageVBScript
C2 ProtocolLocal/Network
First Seen2024
Targets
Küresel
Purpose / Capabilities
- Deserialization RCE/Code Execution
No C2 servers have been identified for this family yet.
Research Reports (1)
VBSDeserialization 8d610d90 -- VBScript Base64 Parca Fonksiyonlari NET Seri Cozme Gadget Microsoft TextFormattingRunProperties ysoserial Sifir Click RCE | Yuksek
VBSDeserialization 8d610d90 ASCII text 237KB VBScript. Base64 parca fonksiyonlari (enddealthem pilotshotluck vs). NET seri cozme gadget TextFormattingRunProperties ysoserial RCE. Sifir click.
Read Report →