Hunting Deserialization Vulnerabilities With Claude

This blog post shows how to build an MCP server to let an LLM decompile and analyze .NET assemblies, finds a known unsafe deserialization vulnerability in System.AddIn.dll referenced by AddinUtil.exe, and details generating and debugging a working proof-of-concept exploit (including a pipelineroot attack path that ultimately launches calc.exe), while noting required file-structure conditions and limitations of the exploit.