The vulnerabilities exploited by Praying Mantis target deserialization implementations in ASP.NET, an open-source framework for developing web apps that are hosted on Windows IIS web servers.