serialization
Java Serialisation – the gift that keeps on taking (Part 3)
In the previous post we  examine particular Java Serialisation characteristics and design points that had a few unexpected consequences. In this post we'll explore more around exploiting serialisation datastreams. How it's possible to ...
Java Serialization. The gift that keeps on taking. Part 1
Hands up who has heard of Log4Shell? No? If you’re a Java developer and this term isn’t familiar to you then you might want to google it right now. We’ll wait ...
Serialization: Protecting Enterprise Critical Applications
Enterprise organizations have built much of their foundations on Oracle’s WebLogic servers. As ubiquitous as they are, it’s no wonder that they are often the target of sophisticated attacks aimed at harvesting ...
Understanding ysoserial’s CommonsCollections1 exploit
Last year, ysoserial was released by frohoff and gebl. It is a fantastic piece of work. The tool provides options to generate several different types of serialized objects, which when deserialized, can result ...
