recentpopularlog in

whip_lash : deserialization   5
Favorite tweet:

There has been some really awesome .NET research done recently, this whitepaper is a great reference when you come across .NET deserialization bugs/when code auditing. Machines running .NET have just become so much easier to own:

— shubs (@infosec_au) April 4, 2019
dotnet  webapp  pentest  deserialization 
6 weeks ago by whip_lash
Oracle Plans to Drop Java Serialization Support, the Source of Most Security Bugs
Oracle plans to drop support for data serialization/deserialization from the main body of the Java language
java  deserialization 
may 2018 by whip_lash
Attacking Java Deserialization | NickstaDB
In this blog post I’ll attempt to clear up some confusion around deserialization vulnerabilities and hopefully lower the bar to entry in exploiting them using readily available tools. I’ll be focusing on Java, however the same concepts apply to other languages. I’ll also be focusing on command execution exploits in order to keep things simple.
java  pentesting  webapp  deserialization 
may 2018 by whip_lash

Copy this bookmark:

to read