Java-Deserialization-Cheat-Sheet Logo

Java-Deserialization-Cheat-Sheet

0
Free
Visit Website

A cheat sheet for pentesters and researchers about deserialization vulnerabilities in various Java (JVM) serialization libraries. Table of content: Java Native Serialization (binary) Overview, Main talks & presentations & docs, Payload generators, Exploits, Detect Vulnerable apps (without public sploits/need more info), Protection. For Android: XMLEncoder (XML), XStream (XML/JSON/various), Kryo (binary), Hessian/Burlap (binary/XML), Castor (XML), json-io (JSON), Jackson (JSON), Fastjson (JSON), Genson (JSON), Flexjson (JSON), Jodd (JSON), Red5 IO AMF (AMF), Apache Flex BlazeDS (AMF), Flamingo AMF (AMF), GraniteDS (AMF), WebORB for Java (AMF), SnakeYAML (YAML), jYAML (YAML), YamlBeans (YAML). "Safe" deserialization. Java Deserialization Security FAQ From Foxgloves Security. Main talks & presentations & docs. Marshalling Pickles by @frohoff & @gebl. Video Slides. Other stuff. Exploiting Deserialization Vulnerabilities in Java by @matthias_kaiser. Video. Serial Killer: Silently Pwning Your Java Endpoints by @pwntester & @cschneider4711. Slides. White Paper. Bypass Gadget Collection. Deserialize My Shorts.

FEATURES

ALTERNATIVES

An evolving how-to guide for securing a Linux server with detailed steps and explanations.

A website for information on Linux and BSD distributions.

CloudGoat is a 'Vulnerable by Design' AWS deployment tool for honing cloud cybersecurity skills through 'capture-the-flag' style scenarios.

A comprehensive guide to memory forensics, covering tools, techniques, and procedures for analyzing volatile memory.

A vulnerable web application for learning about web application vulnerabilities and writing secure code.

A collection of computer science courses with video lectures covering a wide range of topics.

A comprehensive and immersive 13-week course by NYU Tandon's OSIRIS Lab introducing students to offensive security with practical applications and research projects.

A comprehensive guide to mobile application penetration testing, covering various topics and techniques