Java-Deserialization-Cheat-Sheet Logo

Java-Deserialization-Cheat-Sheet

0
Free
Visit Website

A cheat sheet for pentesters and researchers about deserialization vulnerabilities in various Java (JVM) serialization libraries. Table of content: Java Native Serialization (binary) Overview, Main talks & presentations & docs, Payload generators, Exploits, Detect Vulnerable apps (without public sploits/need more info), Protection. For Android: XMLEncoder (XML), XStream (XML/JSON/various), Kryo (binary), Hessian/Burlap (binary/XML), Castor (XML), json-io (JSON), Jackson (JSON), Fastjson (JSON), Genson (JSON), Flexjson (JSON), Jodd (JSON), Red5 IO AMF (AMF), Apache Flex BlazeDS (AMF), Flamingo AMF (AMF), GraniteDS (AMF), WebORB for Java (AMF), SnakeYAML (YAML), jYAML (YAML), YamlBeans (YAML). "Safe" deserialization. Java Deserialization Security FAQ From Foxgloves Security. Main talks & presentations & docs. Marshalling Pickles by @frohoff & @gebl. Video Slides. Other stuff. Exploiting Deserialization Vulnerabilities in Java by @matthias_kaiser. Video. Serial Killer: Silently Pwning Your Java Endpoints by @pwntester & @cschneider4711. Slides. White Paper. Bypass Gadget Collection. Deserialize My Shorts.

FEATURES

ALTERNATIVES

An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.

Commercial

Free cyber security training and resources for career development.

Cybersecurity industry portal offering articles, tools, and resources.

A repository aiming to archive all Android security presentations and whitepapers from conferences.

The SOC Academy offers official VirusTotal certification courses to help cybersecurity professionals maximize its functionalities and advance their careers.

A game packed with real-life examples of how not to store secrets in software, with 46 challenges to solve.

Comprehensive endpoint protection platform providing unified visibility and security for cloud workloads, endpoints, and containers.

A practical guide to developing a comprehensive security monitoring and incident response strategy, covering incident response fundamentals, threat analysis, and data analysis.