Java-Deserialization-Cheat-Sheet Logo

Java-Deserialization-Cheat-Sheet

0
Free
Resources
java
deserialization
vulnerability
pentesting
research
Visit Website

A cheat sheet for pentesters and researchers about deserialization vulnerabilities in various Java (JVM) serialization libraries. Table of content: Java Native Serialization (binary) Overview, Main talks & presentations & docs, Payload generators, Exploits, Detect Vulnerable apps (without public sploits/need more info), Protection. For Android: XMLEncoder (XML), XStream (XML/JSON/various), Kryo (binary), Hessian/Burlap (binary/XML), Castor (XML), json-io (JSON), Jackson (JSON), Fastjson (JSON), Genson (JSON), Flexjson (JSON), Jodd (JSON), Red5 IO AMF (AMF), Apache Flex BlazeDS (AMF), Flamingo AMF (AMF), GraniteDS (AMF), WebORB for Java (AMF), SnakeYAML (YAML), jYAML (YAML), YamlBeans (YAML). "Safe" deserialization. Java Deserialization Security FAQ From Foxgloves Security. Main talks & presentations & docs. Marshalling Pickles by @frohoff & @gebl. Video Slides. Other stuff. Exploiting Deserialization Vulnerabilities in Java by @matthias_kaiser. Video. Serial Killer: Silently Pwning Your Java Endpoints by @pwntester & @cschneider4711. Slides. White Paper. Bypass Gadget Collection. Deserialize My Shorts.

FEATURES

ALTERNATIVES

GreHack 2018 Conference Videos Logo
GreHack 2018 Conference Videos

Collection of cybersecurity conference videos from GreHack 2018 covering various cutting-edge topics.

Free
Resources
Pass the Hash Guidance Logo
Pass the Hash Guidance

Project hosting scripts for implementing Pass the Hash mitigations with PtHTools module commands.

Free
Resources
Apple Silicon Mac Security Guide Logo
Apple Silicon Mac Security Guide

Enhance the security and privacy of Apple silicon Mac computers with incremental changes and user capability.

Free
Resources
pwntools-write-ups Logo
pwntools-write-ups

A collection of CTF write-ups using pwntools

Free
Resources
Snap7 Homepage Logo
Snap7 Homepage

Website providing information on Snap7 open-source communication library.

Free
Resources
CompTIA Security+ Logo
CompTIA Security+

Validate baseline cybersecurity skills with CompTIA Security+ certification.

Free
Resources
Splunk Boss of the SOC Logo
Splunk Boss of the SOC

Blue-team capture the flag competition for improving cybersecurity skills.

Free
Resources
SSL/TLS Vulnerability Cheat Sheet Logo
SSL/TLS Vulnerability Cheat Sheet

A comprehensive guide to SSL/TLS vulnerabilities and vulnerable cipher suites.

Free
Resources

PINNED

InfoSecHired Logo

InfoSecHired

An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.

Commercial
Resources
Mandos Brief Newsletter Logo

Mandos Brief Newsletter

A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.

Free
Resources
Kriptos Logo

Kriptos

An AI-driven data classification and governance platform that automatically discovers, analyzes, and labels sensitive information while providing risk management and compliance capabilities.

Commercial
Data Protection
System Two Security Logo

System Two Security

An AI-powered platform that automates threat hunting and analysis by processing cyber threat intelligence and generating customized hunt packages for SOC teams.

Commercial
Security Operations
Aikido Security Logo

Aikido Security

Aikido is an all-in-one security platform that combines multiple security scanning and management functions for cloud-native applications and infrastructure.

Commercial
Application Security
Permiso Logo

Permiso

Permiso is an Identity Threat Detection and Response platform that provides comprehensive visibility and protection for identities across multiple cloud environments.

Commercial
IAM
Wiz Logo

Wiz

Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.

Commercial
Cloud Security
Adversa AI Logo

Adversa AI

Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.

Commercial
AI Security